add protection agains big vla

headers/computorv1.h

@@ -13,7 +13,9 @@
  */
 
 #define DOUBLE_PRECISION 0.00001
-#define MAX_EXPONENT 1000
+// maximum size supported to avoid excessive variable-length stack allocation (VLA),
+// which can lead to stack overflows, segmentation faults, and potential denial-of-service (DoS)
+#define MAX_VLA_SIZE 1024
 
 /** * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
  * MAIN.C

src/launcher.c

@@ -62,6 +62,8 @@ static int get_number_of_exponents(s_term *terms, int max_exponent)
     int i;
     int nbr_of_exponent;
 
+    if (max_exponent <= 0 || max_exponent > MAX_VLA_SIZE)
+        stop_errors("max_exponent should be between 1 and %d, but got : %d\n", MAX_VLA_SIZE, max_exponent);
     int exponent_present[max_exponent];
     ft_bzero(exponent_present, sizeof(exponent_present));
 
@@ -101,6 +103,8 @@ void launch_computorv1(char *input)
     // lexerize
     token_len = ft_strlen(input) + 1; // +1 for last END token
     print_debug("\n-> tokens[%i]\n", token_len);
+    if (token_len <= 0 || token_len > MAX_VLA_SIZE)
+        stop_errors("token_len should be between 1 and %d, but got : %d\n", MAX_VLA_SIZE, token_len);
     s_token tokens[token_len];
     tokens_g_err = tokens;
     ft_bzero(tokens, sizeof(tokens));
@@ -109,6 +113,8 @@ void launch_computorv1(char *input)
     // parse
     terms_count_prediction = count_any_of(input, "-+=") + 2; // +1 for first term that can have no leading '+', +1 for last term == NULL
     print_debug("-> terms[%i]\n\n", terms_count_prediction);
+    if (terms_count_prediction <= 0 || terms_count_prediction > MAX_VLA_SIZE)
+        stop_errors("terms_count_prediction should be between 1 and %d, but got : %d\n", MAX_VLA_SIZE, terms_count_prediction);
     s_term terms[terms_count_prediction];
     terms_g_err = terms;
     ft_bzero(terms, sizeof(terms));
@@ -119,6 +125,8 @@ void launch_computorv1(char *input)
     print_debug("-> max_exponent: %i\n\n", max_exponent);
     nbr_of_exponents = get_number_of_exponents(terms, max_exponent);
     print_debug("-> nbr_of_exponents: %i\n\n", nbr_of_exponents);
+    if (nbr_of_exponents <= 0 || nbr_of_exponents > MAX_VLA_SIZE)
+        stop_errors("nbr_of_exponents should be between 1 and %d, but got : %d\n", MAX_VLA_SIZE, nbr_of_exponents);
     s_polynom polynom[nbr_of_exponents + 2]; // +1 for last term, +1 for the degree (eg. degree 2 means 3 terms)
     polynom_g_err = polynom;
     ft_bzero(polynom, sizeof(polynom));

src/parser.c

@@ -194,12 +194,6 @@ static int get_exponent(s_token *tokens, int i, int *token_count)
         ret_exponent = 0;
     }
 
-    // check if exponent is not too big, to avoid overflow when calculating power
-    if (ret_exponent > MAX_EXPONENT)
-    {
-        stop_errors("exponent is too big (max supported exponent is %d), got : %d\n", MAX_EXPONENT, ret_exponent);
-    }
-
     return ret_exponent;
 }