Hi David, > Apologies in advance if this has been covered, as I've only been half- > watching this thread, but is it always the case that the recursion > depth can be bounded by some scalar multiple of the number of > characters in the name?
Probably, but the point of this patch is to add a fixed limit that prevents too much recursion from being performed. The CVEs that I have been trying to fix have been using mangled names with 20K-30K characters in them, so creating a recursion limit based on the length of the input would not prevent the stack exhaustion. :-( My hope is that we can choose a value that will allow any realistic mangled name to be decoded, but which will prevent these fuzzers from generating arbitrary length strings which exhaust the machines resources. Cheers Nick
