[parser] Check for stack overflow in ParseFunctionBody

We previously did not check for stack overflow when recursively nesting functions and class declarations, with no statements in between. Fixed: chromium:1404863 Change-Id: I00ec90ed4ac48ae7996a2d54201732bcaebc9757 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4162925 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#85289}
2023-01-13 12:05:42 +01:00 · 2023-01-13 12:05:42 +01:00 · 1219328b1e
commit 1219328b1e
parent d48aea7a23
2 changed files with 20 additions and 0 deletions
--- a/src/parsing/parser-base.h
+++ b/src/parsing/parser-base.h
@ -4316,6 +4316,8 @@ void ParserBase<Impl>::ParseFunctionBody(
    StatementListT* body, IdentifierT function_name, int pos,
    const FormalParametersT& parameters, FunctionKind kind,
    FunctionSyntaxKind function_syntax_kind, FunctionBodyType body_type) {
+  CheckStackOverflow();
+
  if (IsResumableFunction(kind)) impl()->PrepareGeneratorVariables();

  DeclarationScope* function_scope = parameters.scope;
--- a/test/mjsunit/regress/regress-1404863.js
+++ b/test/mjsunit/regress/regress-1404863.js
@ -0,0 +1,18 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const template = `class Foo { foo(){} }`
+
+// Keep recursively embedding the template inside itself until we stack
+// overflow. This should not segfault.
+let s = template;
+while (true) {
+  try {
+    eval(s);
+  } catch (e) {
+    // A stack overflow exception eventually is expected.
+    break;
+  }
+  s = s.replace("foo(){}", `foo(){ ${s} }`);
+}