From 2215b35a8b99e5c0b6ebdd649771e21886ab7e24 Mon Sep 17 00:00:00 2001
From: Luke Wagner <luke@mozilla.com>
Date: Mon, 22 Aug 2011 16:35:17 -0700
Subject: [PATCH] Bug 676934 - Limit number of stack frame objects created by
 XPCJSStackFrame::CreateStack (r=mrbkap)

---
 js/src/xpconnect/src/xpcstack.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/js/src/xpconnect/src/xpcstack.cpp b/js/src/xpconnect/src/xpcstack.cpp
index 244828adba7..bd098ada1c2 100644
--- a/js/src/xpconnect/src/xpcstack.cpp
+++ b/js/src/xpconnect/src/xpcstack.cpp
@@ -133,6 +133,9 @@ nsresult
 XPCJSStackFrame::CreateStack(JSContext* cx, JSStackFrame* fp,
                              XPCJSStackFrame** stack)
 {
+    static const unsigned MAX_FRAMES = 3000;
+    unsigned numFrames = 0;
+
     nsRefPtr<XPCJSStackFrame> first = new XPCJSStackFrame();
     nsRefPtr<XPCJSStackFrame> self = first;
     while(fp && self)
@@ -187,7 +190,11 @@ XPCJSStackFrame::CreateStack(JSContext* cx, JSStackFrame* fp,
             }
         }
 
-        if(JS_FrameIterator(cx, &fp))
+        if (++numFrames > MAX_FRAMES)
+        {
+            fp = NULL;
+        }
+        else if(JS_FrameIterator(cx, &fp))
         {
             XPCJSStackFrame* frame = new XPCJSStackFrame();
             self->mCaller = frame;