search

wren-lang / wren

The Wren Programming Language. Wren is a small, fast, class-based concurrent scripting language.
http://wren.io
MIT License
6.9k stars 552 forks source link

Duplicate method names formed by invalid tokens can cause stack overflows #1034

Open graphitemaster opened 3 years ago

graphitemaster commented 3 years ago

The use of any invalid token (in this case I'm using ]) in a method name counts as termination of parsing, but proceeding valid tokens in a method name contributes to the max of 64 tokens for an identifier when a whitespace character to signify the next token is encountered. The stack storage for the identifier is now setup for overflow, as a redeclaration of the method name smashes the stack. Sample code is provided here

class Foo {
  IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII]I I
  IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII]I I
}

If this does not crash try adding more I before the ]

My output

[graphite@graphite bin]# ./wren_test c.wren 
[./c line 2] Error at ']': Expect '{' to begin method body.
[./c line 2] Error at 'I': Expect '}' at end of block.
[./c line 3] Error at 'IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII': Class Foo already defines a method 'IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII'.
*** stack smashing detected ***: terminated
Aborted (core dumped)
mhermier commented 3 years ago

A check for length is probably missing somewhere...

joshgoebel commented 2 years ago

Close, but the problem is we're not accounting for lengthily variable names being used TWICE in an error rather than once...