fix calculations of worst-case size requirements for token buffer

Change-Id: I3aa4c736acec44f95a0a33c7baae9276568f684f Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io> Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
2016-07-05 20:00:17 +02:00 · 2016-07-05 20:00:17 +02:00 · d459a6b0e0
commit d459a6b0e0
parent dacf3994ba
2 changed files with 16 additions and 6 deletions
--- a/qmake/library/qmakeparser.cpp
+++ b/qmake/library/qmakeparser.cpp
@ -304,27 +304,30 @@ void QMakeParser::read(ProFile *pro, const QString &in, int line, SubGrammar gra
    // Worst-case size calculations:
    // - line marker adds 1 (2-nl) to 1st token of each line
    // - empty assignment "A=":2 =>
-    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokAssign(1) + 0(1) +
+    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokAssign(1) + size_hint(1) +
    //   TokValueTerminator(1) == 8 (9)
    // - non-empty assignment "A=B C":5 =>
-    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokAssign(1) + 2(1) +
+    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokAssign(1) + size_hint(1) +
    //   TokLiteral(1) + len(1) + "B"(1) +
    //   TokLiteral(1) + len(1) + "C"(1) + TokValueTerminator(1) == 14 (15)
    // - variable expansion: "$$f":3 =>
    //   TokVariable(1) + hash(2) + len(1) + "f"(1) = 5
    // - function expansion: "$$f()":5 =>
    //   TokFuncName(1) + hash(2) + len(1) + "f"(1) + TokFuncTerminator(1) = 6
+    // - test literal: "X":1 =>
+    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokCondition(1) = 6 (7)
    // - scope: "X:":2 =>
    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokCondition(1) +
-    //   TokBranch(1) + len(2) + ... + len(2) + ... == 10
-    // - test: "X():":4 =>
+    //   TokBranch(1) + len(2) + ... + len(2) + ... == 11 (12)
+    // - test call: "X():":4 =>
    //   TokHashLiteral(1) + hash(2) + len(1) + "A"(1) + TokTestCall(1) + TokFuncTerminator(1) +
-    //   TokBranch(1) + len(2) + ... + len(2) + ... == 11
+    //   TokBranch(1) + len(2) + ... + len(2) + ... == 12 (13)
    // - "for(A,B):":9 =>
    //   TokForLoop(1) + hash(2) + len(1) + "A"(1) +
    //   len(2) + TokLiteral(1) + len(1) + "B"(1) + TokValueTerminator(1) +
    //   len(2) + ... + TokTerminator(1) == 14 (15)
-    tokBuff.reserve((in.size() + 1) * 5);
+    // One extra for possibly missing trailing newline.
+    tokBuff.reserve((in.size() + 1) * 7);
    ushort *tokPtr = (ushort *)tokBuff.constData(); // Current writing position

    // Expression precompiler buffer.
--- a/tests/auto/tools/qmakelib/parsertest.cpp
+++ b/tests/auto/tools/qmakelib/parsertest.cpp
@ -1872,6 +1872,13 @@ void tst_qmakelib::addParseAbuse()
    /*    24 */ /* else branch */ << I(0))
            << "in:1: OR operator without prior condition."
            << false;
+
+    // Token buffer overflow. Verify with Valgrind or asan.
+    QTest::newRow("QTCREATORBUG-16508")
+            << "a{b{c{d{"
+            << TS()
+            << "in:2: Missing closing brace(s)."
+            << false;
 }

 void tst_qmakelib::proParser_data()