From 597ce09c7a1d8b89e9473faae900321ef2d4181d Mon Sep 17 00:00:00 2001
From: Erik Verbruggen <erik.verbruggen@qt.io>
Date: Thu, 11 Oct 2018 13:33:08 +0200
Subject: JS: Limit expression and statement nesting level

This is to prevent extremely deeply nested expressions and statements
make the code-generator run out of (native) stack space.

Task-number: QTBUG-71087
Change-Id: I8e1a20a361bff3e49101e535754546475a63ca18
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/parser/qqmljs.g | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/qml/parser')

diff --git a/src/qml/parser/qqmljs.g b/src/qml/parser/qqmljs.g
index 6549e5bfa3..860a4e999e 100644
--- a/src/qml/parser/qqmljs.g
+++ b/src/qml/parser/qqmljs.g
@@ -614,8 +614,16 @@ bool Parser::parse(int startToken)
     program = 0;
 
     do {
-        if (++tos == stack_size)
+        if (++tos == stack_size) {
             reallocateStack();
+            if (stack_size > 10000) {
+                // We're now in some serious right-recursive stuff, which will probably result in
+                // an AST that's so deep that recursively visiting it will run out of stack space.
+                const QString msg = QCoreApplication::translate("QQmlParser", "Maximum statement or expression depth exceeded");
+                diagnostic_messages.append(DiagnosticMessage(DiagnosticMessage::Error, token_buffer[0].loc, msg));
+                return false;
+            }
+        }
 
         state_stack[tos] = action;
 
-- 
cgit v1.2.3