preprocessor: add a limit to the number of token expanded

BUG=angleproject:1522 BUG=chromium:648074 Change-Id: Ibf0858aaeb81933dd221ac82a49160169b48a495 Reviewed-on: https://chromium-review.googlesource.com/387211Reviewed-by: Geoff Lang <geofflang@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org>

preprocessor: add a limit to the number of token expanded
2bd9c443 · Corentin Wallez · Commit Bot · f607c60a · 2bd9c443 · 2bd9c443
Commit 2bd9c443 authored Sep 20, 2016 by Corentin Wallez Committed by Commit Bot Sep 22, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 1 deletion

MacroExpander.cpp src/compiler/preprocessor/MacroExpander.cpp +26 -1

MacroExpander.h src/compiler/preprocessor/MacroExpander.h +1 -0

No files found.
--- a/src/compiler/preprocessor/MacroExpander.cpp
+++ b/src/compiler/preprocessor/MacroExpander.cpp
@@ -15,6 +15,11 @@
 namespace pp
 {

+namespace
+{
+
+const size_t kMaxContextTokens = 10000;
+
 class TokenLexer : public Lexer
 {
 public:
@@ -46,8 +51,10 @@ class TokenLexer : public Lexer
    TokenVector::const_iterator mIter;
 };

+}  // anonymous namespace
+
 MacroExpander::MacroExpander(Lexer *lexer, MacroSet *macroSet, Diagnostics *diagnostics)
-    : mLexer(lexer), mMacroSet(macroSet), mDiagnostics(diagnostics)
+    : mLexer(lexer), mMacroSet(macroSet), mDiagnostics(diagnostics), mTotalTokensInContexts(0)
 {
 }

@@ -114,6 +121,7 @@ void MacroExpander::getToken(Token *token)
    }
    else
    {
+        assert(mTotalTokensInContexts == 0);
        mLexer->lex(token);
    }
 }
@@ -164,6 +172,7 @@ bool MacroExpander::pushMacro(const Macro &macro, const Token &identifier)
    context->macro = &macro;
    context->replacements.swap(replacements);
    mContextStack.push_back(context);
+    mTotalTokensInContexts += context->replacements.size();
    return true;
 }

@@ -179,6 +188,7 @@ void MacroExpander::popMacro()
    assert(context->macro->expansionCount > 0);
    context->macro->disabled = false;
    context->macro->expansionCount--;
+    mTotalTokensInContexts -= context->replacements.size();
    delete context;
 }

@@ -321,6 +331,7 @@ bool MacroExpander::collectMacroArgs(const Macro &macro,
    // Pre-expand each argument before substitution.
    // This step expands each argument individually before they are
    // inserted into the macro body.
+    size_t numTokens = 0;
    for (std::size_t i = 0; i < args->size(); ++i)
    {
        MacroArg &arg = args->at(i);
@@ -333,6 +344,12 @@ bool MacroExpander::collectMacroArgs(const Macro &macro,
        {
            arg.push_back(token);
            expander.lex(&token);
+            numTokens++;
+            if (numTokens + mTotalTokensInContexts > kMaxContextTokens)
+            {
+                mDiagnostics->report(Diagnostics::PP_OUT_OF_MEMORY, token.location, token.text);
+                return false;
+            }
        }
    }
    return true;
@@ -344,6 +361,14 @@ void MacroExpander::replaceMacroParams(const Macro &macro,
 {
    for (std::size_t i = 0; i < macro.replacements.size(); ++i)
    {
+        if (!replacements->empty() &&
+            replacements->size() + mTotalTokensInContexts > kMaxContextTokens)
+        {
+            const Token &token = replacements->back();
+            mDiagnostics->report(Diagnostics::PP_OUT_OF_MEMORY, token.location, token.text);
+            return;
+        }
+
        const Token &repl = macro.replacements[i];
        if (repl.type != Token::IDENTIFIER)
        {

--- a/src/compiler/preprocessor/MacroExpander.h
+++ b/src/compiler/preprocessor/MacroExpander.h
@@ -84,6 +84,7 @@ class MacroExpander : public Lexer

    std::unique_ptr<Token> mReserveToken;
    std::vector<MacroContext *> mContextStack;
+    size_t mTotalTokensInContexts;
 };

 }  // namespace pp