Add a recursion limit to prevent stack overflows

Until now, it's been able to trigger a stack overflow crash by providing a string with excessive recursion. For instance a string of 1000 left brackets causes the parser to recurse down 1000 times, and overflow the stack. This commit adds protection against excessive recursion. It adds a field to `Parser` for tracking the current recursion depth. Every function that returns a `Result` gains a recursion depth check. This isn't quite every method on the `Parser`, but it's the vast majority. An alternative implemention would be to only protect against AST recursions, rather than recursive function calls in `Parser`. That isn't as easy to implement because the parser is so large.
sqlparser-rs · Jun 6, 2022 · dc4127c · dc4127c
1 parent 3f1c642
commit dc4127c
Show file tree

Hide file tree

Showing 3 changed files with 299 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,7 +20,7 @@ path = "src/lib.rs"
 
 [features]
 default = ["std"]
-std = []
+std = ["scopeguard"]
 # Enable JSON output in the `cli` example:
 json_example = ["serde_json", "serde"]
 
@@ -32,6 +32,7 @@ serde = { version = "1.0", features = ["derive"], optional = true }
 # of dev-dependencies because of
 # https://github.com/rust-lang/cargo/issues/1596
 serde_json = { version = "1.0", optional = true }
+scopeguard = { version = "1.1.0", optional = true }
 
 [dev-dependencies]
 simple_logger = "2.1"