JS: Limit expression and statement nesting level

This is to prevent extremely deeply nested expressions and statements make the code-generator run out of (native) stack space. Task-number: QTBUG-71087 Change-Id: I8e1a20a361bff3e49101e535754546475a63ca18 Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
author: Erik Verbruggen <erik.verbruggen@qt.io> 2018-10-11 13:33:08 +0200
committer: Erik Verbruggen <erik.verbruggen@qt.io> 2018-11-29 08:43:19 +0000
commit: 597ce09c7a1d8b89e9473faae900321ef2d4181d (patch)
tree: 0a64a17098ad83d5b83ccae836b1d5bbe26d8079 /src/qml/parser/qqmljs.g
parent: e7d19a2a0fcbec38b7e132634d0ebe79b772c61b (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/qml/parser/qqmljs.g b/src/qml/parser/qqmljs.g
index 6549e5bfa3..860a4e999e 100644
--- a/src/qml/parser/qqmljs.g
+++ b/src/qml/parser/qqmljs.g
@@ -614,8 +614,16 @@ bool Parser::parse(int startToken)
     program = 0;
 
     do {
-        if (++tos == stack_size)
+        if (++tos == stack_size) {
             reallocateStack();
+            if (stack_size > 10000) {
+                // We're now in some serious right-recursive stuff, which will probably result in
+                // an AST that's so deep that recursively visiting it will run out of stack space.
+                const QString msg = QCoreApplication::translate("QQmlParser", "Maximum statement or expression depth exceeded");
+                diagnostic_messages.append(DiagnosticMessage(DiagnosticMessage::Error, token_buffer[0].loc, msg));
+                return false;
+            }
+        }
 
         state_stack[tos] = action;
author	Erik Verbruggen <erik.verbruggen@qt.io>	2018-10-11 13:33:08 +0200
committer	Erik Verbruggen <erik.verbruggen@qt.io>	2018-11-29 08:43:19 +0000
commit	597ce09c7a1d8b89e9473faae900321ef2d4181d (patch)
tree	0a64a17098ad83d5b83ccae836b1d5bbe26d8079 /src/qml/parser/qqmljs.g
parent	e7d19a2a0fcbec38b7e132634d0ebe79b772c61b (diff)