YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add RegExp recursion depth limit (#2543)

Browse Source 
The regexp engine does not have any recursion depth check, thus it can cause problems with various regexps. Added a new build option `--regexp-recursion-limit N` whose
default value is 0, which is for unlimited recursion depth. Also added a build-option-test.

Fixes #2448
Fixes #2190

JerryScript-DCO-1.0-Signed-off-by: Istvan Miklos imiklos2@inf.u-szeged.hu
This commit is contained in:
Istvan Miklos
2019-01-17 20:16:50 +01:00
committed by Akos Kiss
parent 162e2ddcb6
commit c23cf4176a
7 changed files with 105 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jerry-core/parser/regexp/re-compiler.c
+4
View File
@@ -246,6 +246,7 @@ static ecma_value_t
re_parse_alternative (re_compiler_ctx_t *re_ctx_p, /**< RegExp compiler context */
bool expect_eof) /**< expect end of file */
{
REGEXP_RECURSION_COUNTER_DECREASE_AND_TEST ();
uint32_t idx;
re_bytecode_ctx_t *bc_ctx_p = re_ctx_p->bytecode_ctx_p;
ecma_value_t ret_value = ECMA_VALUE_EMPTY;
@@ -440,6 +441,7 @@ re_parse_alternative (re_compiler_ctx_t *re_ctx_p, /**< RegExp compiler context
else
{
re_insert_u32 (bc_ctx_p, alterantive_offset, re_get_bytecode_length (bc_ctx_p) - alterantive_offset);
REGEXP_RECURSION_COUNTER_INCREASE ();
should_loop = false;
}
break;
@@ -453,6 +455,7 @@ re_parse_alternative (re_compiler_ctx_t *re_ctx_p, /**< RegExp compiler context
else
{
re_insert_u32 (bc_ctx_p, alterantive_offset, re_get_bytecode_length (bc_ctx_p) - alterantive_offset);
REGEXP_RECURSION_COUNTER_INCREASE ();
should_loop = false;
}
@@ -559,6 +562,7 @@ re_compile_bytecode (const re_compiled_code_t **out_bytecode_p, /**< [out] point
re_ctx.flags = flags;
re_ctx.highest_backref = 0;
re_ctx.num_of_non_captures = 0;
REGEXP_RECURSION_COUNTER_INIT ();
re_bytecode_ctx_t bc_ctx;
bc_ctx.block_start_p = NULL;
jerry-core/parser/regexp/re-compiler.h
+3
View File
@@ -41,6 +41,9 @@ typedef struct
uint32_t num_of_captures; /**< number of capture groups */
uint32_t num_of_non_captures; /**< number of non-capture groups */
uint32_t highest_backref; /**< highest backreference */
#ifdef REGEXP_RECURSION_LIMIT
uint32_t recursion_counter; /**< RegExp recursion counter */
#endif /* REGEXP_RECURSION_LIMIT */
re_bytecode_ctx_t *bytecode_ctx_p; /**< pointer of RegExp bytecode context */
re_token_t current_token; /**< current token */
re_parser_ctx_t *parser_ctx_p; /**< pointer of RegExp parser context */