shithub: riscv

Download patch

ref: 21831527cb77e6b4892e0fcd08bbc7a31f8d9098
parent: 380adf8b485ce93aa42ad0d414718c3ad4918176
author: Ori Bernstein <[email protected]>
date: Sun Apr 19 05:02:21 EDT 2020

dont overflow the stack

when pushing expressions in cpp, particularly complex ones could
overflow the stack and silently corrupt our data structures. add
checks when we push, and bump the stack size up.

--- a/sys/src/cmd/cpp/eval.c
+++ b/sys/src/cmd/cpp/eval.c
@@ -2,7 +2,7 @@
 #include <libc.h>
 #include "cpp.h"
 
-#define	NSTAK	32
+#define	NSTAK	128
 #define	SGN	0
 #define	UNS	1
 #define	UND	2
@@ -136,6 +136,8 @@
 		case STRING:
 			if (rand)
 				goto syntax;
+			if(vp == vals + NSTAK)
+				goto fullstakdeveloper;
 			*vp++ = tokval(tp);
 			rand = 1;
 			continue;
@@ -146,6 +148,8 @@
 		case NOT:
 			if (rand)
 				goto syntax;
+			if(op == ops + NSTAK)
+				goto fullstakdeveloper;
 			*op++ = tp->type;
 			continue;
 
@@ -152,6 +156,8 @@
 		/* unary-binary */
 		case PLUS: case MINUS: case STAR: case AND:
 			if (rand==0) {
+				if(op == ops + NSTAK)
+					goto fullstakdeveloper;
 				if (tp->type==MINUS)
 					*op++ = UMINUS;
 				if (tp->type==STAR || tp->type==AND) {
@@ -171,6 +177,8 @@
 				goto syntax;
 			if (evalop(priority[tp->type])!=0)
 				return 0;
+			if(op == ops + NSTAK)
+				goto fullstakdeveloper;
 			*op++ = tp->type;
 			rand = 0;
 			continue;
@@ -178,6 +186,8 @@
 		case LP:
 			if (rand)
 				goto syntax;
+			if(op == ops + NSTAK)
+				goto fullstakdeveloper;
 			*op++ = LP;
 			continue;
 
@@ -211,6 +221,9 @@
 syntax:
 	error(ERROR, "Syntax error in #if/#elif");
 	return 0;
+fullstakdeveloper:
+	error(ERROR, "Out of stack space evaluating #if");
+	return 0;
 }
 
 int
@@ -375,6 +388,10 @@
 		}
 		v1.val = rv1;
 		v1.type = rtype;
+		if(op == ops + NSTAK){
+			error(ERROR, "Out of stack space evaluating #if");
+			return 0;
+		}
 		*vp++ = v1;
 	}
 	return 0;