From 30dbe57521c9b1f4cac74db8f5f15a3c466c20d0 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <peter-qt@hartmann.tk>
Date: Wed, 15 Mar 2017 11:59:14 +0100
Subject: QQmlComponent: Fix heap buffer overflow with bogus input

Change-Id: I8a725018a5aeb39df370f856cd77d887faa511e3
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/qml/parser/qqmljslexer.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/qml/parser/qqmljslexer.cpp')

diff --git a/src/qml/parser/qqmljslexer.cpp b/src/qml/parser/qqmljslexer.cpp
index 66f9eac126..53e67fde03 100644
--- a/src/qml/parser/qqmljslexer.cpp
+++ b/src/qml/parser/qqmljslexer.cpp
@@ -724,6 +724,11 @@ again:
                 return multilineStringLiteral ? T_MULTILINE_STRING_LITERAL : T_STRING_LITERAL;
             } else if (_char == QLatin1Char('\\')) {
                 scanChar();
+                if (_codePtr > _endPtr) {
+                    _errorCode = IllegalEscapeSequence;
+                    _errorMessage = QCoreApplication::translate("QQmlParser", "End of file reached at escape sequence");
+                    return T_ERROR;
+                }
 
                 QChar u;
 
-- 
cgit v1.2.3