From b50e77e858c89f3ab972de97865bdcdbb6131ffe Mon Sep 17 00:00:00 2001 From: Marcus Tillmanns Date: Thu, 1 Feb 2024 13:11:14 +0100 Subject: ProParser: Guard against OOM When the pattern for a regular expression is empty, every character of the source is replaced with a copy of the "after" part of a "QString::replace(re, after)". If input and output are huge this results in a bad_alloc. We catch that here. Fixes: QTCREATORBUG-16957 Change-Id: If512f407a2170d93ae7e4182219d9926945b14de Reviewed-by: Christian Kandeler --- src/shared/proparser/qmakeevaluator.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'src/shared') diff --git a/src/shared/proparser/qmakeevaluator.cpp b/src/shared/proparser/qmakeevaluator.cpp index 0ea6c7f1334..36e82bf25a0 100644 --- a/src/shared/proparser/qmakeevaluator.cpp +++ b/src/shared/proparser/qmakeevaluator.cpp @@ -877,10 +877,16 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::visitProVariable( QRegularExpression regexp(pattern, case_sense ? QRegularExpression::NoPatternOption : QRegularExpression::CaseInsensitiveOption); - // We could make a union of modified and unmodified values, - // but this will break just as much as it fixes, so leave it as is. - replaceInList(&valuesRef(varName), regexp, replace, global, m_tmp2); - debugMsg(2, "replaced %s with %s", dbgQStr(pattern), dbgQStr(replace)); + try + { + // We could make a union of modified and unmodified values, + // but this will break just as much as it fixes, so leave it as is. + replaceInList(&valuesRef(varName), regexp, replace, global, m_tmp2); + debugMsg(2, "replaced %s with %s", dbgQStr(pattern), dbgQStr(replace)); + } catch (const std::bad_alloc &e) { + qWarning() << "Bad alloc caught in replaceInList:" << e.what(); + return ReturnError; + } } else { ProStringList varVal; if (expandVariableReferences(tokPtr, sizeHint, &varVal, false) == ReturnError) -- cgit v1.2.3