py/emitbc: Add check for bytecode jump offset overflow.

Signed-off-by: Damien George <[email protected]>

py/emitbc.c

@@ -64,6 +64,7 @@ struct _emit_t {
     size_t bytecode_offset;
     size_t bytecode_size;
     byte *code_base; // stores both byte code and code info
+    bool overflow;
 
     size_t n_info;
     size_t n_cell;
@@ -260,6 +261,9 @@ STATIC void emit_write_bytecode_byte_label(emit_t *emit, int stack_adj, byte b1,
         if (is_signed) {
             bytecode_offset += 0x4000;
         }
+        if (emit->pass == MP_PASS_EMIT && !(0 <= bytecode_offset && bytecode_offset <= 0x7fff)) {
+            emit->overflow = true;
+        }
         c[1] = 0x80 | (bytecode_offset & 0x7f);
         c[2] = bytecode_offset >> 7;
     }
@@ -274,6 +278,7 @@ void mp_emit_bc_start_pass(emit_t *emit, pass_kind_t pass, scope_t *scope) {
     emit->last_source_line = 1;
     emit->bytecode_offset = 0;
     emit->code_info_offset = 0;
+    emit->overflow = false;
 
     // Write local state size, exception stack size, scope flags and number of arguments
     {
@@ -373,6 +378,10 @@ bool mp_emit_bc_end_pass(emit_t *emit) {
             return false;
         }
 
+        if (emit->overflow) {
+            mp_raise_msg(&mp_type_RuntimeError, MP_ERROR_TEXT("bytecode overflow"));
+        }
+
         // Bytecode is finalised, assign it to the raw code object.
         mp_emit_glue_assign_bytecode(emit->scope->raw_code, emit->code_base,
             #if MICROPY_PERSISTENT_CODE_SAVE || MICROPY_DEBUG_PRINTERS

tests/stress/bytecode_limit.py

@@ -24,3 +24,10 @@
 print(x)
 """
 )
+
+# Test overflow of jump offset.
+for n in (430, 431, 432, 433):
+    try:
+        exec("cond = 0\nif cond:\n" + body * n + "else:\n print('cond false')\n")
+    except RuntimeError:
+        print("RuntimeError")

tests/stress/bytecode_limit.py.exp

@@ -1 +1,5 @@
 [123]
+cond false
+cond false
+RuntimeError
+RuntimeError