-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
coda_expression_fuzzer: Stack-overflow in print_expression #66
Comments
I am not sure that this is something we can 'resolve' easily in the code. There are no guarantees about the size of the stack. This is purely compiler and os dependent. As far as I know, stack overflow errors are just a thing that can happen when using recursive functions. The only real solution would be to not use recursive functions and rewrite these functions using loops that use the heap. |
In my situation, a stack overflow is something I can't allow processes to do. So I have to put a fix in and I'd rather it match what is in the upstream repository. A non-recursive solution isn't critical for the short term. Why not make a solution that will almost always allow the default build to print a bogus expression, but that I can easily override in my build? In my compiler settings, I can just add "-DCODA_MAX_RECURSION=64" (or whatever number works for my memory configuration) e.g. #ifndef CODA_MAX_RECURSION
// May OOM or stack-overflow with this many levels of recursion
#define CODA_MAX_RECURSION 100000
#endif and static int print_expression(const coda_expression *expr, int (*print) (const char *, ...), int xml, int html,
int precedence, int depth)
{
if (depth > CODA_MAX_RECURSION) {
coda_set_error(CODA_ERROR_INVALID_FORMAT, "too many levels of recursion in expression");
return -1;
}
depth++; Some of the reasons behind limiting the recursion:
See also this discussion which is similar: |
Ok. I understand the rationale. The problem is that this is not just about the |
Implemented in 2cde1d8 |
Verified |
One possible solution is to modify
print_expression
to track depthWould become
And it would start with things like this:
The fuzzer:
testcase-4902997930278912.zip
The text was updated successfully, but these errors were encountered: