V: enable stack usage guard

[masatake]

Author: Masatake YAMATO yamato@redhat.com
Date: Fri Feb 20 04:23:04 2026 +0900

V: enable stack usage guard

Enable the stack usage guard in the V parser.

Partially fixes: #4369
Partially addresses: CVE-2026-2641

The default stack limit is 4MB.
It may need adjustment on platforms with smaller default
stack sizes. (WIP)

Signed-off-by: Masatake YAMATO <yamato@redhat.com>

Author: Masatake YAMATO yamato@redhat.com
Date: Fri Feb 20 04:22:45 2026 +0900

main: add stack usage guard

Introduce a stack usage guard to prevent stack overflow
in deeply nested input.
as
The default stack limit is currently 4MB.
It can be adjusted with the --stack-limit=<bytes> option.

This change adds the infrastructure in the main part.
Individual parsers must explicitly enable the guard
to benefit from stack protection.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>

TODO:

• update the man page
• write about how enable the stack guard for a parser in the hacking guide
• add test cases
• adjust the default value of the limit (getrlimit() may give us the hint).

[codecov]

Codecov Report

❌ Patch coverage is 86.60714% with 15 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.03%. Comparing base (b4fdb90) to head (7cd2d3a).

Files with missing lines	Patch %	Lines
main/stackguard.c	91.54%	6 Missing ⚠️
parsers/v.c	28.57%	5 Missing ⚠️
main/options.c	75.00%	4 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##           master    #4387    +/-   ##
========================================
  Coverage   86.02%   86.03%            
========================================
  Files         253      254     +1     
  Lines       63506    63615   +109     
========================================
+ Hits        54634    54730    +96     
- Misses       8872     8885    +13     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Enables an opt-in stack usage guard to mitigate stack overflows during parsing (notably for the V parser), and adds a CLI option to configure the guard’s limit.

Changes:

• Add stack guard infrastructure (main/stackguard.c, main/stackguard_p.h) and wire it into the parse loop via per-parser discardInput.
• Enable the guard in the V parser and expose --stack-limit=<bytes> plus diagnostics (verbose + totals).
• Update build files (make + VS project) and adjust expected outputs for updated diagnostics.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
win32/ctags_vs2013.vcxproj.filters	Adds stackguard sources/headers to VS filters for building on Windows.
win32/ctags_vs2013.vcxproj	Includes stackguard source/header in the VS project build.
source.mak	Adds stackguard source/header to the build lists for non-Windows builds.
parsers/v.c	Enables stack guard checks in an expression list parse path; provides parser-specific EOF discard function.
main/stats.c	Prints observed peak stack usage in totals output.
main/stackguard_p.h	Declares the stack guard API used by main/options/parse/stats.
main/stackguard.c	Implements stack tracking, limit handling, and peak usage tracking.
main/parse_p.h	Declares the query function for stack-guard support (typo present).
main/parse.h	Adds discardInputFn hook and exposes stackGuardCheck to parsers.
main/parse.c	Prepares/releases stack guard around parser execution; adds support query function (typo present).
main/options.c	Adds --stack-limit option and prints “stack guard supported/unsupported” in language description; updates some error messages.
main/main.c	Logs the computed stack limit in verbose mode.
configure.ac	Detects sys/resource.h for getrlimit-based default limit computation.
Tmain/versioning.d/stdout-expected.txt	Updates expected “describe language” output for “stack guard” line.
Tmain/broken-tagname.d/stderr-expected.txt	Updates expected verbose output to include stack limit line.
Tmain/broken-tagname.d/run.sh	Adds --stack-limit=8192 to stabilize verbose output and adjusts sed formatting.
Tmain/broken-tagname-in-ectags-format.d/stderr-expected.txt	Updates expected verbose output to include stack limit line.
Tmain/broken-tagname-in-ectags-format.d/run.sh	Adds --stack-limit=8192 to stabilize verbose output.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This introduces new control-flow behavior (early return + EOF discard) when the stack limit is exceeded, but the PR description lists 'add test cases' as TODO and the current diffs only stabilize verbose output tests. Add an integration test that forces deep nesting in V input (or a dedicated selftest parser case) to assert: (1) a NOTICE is emitted about exceeding the limit, and (2) parsing terminates safely without crashing/hanging.