patch: kjs recursion limit fix

[Maciej Stachowiak]

This fixes a problem with recursion limit accounting which makes it 
possible to totally disable JavaScript execution by exceeding the 
recursion limit enough times. Should be self-explanatory.

-------------- next part --------------
Index: ChangeLog
===================================================================
RCS file: /local/home/cvs/Labyrinth/JavaScriptCore/ChangeLog,v
retrieving revision 1.370
diff -u -p -r1.370 ChangeLog
--- ChangeLog	2003/10/27 04:29:44	1.370
+++ ChangeLog	2003/10/28 22:49:12
@@ -1,3 +1,14 @@
+2003-10-28  Maciej Stachowiak  <mjs at apple.com>
+
+        Reviewed by Ken.
+
+	- fixed 3413962 -  malicious web pages can kill all future JavaScript execution by breaking recursion limit check
+	
+        * kjs/nodes.cpp:
+        (FunctionCallNode::evaluate): If we're going to return early due
+	to breaking the recursion limit, make sure to lower it again, or
+	it will creep up by one each time it's exceeded.
+
 2003-10-26  Darin Adler  <darin at apple.com>
 
         * JavaScriptCorePrefix.h: Added a C case to the NULL definition since we use C as well
Index: kjs/nodes.cpp
===================================================================
RCS file: /local/home/cvs/Labyrinth/JavaScriptCore/kjs/nodes.cpp,v
retrieving revision 1.43
diff -u -p -r1.43 kjs/nodes.cpp
--- kjs/nodes.cpp	2003/10/18 21:13:32	1.43
+++ kjs/nodes.cpp	2003/10/28 22:49:13
@@ -746,6 +746,7 @@ Value FunctionCallNode::evaluate(ExecSta
 #if KJS_MAX_STACK > 0
   static int depth = 0; // sum of all concurrent interpreters
   if (++depth > KJS_MAX_STACK) {
+    --depth;
     return throwError(exec, RangeError, "Exceeded maximum function call depth calling %s (result of expression %s).", v, expr);
   }
 #endif
-------------- next part --------------


Regards,
Maciej