diff options
author | Erik Verbruggen <erik.verbruggen@qt.io> | 2018-10-11 13:33:08 +0200 |
---|---|---|
committer | Erik Verbruggen <erik.verbruggen@qt.io> | 2018-11-29 08:43:19 +0000 |
commit | 597ce09c7a1d8b89e9473faae900321ef2d4181d (patch) | |
tree | 0a64a17098ad83d5b83ccae836b1d5bbe26d8079 /src/qml/compiler/qv4codegen_p.h | |
parent | e7d19a2a0fcbec38b7e132634d0ebe79b772c61b (diff) |
JS: Limit expression and statement nesting level
This is to prevent extremely deeply nested expressions and statements
make the code-generator run out of (native) stack space.
Task-number: QTBUG-71087
Change-Id: I8e1a20a361bff3e49101e535754546475a63ca18
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
Diffstat (limited to 'src/qml/compiler/qv4codegen_p.h')
-rw-r--r-- | src/qml/compiler/qv4codegen_p.h | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/qml/compiler/qv4codegen_p.h b/src/qml/compiler/qv4codegen_p.h index 0bc04750f7..289728f505 100644 --- a/src/qml/compiler/qv4codegen_p.h +++ b/src/qml/compiler/qv4codegen_p.h @@ -761,6 +761,31 @@ protected: bool _onoff; }; + class RecursionDepthCheck { + public: + RecursionDepthCheck(Codegen *cg, const AST::SourceLocation &loc) + : _cg(cg) + { +#ifdef QT_NO_DEBUG + const int depthLimit = 4000; // limit to ~1000 deep +#else + const int depthLimit = 1000; // limit to ~250 deep +#endif // QT_NO_DEBUG + + ++_cg->_recursionDepth; + if (_cg->_recursionDepth > depthLimit) + _cg->throwSyntaxError(loc, QStringLiteral("Maximum statement or expression depth exceeded")); + } + + ~RecursionDepthCheck() + { --_cg->_recursionDepth; } + + private: + Codegen *_cg; + }; + int _recursionDepth = 0; + friend class RecursionDepthCheck; + private: VolatileMemoryLocations scanVolatileMemoryLocations(AST::Node *ast) const; void handleConstruct(const Reference &base, AST::ArgumentList *args); |