diff options
author | Peter Hartmann <peter-qt@hartmann.tk> | 2017-03-15 11:59:14 +0100 |
---|---|---|
committer | Peter Hartmann <peter-qt@hartmann.tk> | 2017-05-03 14:49:55 +0000 |
commit | 30dbe57521c9b1f4cac74db8f5f15a3c466c20d0 (patch) | |
tree | 68b76d8fe76e1252a377aaa22e544df0e0b9d23f | |
parent | b63c210f5a5fd1fe0419ef8f1f9b4655ac77b993 (diff) |
QQmlComponent: Fix heap buffer overflow with bogus input
Change-Id: I8a725018a5aeb39df370f856cd77d887faa511e3
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
-rw-r--r-- | src/qml/parser/qqmljslexer.cpp | 5 | ||||
-rw-r--r-- | tests/auto/qml/qqmlparser/tst_qqmlparser.cpp | 12 |
2 files changed, 17 insertions, 0 deletions
diff --git a/src/qml/parser/qqmljslexer.cpp b/src/qml/parser/qqmljslexer.cpp index 66f9eac126..53e67fde03 100644 --- a/src/qml/parser/qqmljslexer.cpp +++ b/src/qml/parser/qqmljslexer.cpp @@ -724,6 +724,11 @@ again: return multilineStringLiteral ? T_MULTILINE_STRING_LITERAL : T_STRING_LITERAL; } else if (_char == QLatin1Char('\\')) { scanChar(); + if (_codePtr > _endPtr) { + _errorCode = IllegalEscapeSequence; + _errorMessage = QCoreApplication::translate("QQmlParser", "End of file reached at escape sequence"); + return T_ERROR; + } QChar u; diff --git a/tests/auto/qml/qqmlparser/tst_qqmlparser.cpp b/tests/auto/qml/qqmlparser/tst_qqmlparser.cpp index 357482b93f..ba2b836a6d 100644 --- a/tests/auto/qml/qqmlparser/tst_qqmlparser.cpp +++ b/tests/auto/qml/qqmlparser/tst_qqmlparser.cpp @@ -49,6 +49,7 @@ private slots: void qmlParser_data(); void qmlParser(); #endif + void invalidEscapeSequence(); private: QStringList excludedDirs; @@ -192,6 +193,17 @@ void tst_qqmlparser::qmlParser() } #endif +void tst_qqmlparser::invalidEscapeSequence() +{ + using namespace QQmlJS; + + Engine engine; + Lexer lexer(&engine); + lexer.setCode(QLatin1String("\"\\"), 1); + Parser parser(&engine); + parser.parse(); +} + QTEST_MAIN(tst_qqmlparser) #include "tst_qqmlparser.moc" |