summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrad King <brad.king@kitware.com>2017-08-31 14:07:33 (GMT)
committerKitware Robot <kwrobot@kitware.com>2017-08-31 14:08:18 (GMT)
commit96c882dcba7b26efca3fabf913a110eb630c3379 (patch)
tree3896c338254818fa2a172a4816189d8271278f1c
parentb4efc1936ac4d4154c7d9215165a805b2a6056d5 (diff)
parent14d9a11be9f8f7c79397e788d09bfe35dcb55efe (diff)
downloadCMake-96c882dcba7b26efca3fabf913a110eb630c3379.zip
CMake-96c882dcba7b26efca3fabf913a110eb630c3379.tar.gz
CMake-96c882dcba7b26efca3fabf913a110eb630c3379.tar.bz2
Merge topic 'lexer-null'
14d9a11b ListFileLexer: fix heap-buffer-overflow on malicious input Acked-by: Kitware Robot <kwrobot@kitware.com> Merge-request: !1153
-rw-r--r--Source/LexerParser/cmListFileLexer.c206
-rw-r--r--Source/LexerParser/cmListFileLexer.in.l8
-rw-r--r--Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt1
-rw-r--r--Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt5
-rw-r--r--Tests/RunCMake/Syntax/NullTerminatedArgument.cmakebin0 -> 106 bytes
-rw-r--r--Tests/RunCMake/Syntax/RunCMakeTest.cmake1
6 files changed, 123 insertions, 98 deletions
diff --git a/Source/LexerParser/cmListFileLexer.c b/Source/LexerParser/cmListFileLexer.c
index 636a6fb..c6f524c 100644
--- a/Source/LexerParser/cmListFileLexer.c
+++ b/Source/LexerParser/cmListFileLexer.c
@@ -576,16 +576,16 @@ struct yy_trans_info
flex_int32_t yy_verify;
flex_int32_t yy_nxt;
};
-static const flex_int16_t yy_accept[77] =
+static const flex_int16_t yy_accept[81] =
{ 0,
0, 0, 0, 0, 0, 0, 0, 0, 4, 4,
25, 13, 22, 1, 16, 3, 13, 5, 6, 7,
- 15, 23, 17, 19, 20, 21, 10, 11, 8, 12,
- 9, 4, 13, 0, 13, 0, 22, 0, 0, 7,
- 13, 0, 13, 0, 2, 0, 13, 17, 0, 18,
- 10, 8, 4, 0, 14, 0, 0, 0, 0, 14,
- 0, 0, 14, 0, 0, 0, 2, 14, 0, 0,
- 0, 0, 0, 0, 0, 0
+ 15, 23, 23, 17, 19, 20, 21, 17, 10, 11,
+ 8, 10, 12, 9, 24, 4, 13, 0, 13, 0,
+ 22, 0, 0, 7, 13, 0, 13, 0, 2, 0,
+ 13, 17, 0, 18, 10, 8, 4, 0, 14, 0,
+ 0, 0, 0, 14, 0, 0, 14, 0, 0, 0,
+ 2, 14, 0, 0, 0, 0, 0, 0, 0, 0
} ;
static const YY_CHAR yy_ec[256] =
@@ -620,104 +620,122 @@ static const YY_CHAR yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static const YY_CHAR yy_meta[16] =
+static const YY_CHAR yy_meta[17] =
{ 0,
1, 1, 2, 3, 4, 3, 1, 3, 5, 6,
- 1, 6, 1, 1, 7
+ 1, 6, 1, 1, 7, 8
} ;
-static const flex_int16_t yy_base[95] =
+static const flex_int16_t yy_base[99] =
{ 0,
- 0, 0, 13, 25, 14, 16, 17, 18, 90, 88,
- 88, 39, 20, 237, 237, 74, 78, 237, 237, 13,
- 54, 0, 71, 237, 237, 31, 0, 237, 73, 237,
- 237, 0, 0, 65, 75, 0, 33, 30, 72, 0,
- 0, 75, 70, 0, 74, 0, 0, 62, 70, 237,
- 0, 63, 0, 85, 99, 65, 111, 62, 34, 0,
- 54, 116, 0, 54, 127, 51, 237, 50, 0, 48,
- 47, 39, 33, 29, 17, 237, 136, 143, 150, 157,
- 164, 171, 178, 184, 191, 198, 201, 207, 214, 217,
- 219, 225, 228, 230
+ 0, 0, 14, 28, 42, 56, 70, 84, 18, 19,
+ 69, 100, 16, 323, 323, 55, 59, 323, 323, 13,
+ 115, 0, 323, 52, 323, 323, 21, 51, 0, 323,
+ 53, 0, 323, 323, 323, 0, 0, 126, 55, 0,
+ 25, 25, 53, 0, 0, 136, 53, 0, 57, 0,
+ 0, 42, 50, 323, 0, 43, 0, 146, 160, 45,
+ 172, 43, 26, 0, 42, 184, 0, 42, 195, 40,
+ 323, 40, 0, 38, 37, 34, 32, 31, 23, 323,
+ 211, 219, 227, 235, 243, 251, 259, 267, 274, 281,
+ 285, 291, 298, 302, 304, 310, 314, 316
} ;
-static const flex_int16_t yy_def[95] =
+static const flex_int16_t yy_def[99] =
{ 0,
- 76, 1, 77, 77, 78, 78, 79, 79, 80, 80,
- 76, 76, 76, 76, 76, 76, 12, 76, 76, 12,
- 76, 81, 82, 76, 76, 82, 83, 76, 76, 76,
- 76, 84, 12, 85, 12, 86, 76, 76, 87, 20,
- 12, 88, 12, 21, 76, 89, 12, 82, 82, 76,
- 83, 76, 84, 85, 76, 54, 85, 90, 76, 55,
- 87, 88, 55, 62, 88, 91, 76, 55, 92, 93,
- 90, 94, 91, 93, 94, 0, 76, 76, 76, 76,
- 76, 76, 76, 76, 76, 76, 76, 76, 76, 76,
- 76, 76, 76, 76
+ 80, 1, 81, 81, 82, 82, 83, 83, 84, 84,
+ 80, 80, 80, 80, 80, 80, 12, 80, 80, 12,
+ 80, 85, 80, 86, 80, 80, 86, 86, 87, 80,
+ 80, 87, 80, 80, 80, 88, 12, 89, 12, 90,
+ 80, 80, 91, 20, 12, 92, 12, 21, 80, 93,
+ 12, 86, 86, 80, 87, 80, 88, 89, 80, 58,
+ 89, 94, 80, 59, 91, 92, 59, 66, 92, 95,
+ 80, 59, 96, 97, 94, 98, 95, 97, 98, 0,
+ 80, 80, 80, 80, 80, 80, 80, 80, 80, 80,
+ 80, 80, 80, 80, 80, 80, 80, 80
} ;
-static const flex_int16_t yy_nxt[253] =
+static const flex_int16_t yy_nxt[340] =
{ 0,
12, 13, 14, 13, 15, 16, 17, 18, 19, 12,
- 12, 20, 21, 22, 12, 24, 28, 25, 28, 28,
- 28, 37, 40, 37, 40, 62, 26, 24, 29, 25,
- 29, 31, 31, 50, 37, 48, 37, 54, 26, 33,
- 59, 63, 45, 34, 59, 35, 45, 62, 33, 33,
- 33, 33, 36, 33, 41, 55, 54, 58, 42, 63,
- 43, 72, 60, 41, 44, 41, 45, 46, 41, 55,
- 55, 56, 70, 52, 48, 49, 67, 66, 57, 63,
- 60, 64, 58, 52, 49, 39, 38, 76, 65, 55,
- 14, 56, 14, 76, 76, 76, 76, 76, 57, 55,
-
- 76, 76, 76, 34, 76, 68, 76, 76, 55, 55,
- 55, 55, 69, 55, 54, 76, 54, 76, 54, 54,
- 63, 76, 64, 76, 76, 76, 76, 76, 76, 65,
- 62, 76, 62, 76, 62, 62, 23, 23, 23, 23,
- 23, 23, 23, 27, 27, 27, 27, 27, 27, 27,
- 30, 30, 30, 30, 30, 30, 30, 32, 32, 32,
- 32, 32, 32, 32, 47, 76, 47, 47, 47, 47,
- 47, 48, 76, 48, 76, 48, 48, 48, 51, 76,
- 51, 51, 51, 51, 53, 76, 53, 53, 53, 53,
- 53, 54, 76, 76, 54, 76, 54, 54, 33, 76,
-
- 33, 33, 33, 33, 33, 61, 61, 62, 76, 76,
- 62, 76, 62, 62, 41, 76, 41, 41, 41, 41,
- 41, 71, 71, 73, 73, 55, 76, 55, 55, 55,
- 55, 55, 74, 74, 75, 75, 11, 76, 76, 76,
- 76, 76, 76, 76, 76, 76, 76, 76, 76, 76,
- 76, 76
+ 12, 20, 21, 22, 12, 23, 25, 41, 26, 41,
+ 14, 14, 44, 54, 44, 52, 41, 27, 41, 28,
+ 25, 66, 26, 35, 35, 63, 63, 49, 49, 58,
+ 67, 27, 66, 28, 30, 59, 58, 62, 67, 76,
+ 64, 59, 74, 56, 52, 53, 31, 32, 30, 71,
+ 70, 64, 62, 56, 53, 53, 43, 42, 80, 80,
+ 31, 32, 30, 80, 80, 80, 80, 80, 80, 80,
+ 80, 80, 80, 80, 34, 35, 30, 80, 80, 80,
+ 80, 80, 80, 80, 80, 80, 80, 80, 34, 35,
+
+ 37, 80, 80, 80, 38, 80, 39, 80, 80, 37,
+ 37, 37, 37, 40, 37, 45, 80, 80, 80, 46,
+ 80, 47, 80, 80, 45, 48, 45, 49, 50, 45,
+ 59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
+ 67, 80, 68, 80, 80, 80, 80, 80, 80, 69,
+ 59, 80, 60, 80, 80, 80, 80, 80, 80, 61,
+ 59, 80, 80, 80, 38, 80, 72, 80, 80, 59,
+ 59, 59, 59, 73, 59, 58, 80, 58, 80, 58,
+ 58, 80, 80, 80, 80, 80, 80, 58, 67, 80,
+ 68, 80, 80, 80, 80, 80, 80, 69, 66, 80,
+
+ 66, 80, 66, 66, 80, 80, 80, 80, 80, 80,
+ 66, 24, 24, 24, 24, 24, 24, 24, 24, 29,
+ 29, 29, 29, 29, 29, 29, 29, 33, 33, 33,
+ 33, 33, 33, 33, 33, 36, 36, 36, 36, 36,
+ 36, 36, 36, 51, 80, 51, 51, 51, 51, 51,
+ 51, 52, 80, 52, 80, 52, 52, 52, 52, 55,
+ 80, 55, 55, 55, 55, 80, 55, 57, 80, 57,
+ 57, 57, 57, 57, 58, 80, 80, 58, 80, 58,
+ 58, 37, 80, 37, 37, 37, 37, 37, 37, 65,
+ 65, 66, 80, 80, 66, 80, 66, 66, 45, 80,
+
+ 45, 45, 45, 45, 45, 45, 75, 75, 77, 77,
+ 59, 80, 59, 59, 59, 59, 59, 59, 78, 78,
+ 79, 79, 11, 80, 80, 80, 80, 80, 80, 80,
+ 80, 80, 80, 80, 80, 80, 80, 80, 80
} ;
-static const flex_int16_t yy_chk[253] =
+static const flex_int16_t yy_chk[340] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 3, 5, 3, 6, 7,
- 8, 13, 20, 13, 20, 75, 3, 4, 5, 4,
- 6, 7, 8, 26, 37, 26, 37, 74, 4, 12,
- 38, 73, 38, 12, 59, 12, 59, 72, 12, 12,
- 12, 12, 12, 12, 21, 71, 70, 68, 21, 66,
- 21, 64, 61, 21, 21, 21, 21, 21, 21, 34,
- 58, 34, 56, 52, 49, 48, 45, 43, 34, 42,
- 39, 42, 35, 29, 23, 17, 16, 11, 42, 54,
- 10, 54, 9, 0, 0, 0, 0, 0, 54, 55,
-
- 0, 0, 0, 55, 0, 55, 0, 0, 55, 55,
- 55, 55, 55, 55, 57, 0, 57, 0, 57, 57,
- 62, 0, 62, 0, 0, 0, 0, 0, 0, 62,
- 65, 0, 65, 0, 65, 65, 77, 77, 77, 77,
- 77, 77, 77, 78, 78, 78, 78, 78, 78, 78,
- 79, 79, 79, 79, 79, 79, 79, 80, 80, 80,
- 80, 80, 80, 80, 81, 0, 81, 81, 81, 81,
- 81, 82, 0, 82, 0, 82, 82, 82, 83, 0,
- 83, 83, 83, 83, 84, 0, 84, 84, 84, 84,
- 84, 85, 0, 0, 85, 0, 85, 85, 86, 0,
-
- 86, 86, 86, 86, 86, 87, 87, 88, 0, 0,
- 88, 0, 88, 88, 89, 0, 89, 89, 89, 89,
- 89, 90, 90, 91, 91, 92, 0, 92, 92, 92,
- 92, 92, 93, 93, 94, 94, 76, 76, 76, 76,
- 76, 76, 76, 76, 76, 76, 76, 76, 76, 76,
- 76, 76
+ 1, 1, 1, 1, 1, 1, 3, 13, 3, 13,
+ 9, 10, 20, 27, 20, 27, 41, 3, 41, 3,
+ 4, 79, 4, 9, 10, 42, 63, 42, 63, 78,
+ 77, 4, 76, 4, 5, 75, 74, 72, 70, 68,
+ 65, 62, 60, 56, 53, 52, 5, 5, 6, 49,
+ 47, 43, 39, 31, 28, 24, 17, 16, 11, 0,
+ 6, 6, 7, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 7, 7, 8, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 8, 8,
+
+ 12, 0, 0, 0, 12, 0, 12, 0, 0, 12,
+ 12, 12, 12, 12, 12, 21, 0, 0, 0, 21,
+ 0, 21, 0, 0, 21, 21, 21, 21, 21, 21,
+ 38, 0, 38, 0, 0, 0, 0, 0, 0, 38,
+ 46, 0, 46, 0, 0, 0, 0, 0, 0, 46,
+ 58, 0, 58, 0, 0, 0, 0, 0, 0, 58,
+ 59, 0, 0, 0, 59, 0, 59, 0, 0, 59,
+ 59, 59, 59, 59, 59, 61, 0, 61, 0, 61,
+ 61, 0, 0, 0, 0, 0, 0, 61, 66, 0,
+ 66, 0, 0, 0, 0, 0, 0, 66, 69, 0,
+
+ 69, 0, 69, 69, 0, 0, 0, 0, 0, 0,
+ 69, 81, 81, 81, 81, 81, 81, 81, 81, 82,
+ 82, 82, 82, 82, 82, 82, 82, 83, 83, 83,
+ 83, 83, 83, 83, 83, 84, 84, 84, 84, 84,
+ 84, 84, 84, 85, 0, 85, 85, 85, 85, 85,
+ 85, 86, 0, 86, 0, 86, 86, 86, 86, 87,
+ 0, 87, 87, 87, 87, 0, 87, 88, 0, 88,
+ 88, 88, 88, 88, 89, 0, 0, 89, 0, 89,
+ 89, 90, 0, 90, 90, 90, 90, 90, 90, 91,
+ 91, 92, 0, 0, 92, 0, 92, 92, 93, 0,
+
+ 93, 93, 93, 93, 93, 93, 94, 94, 95, 95,
+ 96, 0, 96, 96, 96, 96, 96, 96, 97, 97,
+ 98, 98, 80, 80, 80, 80, 80, 80, 80, 80,
+ 80, 80, 80, 80, 80, 80, 80, 80, 80
} ;
/* Table of booleans, true if rule could match eol. */
@@ -1075,13 +1093,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 77 )
+ if ( yy_current_state >= 81 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
++yy_cp;
}
- while ( yy_base[yy_current_state] != 237 );
+ while ( yy_base[yy_current_state] != 323 );
yy_find_action:
yy_act = yy_accept[yy_current_state];
@@ -1647,7 +1665,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp )
{
- YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+ YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 16);
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1656,7 +1674,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 77 )
+ if ( yy_current_state >= 81 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@@ -1676,7 +1694,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */
char *yy_cp = yyg->yy_c_buf_p;
- YY_CHAR yy_c = 1;
+ YY_CHAR yy_c = 16;
if ( yy_accept[yy_current_state] )
{
yyg->yy_last_accepting_state = yy_current_state;
@@ -1685,11 +1703,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 77 )
+ if ( yy_current_state >= 81 )
yy_c = yy_meta[yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
- yy_is_jam = (yy_current_state == 76);
+ yy_is_jam = (yy_current_state == 80);
(void)yyg;
return yy_is_jam ? 0 : yy_current_state;
diff --git a/Source/LexerParser/cmListFileLexer.in.l b/Source/LexerParser/cmListFileLexer.in.l
index 6ec8da4..f2fd538 100644
--- a/Source/LexerParser/cmListFileLexer.in.l
+++ b/Source/LexerParser/cmListFileLexer.in.l
@@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
%x COMMENT
MAKEVAR \$\([A-Za-z0-9_]*\)
-UNQUOTED ([^ \t\r\n\(\)#\\\"[=]|\\.)
+UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
%%
@@ -113,7 +113,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
BEGIN(COMMENT);
}
-<COMMENT>.* {
+<COMMENT>[^\0\n]* {
lexer->column += yyleng;
}
@@ -168,7 +168,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
BEGIN(BRACKET);
}
-<BRACKET,BRACKETEND>. {
+<BRACKET,BRACKETEND>[^\0\n] {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
BEGIN(BRACKET);
@@ -231,7 +231,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
return 1;
}
-<STRING>. {
+<STRING>[^\0\n] {
cmListFileLexerAppend(lexer, yytext, yyleng);
lexer->column += yyleng;
}
diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt b/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt
@@ -0,0 +1 @@
+1
diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt b/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt
new file mode 100644
index 0000000..f26754e
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt
@@ -0,0 +1,5 @@
+CMake Error at NullTerminatedArgument.cmake:1:
+ Parse error. Function missing ending "\)". Instead found bad character
+ with text "".
+Call Stack \(most recent call first\):
+ CMakeLists.txt:3 \(include\)
diff --git a/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake b/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake
new file mode 100644
index 0000000..c82aceb
--- /dev/null
+++ b/Tests/RunCMake/Syntax/NullTerminatedArgument.cmake
Binary files differ
diff --git a/Tests/RunCMake/Syntax/RunCMakeTest.cmake b/Tests/RunCMake/Syntax/RunCMakeTest.cmake
index d1fbb16..628df91 100644
--- a/Tests/RunCMake/Syntax/RunCMakeTest.cmake
+++ b/Tests/RunCMake/Syntax/RunCMakeTest.cmake
@@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5)
run_cmake(Escape1)
run_cmake(Escape2)
run_cmake(EscapeCharsAllowed)
+run_cmake(NullTerminatedArgument)
include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake")
run_cmake(ParenNoSpace0)
run_cmake(ParenNoSpace1)