From 21831527cb77e6b4892e0fcd08bbc7a31f8d9098 Mon Sep 17 00:00:00 2001 From: Ori Bernstein Date: Sun, 19 Apr 2020 09:02:21 -0700 Subject: dont overflow the stack when pushing expressions in cpp, particularly complex ones could overflow the stack and silently corrupt our data structures. add checks when we push, and bump the stack size up. --- sys/src/cmd/cpp/eval.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'sys/src/cmd/cpp/eval.c') diff --git a/sys/src/cmd/cpp/eval.c b/sys/src/cmd/cpp/eval.c index 9e8dc21b5..83d12e00b 100644 --- a/sys/src/cmd/cpp/eval.c +++ b/sys/src/cmd/cpp/eval.c @@ -2,7 +2,7 @@ #include #include "cpp.h" -#define NSTAK 32 +#define NSTAK 128 #define SGN 0 #define UNS 1 #define UND 2 @@ -136,6 +136,8 @@ eval(Tokenrow *trp, int kw) case STRING: if (rand) goto syntax; + if(vp == vals + NSTAK) + goto fullstakdeveloper; *vp++ = tokval(tp); rand = 1; continue; @@ -146,12 +148,16 @@ eval(Tokenrow *trp, int kw) case NOT: if (rand) goto syntax; + if(op == ops + NSTAK) + goto fullstakdeveloper; *op++ = tp->type; continue; /* unary-binary */ case PLUS: case MINUS: case STAR: case AND: if (rand==0) { + if(op == ops + NSTAK) + goto fullstakdeveloper; if (tp->type==MINUS) *op++ = UMINUS; if (tp->type==STAR || tp->type==AND) { @@ -171,6 +177,8 @@ eval(Tokenrow *trp, int kw) goto syntax; if (evalop(priority[tp->type])!=0) return 0; + if(op == ops + NSTAK) + goto fullstakdeveloper; *op++ = tp->type; rand = 0; continue; @@ -178,6 +186,8 @@ eval(Tokenrow *trp, int kw) case LP: if (rand) goto syntax; + if(op == ops + NSTAK) + goto fullstakdeveloper; *op++ = LP; continue; @@ -211,6 +221,9 @@ eval(Tokenrow *trp, int kw) syntax: error(ERROR, "Syntax error in #if/#elif"); return 0; +fullstakdeveloper: + error(ERROR, "Out of stack space evaluating #if"); + return 0; } int @@ -375,6 +388,10 @@ evalop(struct pri pri) } v1.val = rv1; v1.type = rtype; + if(op == ops + NSTAK){ + error(ERROR, "Out of stack space evaluating #if"); + return 0; + } *vp++ = v1; } return 0; -- cgit v1.2.3