patch 8.2.4206: condition with many "(" causes a crash Problem: Condition with many "(" causes a crash. Solution: Limit recursion to 1000.

commit: fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Mon Jan 24 18:16:12 2022 +0000
committer: Bram Moolenaar <Bram@vim.org> Mon Jan 24 18:16:12 2022 +0000
tree: d37a272112c2a7b6f399d2210a9aa68b82eafe05
parent: 46634350740d062fc7e555fd6c5d4d43798d4df7 [diff] [blame]
diff --git a/src/eval.c b/src/eval.c
index 2ca3377..d42e1f8 100644
--- a/src/eval.c
+++ b/src/eval.c

@@ -3526,6 +3526,7 @@
     char_u	*start_leader, *end_leader;
     int		ret = OK;
     char_u	*alias;
+    static	int recurse = 0;
 
     /*
      * Initialise variable so that clear_tv() can't mistake this for a
@@ -3552,6 +3553,15 @@
 	return FAIL;
     }
 
+    // Limit recursion to 1000 levels.  At least at 10000 we run out of stack
+    // and crash.
+    if (recurse == 1000)
+    {
+	semsg(_(e_expression_too_recursive_str), *arg);
+	return FAIL;
+    }
+    ++recurse;
+
     switch (**arg)
     {
     /*
@@ -3781,6 +3791,8 @@
      */
     if (ret == OK && evaluate && end_leader > start_leader)
 	ret = eval7_leader(rettv, FALSE, start_leader, &end_leader);
+
+    --recurse;
     return ret;
 }
commit	fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Mon Jan 24 18:16:12 2022 +0000
committer	Bram Moolenaar <Bram@vim.org>	Mon Jan 24 18:16:12 2022 +0000
tree	d37a272112c2a7b6f399d2210a9aa68b82eafe05
parent	46634350740d062fc7e555fd6c5d4d43798d4df7 [diff] [blame]