From 82836a62befb31ef41dd75ccc17992ed575841db Mon Sep 17 00:00:00 2001 From: Vladimir Glavnyy <31897320+vglavnyy@users.noreply.github.com> Date: Tue, 5 Jan 2021 03:39:12 +0700 Subject: [idl_parser] Improve stack overflow protection (#6364) * [idl_parser] Improve stack overflow protection Add stack overflow protection for Flexbuffer and nested Flatbuffer parsers. Replaces the `Recurse()` method by the new ParseDepthGuard RAII class. * Remove move operator from Parser. It was wrong decision to add move ctor and assignment into Parser class. These operators will make it extremely difficult to add constant or reference fields in the future. * Remove ';' from definition of FLATBUFFERS_DELETE_FUNC * Format code * Make this PR compatible with MSVC2010 (it doesn't support inherited ctor) --- include/flatbuffers/base.h | 4 ++-- include/flatbuffers/flatbuffers.h | 13 +++++++------ include/flatbuffers/idl.h | 17 +++++++---------- 3 files changed, 16 insertions(+), 18 deletions(-) (limited to 'include') diff --git a/include/flatbuffers/base.h b/include/flatbuffers/base.h index 92db55b7..46340ec8 100644 --- a/include/flatbuffers/base.h +++ b/include/flatbuffers/base.h @@ -197,9 +197,9 @@ namespace flatbuffers { #if (!defined(_MSC_VER) || _MSC_FULL_VER >= 180020827) && \ (!defined(__GNUC__) || (__GNUC__ * 100 + __GNUC_MINOR__ >= 404)) || \ defined(__clang__) - #define FLATBUFFERS_DELETE_FUNC(func) func = delete; + #define FLATBUFFERS_DELETE_FUNC(func) func = delete #else - #define FLATBUFFERS_DELETE_FUNC(func) private: func; + #define FLATBUFFERS_DELETE_FUNC(func) private: func #endif #if (!defined(_MSC_VER) || _MSC_VER >= 1900) && \ diff --git a/include/flatbuffers/flatbuffers.h b/include/flatbuffers/flatbuffers.h index 12fc64c0..c429cc43 100644 --- a/include/flatbuffers/flatbuffers.h +++ b/include/flatbuffers/flatbuffers.h @@ -821,9 +821,9 @@ class DetachedBuffer { #if !defined(FLATBUFFERS_CPP98_STL) // clang-format on // These may change access mode, leave these at end of public section - FLATBUFFERS_DELETE_FUNC(DetachedBuffer(const DetachedBuffer &other)) + FLATBUFFERS_DELETE_FUNC(DetachedBuffer(const DetachedBuffer &other)); FLATBUFFERS_DELETE_FUNC( - DetachedBuffer &operator=(const DetachedBuffer &other)) + DetachedBuffer &operator=(const DetachedBuffer &other)); // clang-format off #endif // !defined(FLATBUFFERS_CPP98_STL) // clang-format on @@ -1066,8 +1066,8 @@ class vector_downward { private: // You shouldn't really be copying instances of this class. - FLATBUFFERS_DELETE_FUNC(vector_downward(const vector_downward &)) - FLATBUFFERS_DELETE_FUNC(vector_downward &operator=(const vector_downward &)) + FLATBUFFERS_DELETE_FUNC(vector_downward(const vector_downward &)); + FLATBUFFERS_DELETE_FUNC(vector_downward &operator=(const vector_downward &)); Allocator *allocator_; bool own_allocator_; @@ -1891,7 +1891,7 @@ class FlatBufferBuilder { } FLATBUFFERS_DELETE_FUNC( - StructKeyComparator &operator=(const StructKeyComparator &)) + StructKeyComparator &operator=(const StructKeyComparator &)); }; /// @endcond @@ -1966,7 +1966,8 @@ class FlatBufferBuilder { vector_downward &buf_; private: - FLATBUFFERS_DELETE_FUNC(TableKeyComparator &operator=(const TableKeyComparator &other)) + FLATBUFFERS_DELETE_FUNC( + TableKeyComparator &operator=(const TableKeyComparator &other)); }; /// @endcond diff --git a/include/flatbuffers/idl.h b/include/flatbuffers/idl.h index 31a41d75..1d57ba16 100644 --- a/include/flatbuffers/idl.h +++ b/include/flatbuffers/idl.h @@ -35,7 +35,7 @@ // Definition Language) / schema file. // Limits maximum depth of nested objects. -// Prevents stack overflow while parse flatbuffers or json. +// Prevents stack overflow while parse scheme, or json, or flexbuffer. #if !defined(FLATBUFFERS_MAX_PARSING_DEPTH) # define FLATBUFFERS_MAX_PARSING_DEPTH 64 #endif @@ -767,8 +767,8 @@ class Parser : public ParserState { opts(options), uses_flexbuffers_(false), source_(nullptr), - anonymous_counter(0), - recurse_protection_counter(0) { + anonymous_counter_(0), + parse_depth_counter_(0) { if (opts.force_defaults) { builder_.ForceDefaults(true); } // Start out with the empty namespace being current. empty_namespace_ = new Namespace(); @@ -806,11 +806,6 @@ class Parser : public ParserState { } } -#ifdef FLATBUFFERS_DEFAULT_DECLARATION - Parser(Parser&&) = default; - Parser& operator=(Parser&&) = default; -#endif - // Parse the string containing either schema or JSON data, which will // populate the SymbolTable's or the FlatBufferBuilder above. // include_paths is used to resolve any include statements, and typically @@ -872,6 +867,8 @@ class Parser : public ParserState { static bool SupportsOptionalScalars(const flatbuffers::IDLOptions &opts); private: + class ParseDepthGuard; + void Message(const std::string &msg); void Warning(const std::string &msg); FLATBUFFERS_CHECKED_ERROR ParseHexNum(int nibbles, uint64_t *val); @@ -1000,8 +997,8 @@ class Parser : public ParserState { std::vector> field_stack_; - int anonymous_counter; - int recurse_protection_counter; + int anonymous_counter_; + int parse_depth_counter_; // stack-overflow guard }; // Utility functions for multiple generators: -- cgit v1.2.3