shithub: libmujs

Download patch

ref: 591ea21f8fd3940ed69c8b1cb4513c831a15176c
parent: 71afe58cc47f22239087bf568fce937c1fde7fed
author: Tor Andersson <tor@ccxvii.net>
date: Wed Feb 5 11:47:36 EST 2014 

Check for value stack overflow.


--- a/jsi.h
+++ b/jsi.h
@@ -24,7 +24,6 @@
 /* Limits */
 
 #define JS_STACKSIZE 256	/* value stack size */
-#define JS_MINSTACK 20		/* at least this much available when entering a function */
 #define JS_TRYLIMIT 64		/* exception stack size */
 #define JS_GCLIMIT 10000	/* run gc cycle every N allocations */
 
--- a/jsrun.c
+++ b/jsrun.c
@@ -11,8 +11,19 @@
 #define TOP (J->top)
 #define BOT (J->bot)
 
+static void js_stackoverflow(js_State *J)
+{
+	STACK[TOP].type = JS_TSTRING;
+	STACK[TOP].u.string = "stack overflow";
+	++TOP;
+	js_throw(J);
+}
+
+#define CHECKSTACK(n) if (TOP + n >= JS_STACKSIZE) js_stackoverflow(J)
+
 void js_pushvalue(js_State *J, js_Value v)
 {
+	CHECKSTACK(1);
 	STACK[TOP] = v;
 	++TOP;
 }
@@ -19,6 +30,7 @@
 
 void js_pushundefined(js_State *J)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TUNDEFINED;
 	++TOP;
 }
@@ -25,6 +37,7 @@
 
 void js_pushnull(js_State *J)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TNULL;
 	++TOP;
 }
@@ -31,6 +44,7 @@
 
 void js_pushboolean(js_State *J, int v)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TBOOLEAN;
 	STACK[TOP].u.boolean = !!v;
 	++TOP;
@@ -38,6 +52,7 @@
 
 void js_pushnumber(js_State *J, double v)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TNUMBER;
 	STACK[TOP].u.number = v;
 	++TOP;
@@ -45,6 +60,7 @@
 
 void js_pushstring(js_State *J, const char *v)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TSTRING;
 	STACK[TOP].u.string = js_intern(J, v);
 	++TOP;
@@ -73,6 +89,7 @@
 
 void js_pushliteral(js_State *J, const char *v)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TSTRING;
 	STACK[TOP].u.string = v;
 	++TOP;
@@ -80,6 +97,7 @@
 
 void js_pushobject(js_State *J, js_Object *v)
 {
+	CHECKSTACK(1);
 	STACK[TOP].type = JS_TOBJECT;
 	STACK[TOP].u.object = v;
 	++TOP;
@@ -237,6 +255,7 @@
 
 void js_copy(js_State *J, int idx)
 {
+	CHECKSTACK(1);
 	STACK[TOP] = *stackidx(J, idx);
 	++TOP;
 }
@@ -243,6 +262,7 @@
 
 void js_dup(js_State *J)
 {
+	CHECKSTACK(1);
 	STACK[TOP] = STACK[TOP-1];
 	++TOP;
 }
@@ -249,6 +269,7 @@
 
 void js_dup2(js_State *J)
 {
+	CHECKSTACK(2);
 	STACK[TOP] = STACK[TOP-2];
 	STACK[TOP+1] = STACK[TOP-1];
 	TOP += 2;
@@ -287,6 +308,7 @@
 
 void js_dup1rot3(js_State *J)
 {
+	CHECKSTACK(1);
 	/* A B -> B A B */
 	STACK[TOP] = STACK[TOP-1];	/* A B B */
 	STACK[TOP-1] = STACK[TOP-2];	/* A A B */
@@ -296,6 +318,7 @@
 
 void js_dup1rot4(js_State *J)
 {
+	CHECKSTACK(1);
 	/* A B C -> C A B C */
 	STACK[TOP] = STACK[TOP-1];	/* A B C C */
 	STACK[TOP-1] = STACK[TOP-2];	/* A B B C */