On Mon, Mar 16, 2026 at 11:47:49AM -0700, Collin Funk wrote:
> Zhihan Zheng <[email protected]> writes:
> > There appears to be no recursion-depth limit on this path. A deeply
> > nested expression can therefore exhaust the process stack and crash.
> >
> Not a security bug.
>
> m4 exits gracefully instead of placing arbitrary limits on the user.
>
> $ cat main.py
> print('eval(`', end='');
> for i in range(100000):
> print('-(', end='')
> print('0', end='')
> for i in range(100000):
> print(')', end='')
> print("')")
> $ python3 main.py | m4
> m4: stack overflow
I concur that this is not a security bug. There are other places in
m4 that are self-recursive with no arbitrary depth limit enforced, and
where it is relying on the OS's ability to detect stack overflow to
warn the user about a script that attempted to do too much. eval()
just happens to be one of the places where the mutual recursion is
easier to see.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc.
Virtualization: qemu.org | libguestfs.org
