Add a configurable parse-depth limit when parsing JFV headers, and use it for Feature-Policy Header

Add a configurable parse-depth limit when parsing JFV headers, and use it for Feature-Policy Header

The limit is deliberately set higher than the actual required depth
for a valid policy, so that strings which are malformed but not
malicious can still be passed through the Feature Policy header parser
which can emit more meaningful error messages.

BUG=662920
Committed: https://crrev.com/cb3e5ca8d303f10841d9985ff350d9fcbca49c9d
Cr-Commit-Position: refs/heads/master@{#434123}

[iclelland, 2016-11-22 15:45:41]

The CQ bit was checked by iclelland@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-22 15:45:56]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-22 18:56:18]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-22 18:56:19]

Dry run: This issue passed the CQ dry run.

[iclelland, 2016-11-22 19:43:48]

+r pfeldman, can you PTAL? Thanks!

This follows https://codereview.chromium.org/2380823002/ by actually using the
configurable depth for header parsing and for the JSON fuzzer (fuzzers have much
larger stack frames, so that's where this issue was caught originally.)

[iclelland, 2016-11-22 19:44:26]

iclelland@chromium.org changed reviewers:
+ pfeldman@chromium.org

[iclelland, 2016-11-22 19:44:26]

(Re-sending with a real reviewer set now :) )

+r pfeldman, can you PTAL? Thanks!

[pfeldman, 2016-11-22 19:48:23]

lgtm

[iclelland, 2016-11-23 03:50:16]

The CQ bit was checked by iclelland@chromium.org

[iclelland, 2016-11-23 03:50:16]

The patchset sent to the CQ was uploaded after l-g-t-m from
pfeldman@chromium.org
Link to the patchset: https://codereview.chromium.org/2520403002/#ps20001
(title: "Rebase")

[commit-bot: I haz the power, 2016-11-23 03:50:36]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-23 05:37:12]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1479873016140640,
"parent_rev": "2c85ada33f8c4fefd63bf5340a40c1d9cf0c5acc", "commit_rev":
"20aeb976aa6371fc16722d2dda90f8e827bf57a3"}

[commit-bot: I haz the power, 2016-11-23 05:37:34]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-11-23 05:39:15]

Description was changed from

==========
Add a configurable parse-depth limit when parsing JFV headers, and use it for
Feature-Policy Header

The limit is deliberately set higher than the actual required depth
for a valid policy, so that strings which are malformed but not
malicious can still be passed through the Feature Policy header parser
which can emit more meaningful error messages.

BUG=662920
==========

to

==========
Add a configurable parse-depth limit when parsing JFV headers, and use it for
Feature-Policy Header

The limit is deliberately set higher than the actual required depth
for a valid policy, so that strings which are malformed but not
malicious can still be passed through the Feature Policy header parser
which can emit more meaningful error messages.

BUG=662920

Committed: https://crrev.com/cb3e5ca8d303f10841d9985ff350d9fcbca49c9d
Cr-Commit-Position: refs/heads/master@{#434123}
==========

[commit-bot: I haz the power, 2016-11-23 05:39:16]

Patchset 2 (id:??) landed as
https://crrev.com/cb3e5ca8d303f10841d9985ff350d9fcbca49c9d
Cr-Commit-Position: refs/heads/master@{#434123}