From c68f6e79e1348935c668b71d3a02d73112ea088b Mon Sep 17 00:00:00 2001
From: mnegyokru <69792667+mnegyokru@users.noreply.github.com>
Date: Fri, 14 Jan 2022 11:02:50 +0100
Subject: [PATCH] Add stack-overflow check to 'lexer_construct_function_object'
 (#4965)

This patch fixes #4887.

JerryScript-DCO-1.0-Signed-off-by: Martin Negyokru negyokru@inf.u-szeged.hu
---
 jerry-core/parser/js/js-lexer.c      | 6 ++++++
 jerry-core/parser/js/js-parser.c     | 7 +++++++
 jerry-core/parser/js/parser-errors.h | 5 ++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/jerry-core/parser/js/js-lexer.c b/jerry-core/parser/js/js-lexer.c
index c552cbe35..5de418fcb 100644
--- a/jerry-core/parser/js/js-lexer.c
+++ b/jerry-core/parser/js/js-lexer.c
@@ -2799,6 +2799,12 @@ uint16_t
 lexer_construct_function_object (parser_context_t *context_p, /**< context */
                                  uint32_t extra_status_flags) /**< extra status flags */
 {
+#if (JERRY_STACK_LIMIT != 0)
+  if (JERRY_UNLIKELY (ecma_get_current_stack_usage () > CONFIG_MEM_STACK_LIMIT))
+  {
+    parser_raise_error (context_p, PARSER_ERR_STACK_OVERFLOW);
+  }
+#endif /* JERRY_STACK_LIMIT != 0 */
   ecma_compiled_code_t *compiled_code_p;
   lexer_literal_t *literal_p;
   uint16_t result_index;
diff --git a/jerry-core/parser/js/js-parser.c b/jerry-core/parser/js/js-parser.c
index 3fa59e31f..c290b8782 100644
--- a/jerry-core/parser/js/js-parser.c
+++ b/jerry-core/parser/js/js-parser.c
@@ -2506,6 +2506,13 @@ parser_parse_source (void *source_p, /**< source code */
     jcontext_raise_exception (ECMA_VALUE_NULL);
     return NULL;
   }
+#if (JERRY_STACK_LIMIT != 0)
+  if (context.error == PARSER_ERR_STACK_OVERFLOW)
+  {
+    ecma_raise_standard_error (JERRY_ERROR_RANGE, ECMA_ERR_MAXIMUM_CALL_STACK_SIZE_EXCEEDED);
+    return NULL;
+  }
+#endif /* JERRY_STACK_LIMIT != 0 */
 
 #if JERRY_ERROR_MESSAGES
   ecma_string_t *err_str_p;
diff --git a/jerry-core/parser/js/parser-errors.h b/jerry-core/parser/js/parser-errors.h
index 5a8ffe588..775dee03c 100644
--- a/jerry-core/parser/js/parser-errors.h
+++ b/jerry-core/parser/js/parser-errors.h
@@ -32,7 +32,10 @@ typedef enum
   /** @endcond */
   PARSER_ERR_OUT_OF_MEMORY,
   PARSER_ERR_INVALID_REGEXP,
-  PARSER_ERR_NO_ERROR
+#if (JERRY_STACK_LIMIT != 0)
+  PARSER_ERR_STACK_OVERFLOW,
+#endif /* JERRY_STACK_LIMIT != 0 */
+  PARSER_ERR_NO_ERROR,
 } parser_error_msg_t;
 
 const lit_utf8_byte_t* parser_get_error_utf8 (uint32_t id);