From 9d063d4a44915aa9a38c372b7113efe48f927924 Mon Sep 17 00:00:00 2001
From: "Jay Freeman (saurik)" <saurik@saurik.com>
Date: Sun, 3 Jan 2016 13:49:14 -0800
Subject: [PATCH 1/1] Don't stack overflow on struct pointers in cycles.

---
 .gitignore             |  4 +--
 Analyze.cpp            |  4 ++-
 Bridge.hpp             | 29 +++++++++++++++++
 Execute.cpp            | 36 +++++++++++++++++----
 Bridge.sh => Hasher.sh |  0
 Makefile.am            | 12 +++----
 Makefile.in            | 73 ++++++++++++++++++++++--------------------
 7 files changed, 108 insertions(+), 50 deletions(-)
 create mode 100644 Bridge.hpp
 rename Bridge.sh => Hasher.sh (100%)

diff --git a/.gitignore b/.gitignore
index ab7adb8..f7be6dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,13 +24,13 @@ Scanner.lpp
 Scanner.cpp
 Scanner.output
 Bridge.def
-Bridge.gperf
+Hasher.gperf
 stack.hh
 sysroot.ios
 sysroot.sim
 lex.backup
 /cycript
-Bridge.hpp
+Hasher.hpp
 package
 aclocal.m4
 stamp-h1
diff --git a/Analyze.cpp b/Analyze.cpp
index 1b345f7..82c829f 100644
--- a/Analyze.cpp
+++ b/Analyze.cpp
@@ -28,6 +28,7 @@
 
 #include <clang-c/Index.h>
 
+#include "Bridge.hpp"
 #include "Functor.hpp"
 #include "Replace.hpp"
 #include "Syntax.hpp"
@@ -476,7 +477,7 @@ static CXChildVisitResult CYChildVisit(CXCursor cursor, CXCursor parent, CXClien
     std::string name(spelling);
     std::ostringstream value;
     unsigned priority(2);
-    unsigned flags(0);
+    unsigned flags(CYBridgeHold);
 
     /*CXSourceLocation location(clang_getCursorLocation(cursor));
     CYCXPosition<> position(location);
@@ -565,6 +566,7 @@ static CXChildVisitResult CYChildVisit(CXCursor cursor, CXCursor parent, CXClien
 
             value << "new Type([" << types.str() << "],[" << names.str() << "]).withName(\"" << name << "\")";
             name += "$cy";
+            flags = CYBridgeType;
         } break;
 
         case CXCursor_TypedefDecl: try {
diff --git a/Bridge.hpp b/Bridge.hpp
new file mode 100644
index 0000000..8bb466a
--- /dev/null
+++ b/Bridge.hpp
@@ -0,0 +1,29 @@
+/* Cycript - The Truly Universal Scripting Language
+ * Copyright (C) 2009-2016  Jay Freeman (saurik)
+*/
+
+/* GNU Affero General Public License, Version 3 {{{ */
+/*
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+**/
+/* }}} */
+
+#ifndef BRIDGE_HPP
+#define BRIDGE_HPP
+
+static const unsigned int CYBridgeVoid = 1;
+static const unsigned int CYBridgeHold = 2;
+static const unsigned int CYBridgeType = 3;
+
+#endif//BRIDGE_HPP
diff --git a/Execute.cpp b/Execute.cpp
index 52bc453..f02df3e 100644
--- a/Execute.cpp
+++ b/Execute.cpp
@@ -41,6 +41,7 @@
 #include "sig/parse.hpp"
 #include "sig/ffi_type.hpp"
 
+#include "Bridge.hpp"
 #include "Code.hpp"
 #include "Decode.hpp"
 #include "Error.hpp"
@@ -1332,14 +1333,37 @@ static JSValueRef All_getProperty(JSContextRef context, JSObjectRef object, JSSt
             CYThrow("%s", pool.strcat("error caching ", CYPoolCString(pool, context, property), ": ", error.PoolCString(pool), NULL));
         }
 
-        JSValueRef result(_jsccall(JSEvaluateScript, context, CYJSString(parsed), NULL, NULL, 0));
-
-        if (flags == 0) {
-            JSObjectRef cache(CYGetCachedObject(context, CYJSString("cache")));
-            CYSetProperty(context, cache, property, result);
+        JSObjectRef cache(CYGetCachedObject(context, CYJSString("cache")));
+
+        JSObjectRef stub;
+        if (flags == CYBridgeType) {
+            stub = CYMakeType(context, sig::Void());
+            CYSetProperty(context, cache, property, stub);
+        } else
+            stub = NULL;
+
+        JSValueRef value(_jsccall(JSEvaluateScript, context, CYJSString(parsed), NULL, NULL, 0));
+
+        switch (flags) {
+            case CYBridgeVoid: {
+            } break;
+
+            case CYBridgeHold: {
+                CYSetProperty(context, cache, property, value);
+            } break;
+
+            case CYBridgeType: {
+                JSObjectRef swap(CYCastJSObject(context, value));
+                void *source(JSObjectGetPrivate(swap));
+                _assert(source != NULL);
+                void *target(JSObjectGetPrivate(stub));
+                _assert(JSObjectSetPrivate(swap, target));
+                _assert(JSObjectSetPrivate(stub, source));
+                value = stub;
+            } break;
         }
 
-        return result;
+        return value;
     }
 
     return NULL;
diff --git a/Bridge.sh b/Hasher.sh
similarity index 100%
rename from Bridge.sh
rename to Hasher.sh
diff --git a/Makefile.am b/Makefile.am
index 681e635..d61a4d8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -87,13 +87,13 @@ Bridge.def: Bridge.def.in
 	cat $< >$@
 endif
 
-CLEANFILES += Bridge.gperf
-Bridge.gperf: Bridge.def Bridge.sh
-	$(srcdir)/Bridge.sh <$< >$@
+#CLEANFILES += Hasher.gperf
+#Hasher.gperf: Hasher.def Hasher.sh
+#	$(srcdir)/Hasher.sh <$< >$@
 
-CLEANFILES += Bridge.hpp
-Bridge.hpp: Bridge.gperf
-	$(GPERF) $< >$@
+#CLEANFILES += Hasher.hpp
+#Hasher.hpp: Hasher.gperf
+#	$(GPERF) $< >$@
 endif
 
 if CY_JAVA
diff --git a/Makefile.in b/Makefile.in
index d984ebc..1464d04 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -120,25 +120,32 @@ host_triplet = @host@
 @CY_EXECUTE_TRUE@am__append_7 = libcycript.db
 @CY_EXECUTE_TRUE@@CY_PRELINK_TRUE@am__append_8 = Analyze Bridge.def
 @CY_EXECUTE_TRUE@@CY_PRELINK_FALSE@am__append_9 = Bridge.def
-@CY_EXECUTE_TRUE@am__append_10 = Bridge.gperf Bridge.hpp
-@CY_JAVA_TRUE@am__append_11 = Java
-@CY_JAVA_TRUE@am__append_12 = Java/Execute.cpp
-@CY_JAVA_TRUE@am__append_13 = $(LTJAVA)
-@CY_JAVA_TRUE@am__append_14 = libcycript.jar
-@CY_JAVA_TRUE@am__append_15 = Class libcycript.jar
-@CY_RUBY_TRUE@am__append_16 = Ruby
-@CY_RUBY_TRUE@am__append_17 = Ruby/Execute.cpp
-@CY_RUBY_TRUE@am__append_18 = $(LTRUBY)
-@CY_PYTHON_TRUE@am__append_19 = Python
-@CY_PYTHON_TRUE@am__append_20 = Python/Execute.cpp
-@CY_PYTHON_TRUE@am__append_21 = $(LTPYTHON)
-@CY_OBJECTIVEC_TRUE@am__append_22 = -DCY_OBJECTIVEC
-@CY_OBJECTIVEC_TRUE@am__append_23 = ObjectiveC
-@CY_OBJECTIVEC_TRUE@am__append_24 = ObjectiveC/Output.cpp ObjectiveC/Replace.cpp ObjectiveC/Library.mm
-@CY_OBJECTIVEC_TRUE@am__append_25 = $(LTOBJECTIVEC)
-@CY_ATTACH_TRUE@am__append_26 = Handler.cpp
-@CY_ATTACH_TRUE@@CY_CONSOLE_TRUE@am__append_27 = Inject.cpp
-@CY_ATTACH_TRUE@@CY_CONSOLE_TRUE@am__append_28 = -DCY_ATTACH
+
+#CLEANFILES += Hasher.gperf
+#Hasher.gperf: Hasher.def Hasher.sh
+#	$(srcdir)/Hasher.sh <$< >$@
+
+#CLEANFILES += Hasher.hpp
+#Hasher.hpp: Hasher.gperf
+#	$(GPERF) $< >$@
+@CY_JAVA_TRUE@am__append_10 = Java
+@CY_JAVA_TRUE@am__append_11 = Java/Execute.cpp
+@CY_JAVA_TRUE@am__append_12 = $(LTJAVA)
+@CY_JAVA_TRUE@am__append_13 = libcycript.jar
+@CY_JAVA_TRUE@am__append_14 = Class libcycript.jar
+@CY_RUBY_TRUE@am__append_15 = Ruby
+@CY_RUBY_TRUE@am__append_16 = Ruby/Execute.cpp
+@CY_RUBY_TRUE@am__append_17 = $(LTRUBY)
+@CY_PYTHON_TRUE@am__append_18 = Python
+@CY_PYTHON_TRUE@am__append_19 = Python/Execute.cpp
+@CY_PYTHON_TRUE@am__append_20 = $(LTPYTHON)
+@CY_OBJECTIVEC_TRUE@am__append_21 = -DCY_OBJECTIVEC
+@CY_OBJECTIVEC_TRUE@am__append_22 = ObjectiveC
+@CY_OBJECTIVEC_TRUE@am__append_23 = ObjectiveC/Output.cpp ObjectiveC/Replace.cpp ObjectiveC/Library.mm
+@CY_OBJECTIVEC_TRUE@am__append_24 = $(LTOBJECTIVEC)
+@CY_ATTACH_TRUE@am__append_25 = Handler.cpp
+@CY_ATTACH_TRUE@@CY_CONSOLE_TRUE@am__append_26 = Inject.cpp
+@CY_ATTACH_TRUE@@CY_CONSOLE_TRUE@am__append_27 = -DCY_ATTACH
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_cxx_compile_stdcxx_11.m4 \
@@ -582,34 +589,34 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 AUTOMAKE_OPTIONS = subdir-objects
 CLEANFILES = $(am__append_7) $(am__append_8) $(am__append_9) \
-	$(am__append_10) $(am__append_15) Parser.ypp Scanner.lpp \
-	Scanner.cpp Scanner.output lex.backup Parser.cpp Parser.hpp \
-	stack.hh Parser.output
+	$(am__append_14) Parser.ypp Scanner.lpp Scanner.cpp \
+	Scanner.output lex.backup Parser.cpp Parser.hpp stack.hh \
+	Parser.output
 SUBDIRS = 
 ACLOCAL_AMFLAGS = -I m4
 AM_CPPFLAGS = -DYYDEBUG=1 -DCY_SYSTEM="\"$(CY_SYSTEM)\"" -include \
 	config.h -include $(srcdir)/unconfig.h $(am__append_5) \
-	$(am__append_22) $(am__append_28)
+	$(am__append_21) $(am__append_27)
 AM_CFLAGS = -fvisibility=hidden
 AM_CXXFLAGS = -fvisibility=hidden
 AM_OBJCXXFLAGS = -fvisibility=hidden -fobjc-exceptions
 AM_LDFLAGS = -fvisibility=hidden
 CY_LDFLAGS = -no-undefined -avoid-version -export-dynamic
 datdir = $(libdir)
-dat_DATA = $(am__append_4) $(am__append_14)
+dat_DATA = $(am__append_4) $(am__append_13)
 lib_LTLIBRARIES = libcycript.la
 libcycript_la_LDFLAGS = $(CY_LDFLAGS)
 libcycript_la_LIBADD = $(LTLIBUV) $(LTLIBFFI) $(LTLIBSQLITE3) \
-	$(LTLIBGCC) -ldl $(am__append_3) $(am__append_13) \
-	$(am__append_18) $(am__append_21) $(am__append_25)
+	$(LTLIBGCC) -ldl $(am__append_3) $(am__append_12) \
+	$(am__append_17) $(am__append_20) $(am__append_24)
 libcycript_la_SOURCES = ConvertUTF.c Decode.cpp Driver.cpp Error.cpp \
 	Highlight.cpp Library.cpp Network.cpp Output.cpp Replace.cpp \
 	Syntax.cpp Parser.cpp Scanner.cpp $(am__append_1) \
-	$(am__append_2) $(am__append_12) $(am__append_17) \
-	$(am__append_20) $(am__append_24) $(am__append_26)
-filters = $(am__append_6) $(am__append_11) $(am__append_16) \
-	$(am__append_19) $(am__append_23)
-@CY_CONSOLE_TRUE@cycript_SOURCES = Console.cpp $(am__append_27)
+	$(am__append_2) $(am__append_11) $(am__append_16) \
+	$(am__append_19) $(am__append_23) $(am__append_25)
+filters = $(am__append_6) $(am__append_10) $(am__append_15) \
+	$(am__append_18) $(am__append_22)
+@CY_CONSOLE_TRUE@cycript_SOURCES = Console.cpp $(am__append_26)
 @CY_CONSOLE_TRUE@cycript_LDADD = libcycript.la $(LTLIBREADLINE) $(LTLIBTERMCAP) $(LTLIBGCC) $(PTHREAD_CFLAGS) -ldl
 @CY_EXECUTE_TRUE@@CY_PRELINK_TRUE@CY_LANGFLAGS = -DCY_JAVA=$(CY_JAVA) -DCY_PYTHON=$(CY_PYTHON) -DCY_OBJECTIVEC=$(CY_OBJECTIVEC)
 all: config.h
@@ -1405,10 +1412,6 @@ uninstall-am: uninstall-binPROGRAMS uninstall-datDATA \
 @CY_EXECUTE_TRUE@@CY_PRELINK_TRUE@	./Analyze $< $(OBJCXX) $(CPPFLAGS) $(AM_OBJCXXFLAGS) $(OBJCXXFLAGS) $(CY_LANGFLAGS) >$@
 @CY_EXECUTE_TRUE@@CY_PRELINK_FALSE@Bridge.def: Bridge.def.in
 @CY_EXECUTE_TRUE@@CY_PRELINK_FALSE@	cat $< >$@
-@CY_EXECUTE_TRUE@Bridge.gperf: Bridge.def Bridge.sh
-@CY_EXECUTE_TRUE@	$(srcdir)/Bridge.sh <$< >$@
-@CY_EXECUTE_TRUE@Bridge.hpp: Bridge.gperf
-@CY_EXECUTE_TRUE@	$(GPERF) $< >$@
 @CY_JAVA_TRUE@Class/Cycript.class: Java/Cycript.java
 @CY_JAVA_TRUE@	rm -rf Class; mkdir Class; javac -g -Xlint:unchecked -source 1.5 -target 1.5 -d Class -sourcepath $(srcdir)/Java $<
 @CY_JAVA_TRUE@Class/classes.dex: Class/Cycript.class
-- 
2.45.2