diff options
author | Lars Knoll <lars.knoll@digia.com> | 2013-11-11 11:22:24 +0100 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2013-11-18 11:05:25 +0100 |
commit | 965878e88a9211b6995d57fddccf22ed365a9772 (patch) | |
tree | 9a1420b21c307e263c6f5ee269d08c8f14fdcdec /src/qml/jsruntime/qv4engine_p.h | |
parent | a5d0ed01c8cbda9d6ec7e1a30b3f1266d3a277f8 (diff) |
Limit the amount of memory we allocate on the stack
Setup limits for both the C and the JS stack, and check
them before entering functions. If we run out of space,
throw a RangeError exception.
Be careful and recheck the stack bounds when things go
outside. This catches the case where the engine got
moved to another thread changing the stack boundaries.
Windows currently uses an unsafe fallback implementation,
this needs to be fixed later on.
Task-number: QTBUG-34568
Change-Id: I22fbcbec57b28f9cc8a49e12f1cc6e53e4f07888
Reviewed-by: Erik Verbruggen <erik.verbruggen@digia.com>
Reviewed-by: Gunnar Sletta <gunnar.sletta@digia.com>
Diffstat (limited to 'src/qml/jsruntime/qv4engine_p.h')
-rw-r--r-- | src/qml/jsruntime/qv4engine_p.h | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/qml/jsruntime/qv4engine_p.h b/src/qml/jsruntime/qv4engine_p.h index 2df148a4a8..b4972904ee 100644 --- a/src/qml/jsruntime/qv4engine_p.h +++ b/src/qml/jsruntime/qv4engine_p.h @@ -113,6 +113,12 @@ class RegExpCache; struct QmlExtensions; struct Exception; +#define CHECK_STACK_LIMITS(v4) \ + if ((v4->jsStackTop <= v4->jsStackLimit) && (reinterpret_cast<quintptr>(&v4) >= v4->cStackLimit || v4->recheckCStackLimits())) {} \ + else \ + return v4->current->throwRangeError(QStringLiteral("Maximum call stack size exceeded.")) + + struct Q_QML_EXPORT ExecutionEngine { MemoryManager *memoryManager; @@ -123,11 +129,15 @@ struct Q_QML_EXPORT ExecutionEngine ExecutionContext *current; GlobalContext *rootContext; + SafeValue *jsStackTop; + SafeValue *jsStackLimit; + quintptr cStackLimit; + WTF::BumpPointerAllocator *bumperPointerAllocator; // Used by Yarr Regex engine. + enum { JSStackLimit = 4*1024*1024 }; WTF::PageAllocation *jsStack; SafeValue *jsStackBase; - SafeValue *jsStackTop; SafeValue *stackPush(uint nValues) { SafeValue *ptr = jsStackTop; @@ -329,6 +339,8 @@ struct Q_QML_EXPORT ExecutionEngine QmlExtensions *qmlExtensions(); + bool recheckCStackLimits(); + // Exception handling SafeValue exceptionValue; quint32 hasException; |