Merge pull request #3083 from ruby/max-depth

Support a max depth to protect against malicious payloads

config.yml

@@ -185,6 +185,7 @@ errors:
   - MODULE_TERM
   - MULTI_ASSIGN_MULTI_SPLATS
   - MULTI_ASSIGN_UNEXPECTED_REST
+  - NESTING_TOO_DEEP
   - NO_LOCAL_VARIABLE
   - NOT_EXPRESSION
   - NUMBER_LITERAL_UNDERSCORE

include/prism/defines.h

@@ -25,6 +25,15 @@
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
 
+/**
+ * When we are parsing using recursive descent, we want to protect against
+ * malicious payloads that could attempt to crash our parser. We do this by
+ * specifying a maximum depth to which we are allowed to recurse.
+ */
+#ifndef PRISM_DEPTH_MAXIMUM
+    #define PRISM_DEPTH_MAXIMUM 1000
+#endif
+
 /**
  * By default, we compile with -fvisibility=hidden. When this is enabled, we
  * need to mark certain functions as being publically-visible. This macro does
@@ -212,4 +221,28 @@
     #define PRISM_ENCODING_EXCLUDE_FULL
 #endif
 
+/**
+ * Support PRISM_LIKELY and PRISM_UNLIKELY to help the compiler optimize its
+ * branch predication.
+ */
+#if defined(__GNUC__) || defined(__clang__)
+    /** The compiler should predicate that this branch will be taken. */
+    #define PRISM_LIKELY(x) __builtin_expect(!!(x), 1)
+
+    /** The compiler should predicate that this branch will not be taken. */
+    #define PRISM_UNLIKELY(x) __builtin_expect(!!(x), 0)
+#elif defined(_MSC_VER) && (_MSC_VER >= 1400)
+    /** The compiler should predicate that this branch will be taken. */
+    #define PRISM_LIKELY(x) __assume((x))
+
+    /** The compiler should predicate that this branch will not be taken. */
+    #define PRISM_UNLIKELY(x) __assume(!(x))
+#else
+    /** Void because this platform does not support branch prediction hints. */
+    #define PRISM_LIKELY(x)   (x)
+
+    /** Void because this platform does not support branch prediction hints. */
+    #define PRISM_UNLIKELY(x) (x)
+#endif
+
 #endif