Fix stack overflow when parsing huge expressions.

src/compiler/translator/Compiler.cpp

@@ -160,6 +160,10 @@ bool TCompiler::compile(const char* const shaderStrings[],
         TIntermNode* root = parseContext.treeRoot;
         success = intermediate.postProcess(root);
 
+        // Disallow expressions deemed too complex.
+        if (success && (compileOptions & SH_LIMIT_EXPRESSION_COMPLEXITY))
+            success = limitExpressionComplexity(root);
+
         if (success)
             success = detectCallDepth(root, infoSink, (compileOptions & SH_LIMIT_CALL_STACK_DEPTH) != 0);
 
@@ -198,10 +202,6 @@ bool TCompiler::compile(const char* const shaderStrings[],
         if (success && (compileOptions & SH_CLAMP_INDIRECT_ARRAY_BOUNDS))
             arrayBoundsClamper.MarkIndirectArrayBoundsForClamping(root);
 
-        // Disallow expressions deemed too complex.
-        if (success && (compileOptions & SH_LIMIT_EXPRESSION_COMPLEXITY))
-            success = limitExpressionComplexity(root);
-
         if (success && shaderType == SH_VERTEX_SHADER && (compileOptions & SH_INIT_GL_POSITION))
             initializeGLPosition(root);
 
@@ -381,8 +381,15 @@ bool TCompiler::enforceTimingRestrictions(TIntermNode* root, bool outputGraph)
 
 bool TCompiler::limitExpressionComplexity(TIntermNode* root)
 {
-    TIntermTraverser traverser;
+    TMaxDepthTraverser traverser(maxExpressionComplexity+1);
     root->traverse(&traverser);
+
+    if (traverser.getMaxDepth() > maxExpressionComplexity)
+    {
+        infoSink.info << "Expression too complex.";
+        return false;
+    }
+
     TDependencyGraph graph(root);
 
     for (TFunctionCallVector::const_iterator iter = graph.beginUserDefinedFunctionCalls();
@@ -394,11 +401,6 @@ bool TCompiler::limitExpressionComplexity(TIntermNode* root)
         samplerSymbol->traverse(&graphTraverser);
     }
 
-    if (traverser.getMaxDepth() > maxExpressionComplexity)
-    {
-        infoSink.info << "Expression too complex.";
-        return false;
-    }
     return true;
 }
 

src/compiler/translator/intermediate.h

@@ -653,4 +653,30 @@ protected:
     TVector<TIntermNode *> path;
 };
 
+//
+// For traversing the tree, and computing max depth.
+// Takes a maximum depth limit to prevent stack overflow.
+//
+class TMaxDepthTraverser : public TIntermTraverser
+{
+public:
+    POOL_ALLOCATOR_NEW_DELETE();
+    TMaxDepthTraverser(int depthLimit)
+      : TIntermTraverser(true, true, false, false),
+        depthLimit(depthLimit)
+    {}
+
+    virtual bool visitBinary(Visit visit, TIntermBinary*) { return depthCheck(); }
+    virtual bool visitUnary(Visit visit, TIntermUnary*) { return depthCheck(); }
+    virtual bool visitSelection(Visit visit, TIntermSelection*) { return depthCheck(); }
+    virtual bool visitAggregate(Visit visit, TIntermAggregate*) { return depthCheck(); }
+    virtual bool visitLoop(Visit visit, TIntermLoop*) { return depthCheck(); }
+    virtual bool visitBranch(Visit visit, TIntermBranch*) { return depthCheck(); }
+
+protected:
+    int depthLimit;
+
+    bool depthCheck() const { return maxDepth < depthLimit; }
+};
+
 #endif // __INTERMEDIATE_H