From cb5520a2fb8eab5d21e12bcc9d0f543f7e466692 Mon Sep 17 00:00:00 2001
From: Alex Crichton <alex@alexcrichton.com>
Date: Tue, 14 Sep 2021 07:31:37 -0700
Subject: [PATCH] Fix a stack overflow parsing instance/module types

This commit fixes the parsing of instance/module types to have a fixed
recursion limit after which it's an error to keep parsing. Currently
there's no restriction on recursion for these types (part of the module
linking proposal), so these are given the same treatment as nested
modules where it's not easily feasible to fix the recursion here like it
is with expressions.
---
 crates/wast/src/ast/types.rs |  10 ++++
 tests/local/deep.wast        | 106 +++++++++++++++++++++++++++++++++++
 2 files changed, 116 insertions(+)
 create mode 100644 tests/local/deep.wast

diff --git a/crates/wast/src/ast/types.rs b/crates/wast/src/ast/types.rs
index 1b8c828501..5b209a2618 100644
--- a/crates/wast/src/ast/types.rs
+++ b/crates/wast/src/ast/types.rs
@@ -617,6 +617,11 @@ pub struct ModuleType<'a> {
 
 impl<'a> Parse<'a> for ModuleType<'a> {
     fn parse(parser: Parser<'a>) -> Result<Self> {
+        // See comments in `nested_module.rs` for why this is tested here.
+        if parser.parens_depth() > 100 {
+            return Err(parser.error("module type nesting too deep"));
+        }
+
         let mut imports = Vec::new();
         while parser.peek2::<kw::import>() {
             imports.push(parser.parens(|p| p.parse())?);
@@ -658,6 +663,11 @@ pub struct InstanceType<'a> {
 
 impl<'a> Parse<'a> for InstanceType<'a> {
     fn parse(parser: Parser<'a>) -> Result<Self> {
+        // See comments in `nested_module.rs` for why this is tested here.
+        if parser.parens_depth() > 100 {
+            return Err(parser.error("instance type nesting too deep"));
+        }
+
         let mut exports = Vec::new();
         while !parser.is_empty() {
             exports.push(parser.parens(|p| p.parse())?);
diff --git a/tests/local/deep.wast b/tests/local/deep.wast
new file mode 100644
index 0000000000..04f8705b95
--- /dev/null
+++ b/tests/local/deep.wast
@@ -0,0 +1,106 @@
+(assert_malformed (module quote
+
+  "(import\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+  "(export\"\"(instance (export\"\"(instance (export\"\"(instance (export\"\"(instance"
+           )
+           "nesting too deep")