Add in depth check for ToJavascript and related methods

There exists a similar check for the parser, but it doesn't catch all
cases of excessive memory usage, since a single parse step can
generate multiple expressions that need to be converted or other cases
where the parse depth doesn't match the emission depth later.

Due to the expressions appearing in two different inheritence
hierachies the depth information needs to be stored outside of the
classes, thus the new depth class.

Another way to handle this would be to change the method calls to take
in a visitor object that tracks depth. This would require significant
reworking of some of the code, so I am going to file a bug about doing
that conversion as a cleanup.

BUG=chromium:752495

Change-Id: Ica7c9b60ecf1e17530ea88b7bfb01582c63043be
Reviewed-on: https://pdfium-review.googlesource.com/16752
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>

1 files changed, 22 insertions, 0 deletions

diff --git a/xfa/fxfa/fm2js/cxfa_fmtojavascriptdepth.h b/xfa/fxfa/fm2js/cxfa_fmtojavascriptdepth.h
new file mode 100644
index 0000000000..14f87a68f5
--- /dev/null
+++ b/xfa/fxfa/fm2js/cxfa_fmtojavascriptdepth.h
@@ -0,0 +1,22 @@
+// Copyright 2017 PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef XFA_FXFA_FM2JS_CXFA_FMTOJAVASCRIPTDEPTH_H_
+#define XFA_FXFA_FM2JS_CXFA_FMTOJAVASCRIPTDEPTH_H_
+
+class CXFA_FMToJavaScriptDepth {
+ public:
+  CXFA_FMToJavaScriptDepth() { depth_++; }
+  ~CXFA_FMToJavaScriptDepth() { depth_--; }
+
+  bool IsWithinMaxDepth() const { return depth_ <= max_depth_; }
+
+  static void Reset();
+
+ private:
+  static unsigned long depth_;
+  static unsigned long max_depth_;
+};
+
+#endif  // XFA_FXFA_FM2JS_CXFA_FMTOJAVASCRIPTDEPTH_H_