[idl_parser] Improve stack overflow protection (#6364)

* [idl_parser] Improve stack overflow protection Add stack overflow protection for Flexbuffer and nested Flatbuffer parsers. Replaces the `Recurse()` method by the new ParseDepthGuard RAII class. * Remove move operator from Parser. It was wrong decision to add move ctor and assignment into Parser class. These operators will make it extremely difficult to add constant or reference fields in the future. * Remove ';' from definition of FLATBUFFERS_DELETE_FUNC * Format code * Make this PR compatible with MSVC2010 (it doesn't support inherited ctor)
2026-06-06 05:27:24 +00:00 · 2021-01-05 03:39:12 +07:00
parent e7430bbebd
commit 82836a62be
6 changed files with 84 additions and 58 deletions
--- a/include/flatbuffers/base.h
+++ b/include/flatbuffers/base.h
@@ -197,9 +197,9 @@ namespace flatbuffers {
 #if (!defined(_MSC_VER) || _MSC_FULL_VER >= 180020827) && \
    (!defined(__GNUC__) || (__GNUC__ * 100 + __GNUC_MINOR__ >= 404)) || \
    defined(__clang__)
-  #define FLATBUFFERS_DELETE_FUNC(func) func = delete;
+  #define FLATBUFFERS_DELETE_FUNC(func) func = delete
 #else
-  #define FLATBUFFERS_DELETE_FUNC(func) private: func;
+  #define FLATBUFFERS_DELETE_FUNC(func) private: func
 #endif

 #if (!defined(_MSC_VER) || _MSC_VER >= 1900) && \
--- a/include/flatbuffers/flatbuffers.h
+++ b/include/flatbuffers/flatbuffers.h
@@ -821,9 +821,9 @@ class DetachedBuffer {
  #if !defined(FLATBUFFERS_CPP98_STL)
  // clang-format on
  // These may change access mode, leave these at end of public section
-  FLATBUFFERS_DELETE_FUNC(DetachedBuffer(const DetachedBuffer &other))
+  FLATBUFFERS_DELETE_FUNC(DetachedBuffer(const DetachedBuffer &other));
  FLATBUFFERS_DELETE_FUNC(
-      DetachedBuffer &operator=(const DetachedBuffer &other))
+      DetachedBuffer &operator=(const DetachedBuffer &other));
  // clang-format off
  #endif  // !defined(FLATBUFFERS_CPP98_STL)
  // clang-format on
@@ -1066,8 +1066,8 @@ class vector_downward {

 private:
  // You shouldn't really be copying instances of this class.
-  FLATBUFFERS_DELETE_FUNC(vector_downward(const vector_downward &))
-  FLATBUFFERS_DELETE_FUNC(vector_downward &operator=(const vector_downward &))
+  FLATBUFFERS_DELETE_FUNC(vector_downward(const vector_downward &));
+  FLATBUFFERS_DELETE_FUNC(vector_downward &operator=(const vector_downward &));

  Allocator *allocator_;
  bool own_allocator_;
@@ -1891,7 +1891,7 @@ class FlatBufferBuilder {
    }

    FLATBUFFERS_DELETE_FUNC(
-        StructKeyComparator &operator=(const StructKeyComparator &))
+        StructKeyComparator &operator=(const StructKeyComparator &));
  };
  /// @endcond

@@ -1966,7 +1966,8 @@ class FlatBufferBuilder {
    vector_downward &buf_;

   private:
-    FLATBUFFERS_DELETE_FUNC(TableKeyComparator &operator=(const TableKeyComparator &other))
+    FLATBUFFERS_DELETE_FUNC(
+        TableKeyComparator &operator=(const TableKeyComparator &other));
  };
  /// @endcond

--- a/include/flatbuffers/idl.h
+++ b/include/flatbuffers/idl.h
@@ -35,7 +35,7 @@
 // Definition Language) / schema file.

 // Limits maximum depth of nested objects.
-// Prevents stack overflow while parse flatbuffers or json.
+// Prevents stack overflow while parse scheme, or json, or flexbuffer.
 #if !defined(FLATBUFFERS_MAX_PARSING_DEPTH)
 #  define FLATBUFFERS_MAX_PARSING_DEPTH 64
 #endif
@@ -767,8 +767,8 @@ class Parser : public ParserState {
        opts(options),
        uses_flexbuffers_(false),
        source_(nullptr),
-        anonymous_counter(0),
-        recurse_protection_counter(0) {
+        anonymous_counter_(0),
+        parse_depth_counter_(0) {
    if (opts.force_defaults) { builder_.ForceDefaults(true); }
    // Start out with the empty namespace being current.
    empty_namespace_ = new Namespace();
@@ -806,11 +806,6 @@ class Parser : public ParserState {
    }
  }

-#ifdef FLATBUFFERS_DEFAULT_DECLARATION
-  Parser(Parser&&) = default;
-  Parser& operator=(Parser&&) = default;
-#endif
-
  // Parse the string containing either schema or JSON data, which will
  // populate the SymbolTable's or the FlatBufferBuilder above.
  // include_paths is used to resolve any include statements, and typically
@@ -872,6 +867,8 @@ class Parser : public ParserState {
  static bool SupportsOptionalScalars(const flatbuffers::IDLOptions &opts);

 private:
+  class ParseDepthGuard;
+
  void Message(const std::string &msg);
  void Warning(const std::string &msg);
  FLATBUFFERS_CHECKED_ERROR ParseHexNum(int nibbles, uint64_t *val);
@@ -1000,8 +997,8 @@ class Parser : public ParserState {

  std::vector<std::pair<Value, FieldDef *>> field_stack_;

-  int anonymous_counter;
-  int recurse_protection_counter;
+  int anonymous_counter_;
+  int parse_depth_counter_;  // stack-overflow guard
 };

 // Utility functions for multiple generators: