From fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 24 Jan 2022 18:16:12 +0000
Subject: patch 8.2.4206: condition with many "(" causes a crash

Problem:    Condition with many "(" causes a crash.
Solution:   Limit recursion to 1000.
---
 src/eval.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src/eval.c')

diff --git a/src/eval.c b/src/eval.c
index 2ca337749..d42e1f826 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -3526,6 +3526,7 @@ eval7(
     char_u	*start_leader, *end_leader;
     int		ret = OK;
     char_u	*alias;
+    static	int recurse = 0;
 
     /*
      * Initialise variable so that clear_tv() can't mistake this for a
@@ -3552,6 +3553,15 @@ eval7(
 	return FAIL;
     }
 
+    // Limit recursion to 1000 levels.  At least at 10000 we run out of stack
+    // and crash.
+    if (recurse == 1000)
+    {
+	semsg(_(e_expression_too_recursive_str), *arg);
+	return FAIL;
+    }
+    ++recurse;
+
     switch (**arg)
     {
     /*
@@ -3781,6 +3791,8 @@ eval7(
      */
     if (ret == OK && evaluate && end_leader > start_leader)
 	ret = eval7_leader(rettv, FALSE, start_leader, &end_leader);
+
+    --recurse;
     return ret;
 }
 
-- 
cgit v1.2.1