diff options
author | Oleg Oshmyan <chortos@inbox.lv> | 2020-08-28 02:44:11 +0300 |
---|---|---|
committer | Oleg Oshmyan <chortos@inbox.lv> | 2020-09-08 12:59:05 +0300 |
commit | 66cef6774386d558e1e39096db926d677dad6882 (patch) | |
tree | e2a0c663fdae131bc25e013ebacb37b20db7b5ab | |
parent | 42aa6ee392a25a5f699c44bca329fd6363879779 (diff) | |
download | libass-66cef6774386d558e1e39096db926d677dad6882.tar.bz2 libass-66cef6774386d558e1e39096db926d677dad6882.tar.xz |
Assert finite parse_tags recursion
Before commit 6835731c2fe4164a0c50bc91d12c43b2a2b4e799,
parse_tags used to recurse for each nested \t(). The depth
of this recursion was not limited, and each \t in \t(\t(\t(...
added another level. This could lead to stack overflow.
Since that commit, parse_tags still recurses, but at most once:
it is called with nested=false at the top level and recurses with
nested=true for the outermost \t() (except rare cases in which
even this one level of recursion is avoided). Parsing stops at
the closing ) both for the outermost \t() and for any inner \t()
nested inside it, so the inner recursive call cannot recurse further.
This was not immediately obvious when reading the code,
and therefore it was not obvious that stack overflow is avoided.
Make it so by adding an assertion.
-rw-r--r-- | libass/ass_parse.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libass/ass_parse.c b/libass/ass_parse.c index b707944..8188cbc 100644 --- a/libass/ass_parse.c +++ b/libass/ass_parse.c @@ -636,6 +636,7 @@ char *parse_tags(ASS_Renderer *render_priv, char *p, char *end, double pwr, continue; p = args[cnt].start; if (args[cnt].end < end) { + assert(!nested); p = parse_tags(render_priv, p, args[cnt].end, k, true); } else { assert(q == end); |