LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-12-28 21:54:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

Shell: Error out when an expression is nested too deep

Browse Source 
That can happen with too many nested parenthesis, for instance.
This commit sets the maximum allowed limit to 2048 (seems relatively
safe for normal code).
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28105&q=label%3AProj-serenity
This commit is contained in:
AnotherTest 2020-11-30 17:32:48 +03:30 committed by Andreas Kling
parent 6394720c87
commit 50b7122798
Notes: sideshowbarker 2024-07-19 01:08:39 +09:00 
Author: https://github.com/alimpfard
Commit: https://github.com/SerenityOS/serenity/commit/50b7122798e
Pull-request: https://github.com/SerenityOS/serenity/pull/4272
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shell/Parser.cpp
View File

@ -959,6 +959,9 @@ RefPtr<AST::Node> Parser::parse_list_expression()
RefPtr<AST::Node> Parser::parse_expression()
{
auto rule_start = push_start();
if (m_rule_start_offsets.size() > max_allowed_nested_rule_depth)
return create<AST::SyntaxError>(String::formatted("Expression nested too deep (max allowed is {})", max_allowed_nested_rule_depth));
auto starting_char = peek();
auto read_concat = [&](auto&& expr) -> NonnullRefPtr<AST::Node> {

1
Shell/Parser.h
View File

@ -51,6 +51,7 @@ public:
SavedOffset save_offset() const;
private:
constexpr static size_t max_allowed_nested_rule_depth = 2048;
RefPtr<AST::Node> parse_toplevel();
RefPtr<AST::Node> parse_sequence();
RefPtr<AST::Node> parse_function_decl();