From e192874c6c134f0e7e1f08795e277cbc80cd55d5 Mon Sep 17 00:00:00 2001 From: Ulf Hermann Date: Mon, 27 Jan 2020 17:33:56 +0100 Subject: Guard against invalid version specifiers in import statements Check that the version parsed is in the valid range for QTypeRevision and produce a compile error if not. Task-number: QTBUG-71278 Change-Id: I9a957a10f4254387f9868a8f3f1e231440bc2cd2 Reviewed-by: Fabian Kosmale --- src/qml/parser/qqmljs.g | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'src/qml/parser/qqmljs.g') diff --git a/src/qml/parser/qqmljs.g b/src/qml/parser/qqmljs.g index 879de92e5f..ce715b0b9c 100644 --- a/src/qml/parser/qqmljs.g +++ b/src/qml/parser/qqmljs.g @@ -834,7 +834,15 @@ UiImport: UiImportHead Semicolon; UiVersionSpecifier: T_VERSION_NUMBER T_DOT T_VERSION_NUMBER; /. case $rule_number: { - auto version = new (pool) AST::UiVersionSpecifier(sym(1).dval, sym(3).dval); + const int major = sym(1).dval; + const int minor = sym(3).dval; + if (!QTypeRevision::isValidSegment(major) || !QTypeRevision::isValidSegment(minor)) { + diagnostic_messages.append( + compileError(loc(1), + QLatin1String("Invalid version. Version numbers must be >= 0 and < 255."))); + return false; + } + auto version = new (pool) AST::UiVersionSpecifier(major, minor); version->majorToken = loc(1); version->minorToken = loc(3); sym(1).UiVersionSpecifier = version; @@ -845,6 +853,13 @@ UiVersionSpecifier: T_VERSION_NUMBER T_DOT T_VERSION_NUMBER; UiVersionSpecifier: T_VERSION_NUMBER; /. case $rule_number: { + const int major = sym(1).dval; + if (!QTypeRevision::isValidSegment(major)) { + diagnostic_messages.append( + compileError(loc(1), + QLatin1String("Invalid major version. Version numbers must be >= 0 and < 255."))); + return false; + } auto version = new (pool) AST::UiVersionSpecifier(sym(1).dval, 0); version->majorToken = loc(1); sym(1).UiVersionSpecifier = version; -- cgit v1.2.3