From 1e5b5b14d7468ca4fedaa9ba1c9dba0ff67d7ea8 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby-lang.org>
Date: Wed, 15 Feb 2017 12:06:32 +0900
Subject: Prohibit too deep `mrb_funcall()` recursion; ref #3421

`mrb_funcall()` recursion can cause stack overflow easily,
so recursion depth is now limited to MRB_FUNCALL_DEPTH_MAX,
which default value is 512.
---
 src/vm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/vm.c b/src/vm.c
index 91612a0da..96a9966a2 100644
--- a/src/vm.c
+++ b/src/vm.c
@@ -40,6 +40,11 @@ void abort(void);
 #define MRB_STACK_GROWTH 128
 #endif
 
+/* Maximum mrb_funcall() depth. Should be set lower on memory constrained systems. */
+#ifndef MRB_FUNCALL_DEPTH_MAX
+#define MRB_FUNCALL_DEPTH_MAX 512
+#endif
+
 /* Maximum stack depth. Should be set lower on memory constrained systems.
 The value below allows about 60000 recursive calls in the simplest case. */
 #ifndef MRB_STACK_MAX
@@ -386,6 +391,9 @@ mrb_funcall_with_block(mrb_state *mrb, mrb_value self, mrb_sym mid, mrb_int argc
       undef = mid;
       argc++;
     }
+    if (mrb->c->ci - mrb->c->cibase > MRB_FUNCALL_DEPTH_MAX) {
+      mrb_exc_raise(mrb, mrb_obj_value(mrb->stack_err));
+    }
     ci = cipush(mrb);
     ci->mid = mid;
     ci->proc = p;
-- 
cgit v1.2.3