From ac0d313ab15aa78c444d00ed6a1a202a1351dfa1 Mon Sep 17 00:00:00 2001
From: Ulf Hermann <ulf.hermann@qt.io>
Date: Tue, 30 Apr 2019 13:29:45 +0200
Subject: Yarr: Reject quantifiers larger than 16M

Nobody needs those and we run into integer overflows later on if we
accept them.

Fixes: QTBUG-74048
Change-Id: Ib8ccd05e4bd6f662c38fbe95bf1350f81982e1b8
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
---
 src/3rdparty/masm/yarr/YarrParser.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/3rdparty/masm/yarr/YarrParser.h b/src/3rdparty/masm/yarr/YarrParser.h
index 3e5311f1fb..edc6beb1f0 100644
--- a/src/3rdparty/masm/yarr/YarrParser.h
+++ b/src/3rdparty/masm/yarr/YarrParser.h
@@ -694,7 +694,8 @@ private:
         ASSERT(!hasError(m_errorCode));
         ASSERT(min <= max);
 
-        if (min == UINT_MAX) {
+        const unsigned quantifyLimit = 1 << 24;
+        if (min > quantifyLimit || (max != quantifyInfinite && max > quantifyLimit)) {
             m_errorCode = ErrorCode::QuantifierTooLarge;
             return;
         }
-- 
cgit v1.2.3