From 8eac5ad73918818569859cd0453a1d5a44a1f81b Mon Sep 17 00:00:00 2001
From: Dan Sinclair <dsinclair@chromium.org>
Date: Wed, 28 Mar 2018 13:20:09 +0000
Subject: Smaller post expression set

This CL decreases the kMaxPostExpressions to 256. This is the number of
accessors you can attach to a single statement (e.g. foo.#A.#A.#A).
Having a very large number can cause stack overflows. The accessor does
not seem like it would expect hundreds of entries on a single element.

Bug: chromium:820688
Change-Id: I19966b43c96f5d1d02a79af127a0c96609420811
Reviewed-on: https://pdfium-review.googlesource.com/29330
Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
---
 xfa/fxfa/fm2js/cxfa_fmparser.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'xfa')

diff --git a/xfa/fxfa/fm2js/cxfa_fmparser.cpp b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
index 5079ab110e..dca427a20a 100644
--- a/xfa/fxfa/fm2js/cxfa_fmparser.cpp
+++ b/xfa/fxfa/fm2js/cxfa_fmparser.cpp
@@ -16,7 +16,7 @@
 namespace {
 
 constexpr unsigned int kMaxParseDepth = 1250;
-constexpr unsigned int kMaxPostExpressions = 16384;
+constexpr unsigned int kMaxPostExpressions = 256;
 
 }  // namespace
 
@@ -688,6 +688,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
       case TOKlparen: {
         if (!NextToken())
           return nullptr;
+
         std::vector<std::unique_ptr<CXFA_FMSimpleExpression>> expressions;
         if (m_token.m_type != TOKrparen) {
           while (m_token.m_type != TOKrparen) {
@@ -789,7 +790,8 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
               std::move(expr), TOKdot, tempStr, std::move(s));
           continue;
         }
-      } break;
+        break;
+      }
       case TOKdotdot: {
         if (!NextToken())
           return nullptr;
@@ -814,7 +816,8 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
               std::move(expr), TOKdotdot, tempStr, std::move(s));
           continue;
         }
-      } break;
+        break;
+      }
       case TOKdotscream: {
         if (!NextToken())
           return nullptr;
@@ -824,6 +827,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
         WideStringView tempStr = m_token.m_string;
         if (!NextToken())
           return nullptr;
+
         if (m_token.m_type != TOKlbracket) {
           std::unique_ptr<CXFA_FMSimpleExpression> s =
               pdfium::MakeUnique<CXFA_FMIndexExpression>(ACCESSOR_NO_INDEX,
@@ -832,6 +836,7 @@ std::unique_ptr<CXFA_FMSimpleExpression> CXFA_FMParser::ParsePostExpression(
               std::move(expr), TOKdotscream, tempStr, std::move(s));
           continue;
         }
+
         std::unique_ptr<CXFA_FMSimpleExpression> s = ParseIndexExpression();
         if (!s)
           return nullptr;
-- 
cgit v1.2.3