From 597ce09c7a1d8b89e9473faae900321ef2d4181d Mon Sep 17 00:00:00 2001
From: Erik Verbruggen <erik.verbruggen@qt.io>
Date: Thu, 11 Oct 2018 13:33:08 +0200
Subject: JS: Limit expression and statement nesting level

This is to prevent extremely deeply nested expressions and statements
make the code-generator run out of (native) stack space.

Task-number: QTBUG-71087
Change-Id: I8e1a20a361bff3e49101e535754546475a63ca18
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/compiler/qv4codegen_p.h | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'src/qml/compiler/qv4codegen_p.h')

diff --git a/src/qml/compiler/qv4codegen_p.h b/src/qml/compiler/qv4codegen_p.h
index 0bc04750f7..289728f505 100644
--- a/src/qml/compiler/qv4codegen_p.h
+++ b/src/qml/compiler/qv4codegen_p.h
@@ -761,6 +761,31 @@ protected:
         bool _onoff;
     };
 
+    class RecursionDepthCheck {
+    public:
+        RecursionDepthCheck(Codegen *cg, const AST::SourceLocation &loc)
+            : _cg(cg)
+        {
+#ifdef QT_NO_DEBUG
+            const int depthLimit = 4000; // limit to ~1000 deep
+#else
+            const int depthLimit = 1000; // limit to ~250 deep
+#endif // QT_NO_DEBUG
+
+            ++_cg->_recursionDepth;
+            if (_cg->_recursionDepth > depthLimit)
+                _cg->throwSyntaxError(loc, QStringLiteral("Maximum statement or expression depth exceeded"));
+        }
+
+        ~RecursionDepthCheck()
+        { --_cg->_recursionDepth; }
+
+    private:
+        Codegen *_cg;
+    };
+    int _recursionDepth = 0;
+    friend class RecursionDepthCheck;
+
 private:
     VolatileMemoryLocations scanVolatileMemoryLocations(AST::Node *ast) const;
     void handleConstruct(const Reference &base, AST::ArgumentList *args);
-- 
cgit v1.2.3