ref: 21831527cb77e6b4892e0fcd08bbc7a31f8d9098
parent: 380adf8b485ce93aa42ad0d414718c3ad4918176
author: Ori Bernstein <[email protected]>
date: Sun Apr 19 05:02:21 EDT 2020
dont overflow the stack when pushing expressions in cpp, particularly complex ones could overflow the stack and silently corrupt our data structures. add checks when we push, and bump the stack size up.
--- a/sys/src/cmd/cpp/eval.c
+++ b/sys/src/cmd/cpp/eval.c
@@ -2,7 +2,7 @@
#include <libc.h>
#include "cpp.h"
-#define NSTAK 32
+#define NSTAK 128
#define SGN 0
#define UNS 1
#define UND 2
@@ -136,6 +136,8 @@
case STRING:
if (rand)
goto syntax;
+ if(vp == vals + NSTAK)
+ goto fullstakdeveloper;
*vp++ = tokval(tp);
rand = 1;
continue;
@@ -146,6 +148,8 @@
case NOT:
if (rand)
goto syntax;
+ if(op == ops + NSTAK)
+ goto fullstakdeveloper;
*op++ = tp->type;
continue;
@@ -152,6 +156,8 @@
/* unary-binary */
case PLUS: case MINUS: case STAR: case AND:
if (rand==0) {
+ if(op == ops + NSTAK)
+ goto fullstakdeveloper;
if (tp->type==MINUS)
*op++ = UMINUS;
if (tp->type==STAR || tp->type==AND) {
@@ -171,6 +177,8 @@
goto syntax;
if (evalop(priority[tp->type])!=0)
return 0;
+ if(op == ops + NSTAK)
+ goto fullstakdeveloper;
*op++ = tp->type;
rand = 0;
continue;
@@ -178,6 +186,8 @@
case LP:
if (rand)
goto syntax;
+ if(op == ops + NSTAK)
+ goto fullstakdeveloper;
*op++ = LP;
continue;
@@ -211,6 +221,9 @@
syntax:
error(ERROR, "Syntax error in #if/#elif");
return 0;
+fullstakdeveloper:
+ error(ERROR, "Out of stack space evaluating #if");
+ return 0;
}
int
@@ -375,6 +388,10 @@
}
v1.val = rv1;
v1.type = rtype;
+ if(op == ops + NSTAK){
+ error(ERROR, "Out of stack space evaluating #if");
+ return 0;
+ }
*vp++ = v1;
}
return 0;