JS: Limit expression and statement nesting level

This is to prevent extremely deeply nested expressions and statements make the code-generator run out of (native) stack space. Task-number: QTBUG-71087 Change-Id: I8e1a20a361bff3e49101e535754546475a63ca18 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
author: Erik Verbruggen <erik.verbruggen@qt.io> 2018-10-11 13:33:08 +0200
committer: Erik Verbruggen <erik.verbruggen@qt.io> 2018-11-29 08:43:19 +0000
commit: 597ce09c7a1d8b89e9473faae900321ef2d4181d (patch)
tree: 0a64a17098ad83d5b83ccae836b1d5bbe26d8079 /src/qml/compiler/qv4compilerscanfunctions.cpp
parent: e7d19a2a0fcbec38b7e132634d0ebe79b772c61b (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/src/qml/compiler/qv4compilerscanfunctions.cpp b/src/qml/compiler/qv4compilerscanfunctions.cpp
index 2026e64929..fc3ac769ae 100644
--- a/src/qml/compiler/qv4compilerscanfunctions.cpp
+++ b/src/qml/compiler/qv4compilerscanfunctions.cpp
@@ -96,6 +96,25 @@ void ScanFunctions::leaveEnvironment()
     _context = _contextStack.isEmpty() ? nullptr : _contextStack.top();
 }
 
+bool ScanFunctions::preVisit(Node *ast)
+{
+    if (_cg->hasError)
+        return false;
+    ++_recursionDepth;
+
+    if (_recursionDepth > 1000) {
+        _cg->throwSyntaxError(ast->lastSourceLocation(), QStringLiteral("Maximum statement or expression depth exceeded"));
+        return false;
+    }
+
+    return true;
+}
+
+void ScanFunctions::postVisit(Node *)
+{
+    --_recursionDepth;
+}
+
 void ScanFunctions::checkDirectivePrologue(StatementList *ast)
 {
     for (StatementList *it = ast; it; it = it->next) {
author	Erik Verbruggen <erik.verbruggen@qt.io>	2018-10-11 13:33:08 +0200
committer	Erik Verbruggen <erik.verbruggen@qt.io>	2018-11-29 08:43:19 +0000
commit	597ce09c7a1d8b89e9473faae900321ef2d4181d (patch)
tree	0a64a17098ad83d5b83ccae836b1d5bbe26d8079 /src/qml/compiler/qv4compilerscanfunctions.cpp
parent	e7d19a2a0fcbec38b7e132634d0ebe79b772c61b (diff)