skia2/include/private/SkSLDefines.h
John Stiles 7cde28909f Enforce basic limits on function stack size in SkSL.
Functions that declare variables totaling more than 100,000 slots will
now generate an error.

This is only a partial mitigation to the problem, as a sophisticated
attack could still chain/nest multiple functions together to consume
extremely large amounts of stack. However, this mitigation is still more
sophisticated than our peers; both WebGL and glslang are susceptible to
similar problems, and in the general case (ES3+ with full flow control)
it's intractable.

Change-Id: I153c75267c017a23f59fe9e59f6e391197ee6101
Bug: oss-fuzz:40304, oss-fuzz:40694
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/467759
Commit-Queue: John Stiles <johnstiles@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
2021-11-04 18:17:44 +00:00

57 lines
1.8 KiB
C++

/*
* Copyright 2019 Google Inc.
*
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef SKSL_DEFINES
#define SKSL_DEFINES
#include <cstdint>
#include "include/core/SkTypes.h"
#include "include/private/SkTArray.h"
using SKSL_INT = int64_t;
using SKSL_FLOAT = float;
namespace SkSL {
class Expression;
class Statement;
using ComponentArray = SkSTArray<4, int8_t>; // for Swizzles
using ExpressionArray = SkSTArray<2, std::unique_ptr<Expression>>;
using StatementArray = SkSTArray<2, std::unique_ptr<Statement>>;
// Functions larger than this (measured in IR nodes) will not be inlined. This growth factor
// accounts for the number of calls being inlined--i.e., a function called five times (that is, with
// five inlining opportunities) would be considered 5x larger than if it were called once. This
// default threshold value is arbitrary, but tends to work well in practice.
static constexpr int kDefaultInlineThreshold = 50;
// A hard upper limit on the number of variable slots allowed in a function/global scope.
// This is an arbitrary limit, but is needed to prevent code generation from taking unbounded
// amounts of time or space.
static constexpr int kVariableSlotLimit = 100000;
// The SwizzleComponent namespace is used both by the SkSL::Swizzle expression, and the DSL swizzle.
// This namespace is injected into SkSL::dsl so that `using namespace SkSL::dsl` enables DSL code
// like `Swizzle(var, X, Y, ONE)` to compile without any extra qualifications.
namespace SwizzleComponent {
enum Type : int8_t {
X = 0, Y = 1, Z = 2, W = 3,
R = 4, G = 5, B = 6, A = 7,
S = 8, T = 9, P = 10, Q = 11,
UL = 12, UT = 13, UR = 14, UB = 15,
ZERO,
ONE
};
} // namespace SwizzleComponent
} // namespace SkSL
#endif