Increase the "local variables in a function" limit.

src/parser.h

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 600 matching lines @@
                     bool allow_lazy = false) {
     Parser parser(info);
     parser.set_allow_lazy(allow_lazy);
     return parser.Parse();
   }
   bool Parse();
 
  private:
   friend class ParserTraits;
 
-  static const int kMaxNumFunctionLocals = 131071;  // 2^17-1
+  // Limit the allowed number of local variables in a function. The hard limit
+  // is that offsets computed by FullCodeGenerator::StackOperand and similar
+  // functions are ints, and they should not overflow. In addition, accessing
+  // local variables creates user-controlled constants in the generated code,
+  // and we don't want too much user-controlled memory inside the code (this was
+  // the reason why this limit was introduced in the first place; see
+  // https://codereview.chromium.org/7003030/ ).
+  static const int kMaxNumFunctionLocals = 4194303;  // 2^22-1
 
   enum Mode {
     PARSE_LAZILY,
     PARSE_EAGERLY
   };
 
   enum VariableDeclarationContext {
     kModuleElement,
     kBlockElement,
     kStatement,
@@ skipping 232 matching lines @@
  private:
   static const int kLiteralTypeSlot = 0;
   static const int kElementsSlot = 1;
 
   DISALLOW_IMPLICIT_CONSTRUCTORS(CompileTimeValue);
 };
 
 } }  // namespace v8::internal
 
 #endif  // V8_PARSER_H_