Limit the number of call frame instructions we process in the unwinder.

* runtime/unwind.c (processCFI): Fail if the number of instructions is
  larger than MAX_CFI (currently 512).

diff --git a/runtime/unwind.c b/runtime/unwind.c
index 0e95ba08c991ddd0786a86a0763496b0401de9e5..7607770e3d813376e98ec1ffdd988fbde74f96b5 100644 (file)
--- a/runtime/unwind.c
+++ b/runtime/unwind.c
@@ -278,6 +278,10 @@ static void set_rule(uleb128_t reg, enum item_location where, uleb128_t value, s
        }
 }
 
+/* Limit the number of instructions we process. Arbitrary limit.
+   512 should be enough for anybody... */
+#define MAX_CFI 512
+
 static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, signed ptrType, struct unwind_state *state)
 {
        union {
@@ -287,6 +291,9 @@ static int processCFI(const u8 *start, const u8 *end, unsigned long targetLoc, s
        } ptr;
        int result = 1;
 
+       if (end - start > MAX_CFI)
+         return 0;
+
        dbug_unwind(1, "targetLoc=%lx state->loc=%lx\n", targetLoc, state->loc);
        if (start != state->cieStart) {
                state->loc = state->org;