Introduce dynamic memory allocation limits #11
Description
The stack and the message buffer are currently implemented as dynamic arrays, and C-BSP will attempt to allocate as much memory for them as the patch script demands. This poses a relatively minor denial-of-service weakness: a malicious (or erroneous) script may exhaust the memory of the engine by requiring successively larger and larger amounts of memory for either. (I have had this happen by loading files that weren’t BSP scripts at all, and one time when running a script written by myself where execution erroneously fell through to non-code.) This may be mitigated on Unix platforms by running the engine with reduced resource limits, as I do in my test suite.
The specification mandates that code points which would not fit into the buffer must be discarded silently; not a choice I appreciate much, but I guess at least it is defined. I don’t do this on memory exhaustion currently (and apparently neither does the reference implementation). The specification says nothing about what to do when there is not enough memory for the stack, but I figure the only behaviour that makes sense is to stop execution.