Merge topic 'lexer-null'

14d9a11b ListFileLexer: fix heap-buffer-overflow on malicious input

Acked-by: Kitware Robot <[email protected]>
Merge-request: !1153

Source/LexerParser/cmListFileLexer.c

@@ -576,16 +576,16 @@ struct yy_trans_info
 	flex_int32_t yy_verify;
 	flex_int32_t yy_nxt;
 	};
-static const flex_int16_t yy_accept[77] =
+static const flex_int16_t yy_accept[81] =
     {   0,
         0,    0,    0,    0,    0,    0,    0,    0,    4,    4,
        25,   13,   22,    1,   16,    3,   13,    5,    6,    7,
-       15,   23,   17,   19,   20,   21,   10,   11,    8,   12,
-        9,    4,   13,    0,   13,    0,   22,    0,    0,    7,
-       13,    0,   13,    0,    2,    0,   13,   17,    0,   18,
-       10,    8,    4,    0,   14,    0,    0,    0,    0,   14,
-        0,    0,   14,    0,    0,    0,    2,   14,    0,    0,
-        0,    0,    0,    0,    0,    0
+       15,   23,   23,   17,   19,   20,   21,   17,   10,   11,
+        8,   10,   12,    9,   24,    4,   13,    0,   13,    0,
+       22,    0,    0,    7,   13,    0,   13,    0,    2,    0,
+       13,   17,    0,   18,   10,    8,    4,    0,   14,    0,
+        0,    0,    0,   14,    0,    0,   14,    0,    0,    0,
+        2,   14,    0,    0,    0,    0,    0,    0,    0,    0
     } ;
 
 static const YY_CHAR yy_ec[256] =
@@ -620,104 +620,122 @@ static const YY_CHAR yy_ec[256] =
         1,    1,    1,    1,    1
     } ;
 
-static const YY_CHAR yy_meta[16] =
+static const YY_CHAR yy_meta[17] =
     {   0,
         1,    1,    2,    3,    4,    3,    1,    3,    5,    6,
-        1,    6,    1,    1,    7
+        1,    6,    1,    1,    7,    8
     } ;
 
-static const flex_int16_t yy_base[95] =
+static const flex_int16_t yy_base[99] =
     {   0,
-        0,    0,   13,   25,   14,   16,   17,   18,   90,   88,
-       88,   39,   20,  237,  237,   74,   78,  237,  237,   13,
-       54,    0,   71,  237,  237,   31,    0,  237,   73,  237,
-      237,    0,    0,   65,   75,    0,   33,   30,   72,    0,
-        0,   75,   70,    0,   74,    0,    0,   62,   70,  237,
-        0,   63,    0,   85,   99,   65,  111,   62,   34,    0,
-       54,  116,    0,   54,  127,   51,  237,   50,    0,   48,
-       47,   39,   33,   29,   17,  237,  136,  143,  150,  157,
-      164,  171,  178,  184,  191,  198,  201,  207,  214,  217,
-      219,  225,  228,  230
+        0,    0,   14,   28,   42,   56,   70,   84,   18,   19,
+       69,  100,   16,  323,  323,   55,   59,  323,  323,   13,
+      115,    0,  323,   52,  323,  323,   21,   51,    0,  323,
+       53,    0,  323,  323,  323,    0,    0,  126,   55,    0,
+       25,   25,   53,    0,    0,  136,   53,    0,   57,    0,
+        0,   42,   50,  323,    0,   43,    0,  146,  160,   45,
+      172,   43,   26,    0,   42,  184,    0,   42,  195,   40,
+      323,   40,    0,   38,   37,   34,   32,   31,   23,  323,
+      211,  219,  227,  235,  243,  251,  259,  267,  274,  281,
+      285,  291,  298,  302,  304,  310,  314,  316
 
     } ;
 
-static const flex_int16_t yy_def[95] =
+static const flex_int16_t yy_def[99] =
     {   0,
-       76,    1,   77,   77,   78,   78,   79,   79,   80,   80,
-       76,   76,   76,   76,   76,   76,   12,   76,   76,   12,
-       76,   81,   82,   76,   76,   82,   83,   76,   76,   76,
-       76,   84,   12,   85,   12,   86,   76,   76,   87,   20,
-       12,   88,   12,   21,   76,   89,   12,   82,   82,   76,
-       83,   76,   84,   85,   76,   54,   85,   90,   76,   55,
-       87,   88,   55,   62,   88,   91,   76,   55,   92,   93,
-       90,   94,   91,   93,   94,    0,   76,   76,   76,   76,
-       76,   76,   76,   76,   76,   76,   76,   76,   76,   76,
-       76,   76,   76,   76
+       80,    1,   81,   81,   82,   82,   83,   83,   84,   84,
+       80,   80,   80,   80,   80,   80,   12,   80,   80,   12,
+       80,   85,   80,   86,   80,   80,   86,   86,   87,   80,
+       80,   87,   80,   80,   80,   88,   12,   89,   12,   90,
+       80,   80,   91,   20,   12,   92,   12,   21,   80,   93,
+       12,   86,   86,   80,   87,   80,   88,   89,   80,   58,
+       89,   94,   80,   59,   91,   92,   59,   66,   92,   95,
+       80,   59,   96,   97,   94,   98,   95,   97,   98,    0,
+       80,   80,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80
 
     } ;
 
-static const flex_int16_t yy_nxt[253] =
+static const flex_int16_t yy_nxt[340] =
     {   0,
        12,   13,   14,   13,   15,   16,   17,   18,   19,   12,
-       12,   20,   21,   22,   12,   24,   28,   25,   28,   28,
-       28,   37,   40,   37,   40,   62,   26,   24,   29,   25,
-       29,   31,   31,   50,   37,   48,   37,   54,   26,   33,
-       59,   63,   45,   34,   59,   35,   45,   62,   33,   33,
-       33,   33,   36,   33,   41,   55,   54,   58,   42,   63,
-       43,   72,   60,   41,   44,   41,   45,   46,   41,   55,
-       55,   56,   70,   52,   48,   49,   67,   66,   57,   63,
-       60,   64,   58,   52,   49,   39,   38,   76,   65,   55,
-       14,   56,   14,   76,   76,   76,   76,   76,   57,   55,
-
-       76,   76,   76,   34,   76,   68,   76,   76,   55,   55,
-       55,   55,   69,   55,   54,   76,   54,   76,   54,   54,
-       63,   76,   64,   76,   76,   76,   76,   76,   76,   65,
-       62,   76,   62,   76,   62,   62,   23,   23,   23,   23,
-       23,   23,   23,   27,   27,   27,   27,   27,   27,   27,
-       30,   30,   30,   30,   30,   30,   30,   32,   32,   32,
-       32,   32,   32,   32,   47,   76,   47,   47,   47,   47,
-       47,   48,   76,   48,   76,   48,   48,   48,   51,   76,
-       51,   51,   51,   51,   53,   76,   53,   53,   53,   53,
-       53,   54,   76,   76,   54,   76,   54,   54,   33,   76,
-
-       33,   33,   33,   33,   33,   61,   61,   62,   76,   76,
-       62,   76,   62,   62,   41,   76,   41,   41,   41,   41,
-       41,   71,   71,   73,   73,   55,   76,   55,   55,   55,
-       55,   55,   74,   74,   75,   75,   11,   76,   76,   76,
-       76,   76,   76,   76,   76,   76,   76,   76,   76,   76,
-       76,   76
+       12,   20,   21,   22,   12,   23,   25,   41,   26,   41,
+       14,   14,   44,   54,   44,   52,   41,   27,   41,   28,
+       25,   66,   26,   35,   35,   63,   63,   49,   49,   58,
+       67,   27,   66,   28,   30,   59,   58,   62,   67,   76,
+       64,   59,   74,   56,   52,   53,   31,   32,   30,   71,
+       70,   64,   62,   56,   53,   53,   43,   42,   80,   80,
+       31,   32,   30,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   34,   35,   30,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   34,   35,
+
+       37,   80,   80,   80,   38,   80,   39,   80,   80,   37,
+       37,   37,   37,   40,   37,   45,   80,   80,   80,   46,
+       80,   47,   80,   80,   45,   48,   45,   49,   50,   45,
+       59,   80,   60,   80,   80,   80,   80,   80,   80,   61,
+       67,   80,   68,   80,   80,   80,   80,   80,   80,   69,
+       59,   80,   60,   80,   80,   80,   80,   80,   80,   61,
+       59,   80,   80,   80,   38,   80,   72,   80,   80,   59,
+       59,   59,   59,   73,   59,   58,   80,   58,   80,   58,
+       58,   80,   80,   80,   80,   80,   80,   58,   67,   80,
+       68,   80,   80,   80,   80,   80,   80,   69,   66,   80,
+
+       66,   80,   66,   66,   80,   80,   80,   80,   80,   80,
+       66,   24,   24,   24,   24,   24,   24,   24,   24,   29,
+       29,   29,   29,   29,   29,   29,   29,   33,   33,   33,
+       33,   33,   33,   33,   33,   36,   36,   36,   36,   36,
+       36,   36,   36,   51,   80,   51,   51,   51,   51,   51,
+       51,   52,   80,   52,   80,   52,   52,   52,   52,   55,
+       80,   55,   55,   55,   55,   80,   55,   57,   80,   57,
+       57,   57,   57,   57,   58,   80,   80,   58,   80,   58,
+       58,   37,   80,   37,   37,   37,   37,   37,   37,   65,
+       65,   66,   80,   80,   66,   80,   66,   66,   45,   80,
+
+       45,   45,   45,   45,   45,   45,   75,   75,   77,   77,
+       59,   80,   59,   59,   59,   59,   59,   59,   78,   78,
+       79,   79,   11,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80
     } ;
 
-static const flex_int16_t yy_chk[253] =
+static const flex_int16_t yy_chk[340] =
     {   0,
         1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
-        1,    1,    1,    1,    1,    3,    5,    3,    6,    7,
-        8,   13,   20,   13,   20,   75,    3,    4,    5,    4,
-        6,    7,    8,   26,   37,   26,   37,   74,    4,   12,
-       38,   73,   38,   12,   59,   12,   59,   72,   12,   12,
-       12,   12,   12,   12,   21,   71,   70,   68,   21,   66,
-       21,   64,   61,   21,   21,   21,   21,   21,   21,   34,
-       58,   34,   56,   52,   49,   48,   45,   43,   34,   42,
-       39,   42,   35,   29,   23,   17,   16,   11,   42,   54,
-       10,   54,    9,    0,    0,    0,    0,    0,   54,   55,
-
-        0,    0,    0,   55,    0,   55,    0,    0,   55,   55,
-       55,   55,   55,   55,   57,    0,   57,    0,   57,   57,
-       62,    0,   62,    0,    0,    0,    0,    0,    0,   62,
-       65,    0,   65,    0,   65,   65,   77,   77,   77,   77,
-       77,   77,   77,   78,   78,   78,   78,   78,   78,   78,
-       79,   79,   79,   79,   79,   79,   79,   80,   80,   80,
-       80,   80,   80,   80,   81,    0,   81,   81,   81,   81,
-       81,   82,    0,   82,    0,   82,   82,   82,   83,    0,
-       83,   83,   83,   83,   84,    0,   84,   84,   84,   84,
-       84,   85,    0,    0,   85,    0,   85,   85,   86,    0,
-
-       86,   86,   86,   86,   86,   87,   87,   88,    0,    0,
-       88,    0,   88,   88,   89,    0,   89,   89,   89,   89,
-       89,   90,   90,   91,   91,   92,    0,   92,   92,   92,
-       92,   92,   93,   93,   94,   94,   76,   76,   76,   76,
-       76,   76,   76,   76,   76,   76,   76,   76,   76,   76,
-       76,   76
+        1,    1,    1,    1,    1,    1,    3,   13,    3,   13,
+        9,   10,   20,   27,   20,   27,   41,    3,   41,    3,
+        4,   79,    4,    9,   10,   42,   63,   42,   63,   78,
+       77,    4,   76,    4,    5,   75,   74,   72,   70,   68,
+       65,   62,   60,   56,   53,   52,    5,    5,    6,   49,
+       47,   43,   39,   31,   28,   24,   17,   16,   11,    0,
+        6,    6,    7,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    7,    7,    8,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    8,    8,
+
+       12,    0,    0,    0,   12,    0,   12,    0,    0,   12,
+       12,   12,   12,   12,   12,   21,    0,    0,    0,   21,
+        0,   21,    0,    0,   21,   21,   21,   21,   21,   21,
+       38,    0,   38,    0,    0,    0,    0,    0,    0,   38,
+       46,    0,   46,    0,    0,    0,    0,    0,    0,   46,
+       58,    0,   58,    0,    0,    0,    0,    0,    0,   58,
+       59,    0,    0,    0,   59,    0,   59,    0,    0,   59,
+       59,   59,   59,   59,   59,   61,    0,   61,    0,   61,
+       61,    0,    0,    0,    0,    0,    0,   61,   66,    0,
+       66,    0,    0,    0,    0,    0,    0,   66,   69,    0,
+
+       69,    0,   69,   69,    0,    0,    0,    0,    0,    0,
+       69,   81,   81,   81,   81,   81,   81,   81,   81,   82,
+       82,   82,   82,   82,   82,   82,   82,   83,   83,   83,
+       83,   83,   83,   83,   83,   84,   84,   84,   84,   84,
+       84,   84,   84,   85,    0,   85,   85,   85,   85,   85,
+       85,   86,    0,   86,    0,   86,   86,   86,   86,   87,
+        0,   87,   87,   87,   87,    0,   87,   88,    0,   88,
+       88,   88,   88,   88,   89,    0,    0,   89,    0,   89,
+       89,   90,    0,   90,   90,   90,   90,   90,   90,   91,
+       91,   92,    0,    0,   92,    0,   92,   92,   93,    0,
+
+       93,   93,   93,   93,   93,   93,   94,   94,   95,   95,
+       96,    0,   96,   96,   96,   96,   96,   96,   97,   97,
+       98,   98,   80,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   80,   80
     } ;
 
 /* Table of booleans, true if rule could match eol. */
@@ -1075,13 +1093,13 @@ yy_match:
 			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 				{
 				yy_current_state = (int) yy_def[yy_current_state];
-				if ( yy_current_state >= 77 )
+				if ( yy_current_state >= 81 )
 					yy_c = yy_meta[yy_c];
 				}
 			yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
 			++yy_cp;
 			}
-		while ( yy_base[yy_current_state] != 237 );
+		while ( yy_base[yy_current_state] != 323 );
 
 yy_find_action:
 		yy_act = yy_accept[yy_current_state];
@@ -1647,7 +1665,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 
 	for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp )
 		{
-		YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+		YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 16);
 		if ( yy_accept[yy_current_state] )
 			{
 			yyg->yy_last_accepting_state = yy_current_state;
@@ -1656,7 +1674,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 			{
 			yy_current_state = (int) yy_def[yy_current_state];
-			if ( yy_current_state >= 77 )
+			if ( yy_current_state >= 81 )
 				yy_c = yy_meta[yy_c];
 			}
 		yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
@@ -1676,7 +1694,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
     struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */
 	char *yy_cp = yyg->yy_c_buf_p;
 
-	YY_CHAR yy_c = 1;
+	YY_CHAR yy_c = 16;
 	if ( yy_accept[yy_current_state] )
 		{
 		yyg->yy_last_accepting_state = yy_current_state;
@@ -1685,11 +1703,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
 	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
 		{
 		yy_current_state = (int) yy_def[yy_current_state];
-		if ( yy_current_state >= 77 )
+		if ( yy_current_state >= 81 )
 			yy_c = yy_meta[yy_c];
 		}
 	yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c];
-	yy_is_jam = (yy_current_state == 76);
+	yy_is_jam = (yy_current_state == 80);
 
 	(void)yyg;
 	return yy_is_jam ? 0 : yy_current_state;

Source/LexerParser/cmListFileLexer.in.l

@@ -74,7 +74,7 @@ static void cmListFileLexerDestroy(cmListFileLexer* lexer);
 %x COMMENT
 
 MAKEVAR \$\([A-Za-z0-9_]*\)
-UNQUOTED ([^ \t\r\n\(\)#\\\"[=]|\\.)
+UNQUOTED ([^ \0\t\r\n\(\)#\\\"[=]|\\.)
 LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
 
 %%
@@ -113,7 +113,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   BEGIN(COMMENT);
 }
 
-<COMMENT>.* {
+<COMMENT>[^\0\n]* {
   lexer->column += yyleng;
 }
 
@@ -168,7 +168,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   BEGIN(BRACKET);
 }
 
-<BRACKET,BRACKETEND>. {
+<BRACKET,BRACKETEND>[^\0\n] {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
   BEGIN(BRACKET);
@@ -231,7 +231,7 @@ LEGACY {MAKEVAR}|{UNQUOTED}|\"({MAKEVAR}|{UNQUOTED}|[ \t[=])*\"
   return 1;
 }
 
-<STRING>. {
+<STRING>[^\0\n] {
   cmListFileLexerAppend(lexer, yytext, yyleng);
   lexer->column += yyleng;
 }

Tests/RunCMake/Syntax/NullTerminatedArgument-result.txt

@@ -0,0 +1 @@
+1

Tests/RunCMake/Syntax/NullTerminatedArgument-stderr.txt

@@ -0,0 +1,5 @@
+CMake Error at NullTerminatedArgument.cmake:1:
+  Parse error.  Function missing ending "\)".  Instead found bad character
+  with text "".
+Call Stack \(most recent call first\):
+  CMakeLists.txt:3 \(include\)

Tests/RunCMake/Syntax/RunCMakeTest.cmake

@@ -55,6 +55,7 @@ run_cmake(BracketNoSpace5)
 run_cmake(Escape1)
 run_cmake(Escape2)
 run_cmake(EscapeCharsAllowed)
+run_cmake(NullTerminatedArgument)
 include("${RunCMake_SOURCE_DIR}/EscapeCharsDisallowed.cmake")
 run_cmake(ParenNoSpace0)
 run_cmake(ParenNoSpace1)