From 692e4c57e83607f21d0c1b1b735585b3b63564f3 Mon Sep 17 00:00:00 2001 From: chriseth Date: Mon, 21 Aug 2017 12:33:29 +0200 Subject: Check recursion depth in assembly parser. --- Changelog.md | 1 + libsolidity/inlineasm/AsmParser.cpp | 11 +++++++++++ libsolidity/parsing/Parser.cpp | 32 -------------------------------- libsolidity/parsing/Parser.h | 7 ------- libsolidity/parsing/ParserBase.cpp | 13 +++++++++++++ libsolidity/parsing/ParserBase.h | 20 ++++++++++++++++++++ test/libjulia/Parser.cpp | 2 +- 7 files changed, 46 insertions(+), 40 deletions(-) diff --git a/Changelog.md b/Changelog.md index 3574455b..962aae2e 100644 --- a/Changelog.md +++ b/Changelog.md @@ -11,6 +11,7 @@ Features: Bugfixes: * Assembly Parser: Be more strict about number literals. + * Assembly Parser: Limit maximum recursion depth. * Parser: Enforce commas between array and tuple elements. * Parser: Limit maximum recursion depth. * Type Checker: Crash fix related to ``using``. diff --git a/libsolidity/inlineasm/AsmParser.cpp b/libsolidity/inlineasm/AsmParser.cpp index 1dcc42b8..d84fe999 100644 --- a/libsolidity/inlineasm/AsmParser.cpp +++ b/libsolidity/inlineasm/AsmParser.cpp @@ -36,6 +36,7 @@ using namespace dev::solidity::assembly; shared_ptr Parser::parse(std::shared_ptr const& _scanner) { + m_recursionDepth = 0; try { m_scanner = _scanner; @@ -51,6 +52,7 @@ shared_ptr Parser::parse(std::shared_ptr const& _scann assembly::Block Parser::parseBlock() { + RecursionGuard recursionGuard(*this); assembly::Block block = createWithLocation(); expectToken(Token::LBrace); while (currentToken() != Token::RBrace) @@ -62,6 +64,7 @@ assembly::Block Parser::parseBlock() assembly::Statement Parser::parseStatement() { + RecursionGuard recursionGuard(*this); switch (currentToken()) { case Token::Let: @@ -158,6 +161,7 @@ assembly::Statement Parser::parseStatement() assembly::Case Parser::parseCase() { + RecursionGuard recursionGuard(*this); assembly::Case _case = createWithLocation(); if (m_scanner->currentToken() == Token::Default) m_scanner->next(); @@ -178,6 +182,7 @@ assembly::Case Parser::parseCase() assembly::ForLoop Parser::parseForLoop() { + RecursionGuard recursionGuard(*this); ForLoop forLoop = createWithLocation(); expectToken(Token::For); forLoop.pre = parseBlock(); @@ -192,6 +197,7 @@ assembly::ForLoop Parser::parseForLoop() assembly::Statement Parser::parseExpression() { + RecursionGuard recursionGuard(*this); Statement operation = parseElementaryOperation(true); if (operation.type() == typeid(Instruction)) { @@ -254,6 +260,7 @@ std::map const& Parser::instructionNames() assembly::Statement Parser::parseElementaryOperation(bool _onlySinglePusher) { + RecursionGuard recursionGuard(*this); Statement ret; switch (currentToken()) { @@ -342,6 +349,7 @@ assembly::Statement Parser::parseElementaryOperation(bool _onlySinglePusher) assembly::VariableDeclaration Parser::parseVariableDeclaration() { + RecursionGuard recursionGuard(*this); VariableDeclaration varDecl = createWithLocation(); expectToken(Token::Let); while (true) @@ -366,6 +374,7 @@ assembly::VariableDeclaration Parser::parseVariableDeclaration() assembly::FunctionDefinition Parser::parseFunctionDefinition() { + RecursionGuard recursionGuard(*this); FunctionDefinition funDef = createWithLocation(); expectToken(Token::Function); funDef.name = expectAsmIdentifier(); @@ -397,6 +406,7 @@ assembly::FunctionDefinition Parser::parseFunctionDefinition() assembly::Statement Parser::parseCall(assembly::Statement&& _instruction) { + RecursionGuard recursionGuard(*this); if (_instruction.type() == typeid(Instruction)) { solAssert(!m_julia, "Instructions are invalid in JULIA"); @@ -479,6 +489,7 @@ assembly::Statement Parser::parseCall(assembly::Statement&& _instruction) TypedName Parser::parseTypedName() { + RecursionGuard recursionGuard(*this); TypedName typedName = createWithLocation(); typedName.name = expectAsmIdentifier(); if (m_julia) diff --git a/libsolidity/parsing/Parser.cpp b/libsolidity/parsing/Parser.cpp index 7455cbca..1ab38f82 100644 --- a/libsolidity/parsing/Parser.cpp +++ b/libsolidity/parsing/Parser.cpp @@ -64,25 +64,6 @@ private: SourceLocation m_location; }; -/// Utility class that creates an error and throws an exception if the -/// recursion depth is too deep. -class Parser::RecursionGuard -{ -public: - explicit RecursionGuard(Parser& _parser): - m_parser(_parser) - { - m_parser.increaseRecursionDepth(); - } - ~RecursionGuard() - { - m_parser.decreaseRecursionDepth(); - } - -private: - Parser& m_parser; -}; - ASTPointer Parser::parse(shared_ptr const& _scanner) { try @@ -1542,19 +1523,6 @@ ASTPointer Parser::createEmptyParameterList() return nodeFactory.createNode(vector>()); } -void Parser::increaseRecursionDepth() -{ - m_recursionDepth++; - if (m_recursionDepth >= 4096) - fatalParserError("Maximum recursion depth reached during parsing."); -} - -void Parser::decreaseRecursionDepth() -{ - solAssert(m_recursionDepth > 0, ""); - m_recursionDepth--; -} - string Parser::currentTokenName() { Token::Value token = m_scanner->currentToken(); diff --git a/libsolidity/parsing/Parser.h b/libsolidity/parsing/Parser.h index 0f74880c..cfdfea7e 100644 --- a/libsolidity/parsing/Parser.h +++ b/libsolidity/parsing/Parser.h @@ -41,7 +41,6 @@ public: private: class ASTNodeFactory; - class RecursionGuard; struct VarDeclParserOptions { @@ -165,14 +164,8 @@ private: /// Creates an empty ParameterList at the current location (used if parameters can be omitted). ASTPointer createEmptyParameterList(); - /// Increases the recursion depth and throws an exception if it is too deep. - void increaseRecursionDepth(); - void decreaseRecursionDepth(); - /// Flag that signifies whether '_' is parsed as a PlaceholderStatement or a regular identifier. bool m_insideModifier = false; - /// Current recursion depth during parsing. - size_t m_recursionDepth = 0; }; } diff --git a/libsolidity/parsing/ParserBase.cpp b/libsolidity/parsing/ParserBase.cpp index 5657c2c0..db988739 100644 --- a/libsolidity/parsing/ParserBase.cpp +++ b/libsolidity/parsing/ParserBase.cpp @@ -101,6 +101,19 @@ void ParserBase::expectToken(Token::Value _value) m_scanner->next(); } +void ParserBase::increaseRecursionDepth() +{ + m_recursionDepth++; + if (m_recursionDepth >= 4096) + fatalParserError("Maximum recursion depth reached during parsing."); +} + +void ParserBase::decreaseRecursionDepth() +{ + solAssert(m_recursionDepth > 0, ""); + m_recursionDepth--; +} + void ParserBase::parserError(string const& _description) { m_errorReporter.parserError(SourceLocation(position(), position(), sourceName()), _description); diff --git a/libsolidity/parsing/ParserBase.h b/libsolidity/parsing/ParserBase.h index 48733fc1..fd0de0d1 100644 --- a/libsolidity/parsing/ParserBase.h +++ b/libsolidity/parsing/ParserBase.h @@ -41,6 +41,20 @@ public: std::shared_ptr const& sourceName() const; protected: + /// Utility class that creates an error and throws an exception if the + /// recursion depth is too deep. + class RecursionGuard + { + public: + explicit RecursionGuard(ParserBase& _parser): m_parser(_parser) + { + m_parser.increaseRecursionDepth(); + } + ~RecursionGuard() { m_parser.decreaseRecursionDepth(); } + private: + ParserBase& m_parser; + }; + /// Start position of the current token int position() const; /// End position of the current token @@ -56,6 +70,10 @@ protected: Token::Value advance(); ///@} + /// Increases the recursion depth and throws an exception if it is too deep. + void increaseRecursionDepth(); + void decreaseRecursionDepth(); + /// Creates a @ref ParserError and annotates it with the current position and the /// given @a _description. void parserError(std::string const& _description); @@ -67,6 +85,8 @@ protected: std::shared_ptr m_scanner; /// The reference to the list of errors and warning to add errors/warnings during parsing ErrorReporter& m_errorReporter; + /// Current recursion depth during parsing. + size_t m_recursionDepth = 0; }; } diff --git a/test/libjulia/Parser.cpp b/test/libjulia/Parser.cpp index bfe76461..51070370 100644 --- a/test/libjulia/Parser.cpp +++ b/test/libjulia/Parser.cpp @@ -246,7 +246,7 @@ BOOST_AUTO_TEST_CASE(recursion_depth) for (size_t i = 0; i < 20000; i++) input += "}"; - CHECK_ERROR(input, ParserError, "recursio"); + CHECK_ERROR(input, ParserError, "recursion"); } BOOST_AUTO_TEST_SUITE_END() -- cgit