C++: Fix crash when #if[def] nesting is deeper than 512 levels

Change-Id: I5e86da3a36514545834f554470b147ad8be43344
Reviewed-by: Eike Ziller <eike.ziller@theqtcompany.com>
Reviewed-by: Nikolai Kosjar <nikolai.kosjar@theqtcompany.com>

2 files changed, 40 insertions, 5 deletions

diff --git a/src/libs/cplusplus/pp-engine.cpp b/src/libs/cplusplus/pp-engine.cpp
index c0e6e3e827..9cafea26f2 100644
--- a/src/libs/cplusplus/pp-engine.cpp
+++ b/src/libs/cplusplus/pp-engine.cpp
@@ -140,6 +140,12 @@ static bool isQtReservedWord(const char *name, int size)
     return false;
 }
 
+static void nestingTooDeep()
+{
+#ifndef NO_DEBUG
+        std::cerr << "*** WARNING #if / #ifdef nesting exceeded the max level " << MAX_LEVEL << std::endl;
+#endif
+}
 
 } // anonymous namespace
 
@@ -1819,6 +1825,12 @@ void Preprocessor::handleIfDirective(PPToken *tk)
     lex(tk); // consume "if" token
     Value result;
     const PPToken lastExpressionToken = evalExpression(tk, result);
+
+    if (m_state.m_ifLevel >= MAX_LEVEL - 1) {
+        nestingTooDeep();
+        return;
+    }
+
     const bool value = !result.is_zero();
 
     const bool wasSkipping = m_state.m_skipping[m_state.m_ifLevel];
@@ -1945,12 +1957,17 @@ void Preprocessor::handleIfDefDirective(bool checkUndefined, PPToken *tk)
             value = !value;
 
         const bool wasSkipping = m_state.m_skipping[m_state.m_ifLevel];
-        ++m_state.m_ifLevel;
-        m_state.m_trueTest[m_state.m_ifLevel] = value;
-        m_state.m_skipping[m_state.m_ifLevel] = wasSkipping ? wasSkipping : !value;
 
-        if (m_client && !wasSkipping && !value)
-            startSkippingBlocks(*tk);
+        if (m_state.m_ifLevel < MAX_LEVEL - 1) {
+            ++m_state.m_ifLevel;
+            m_state.m_trueTest[m_state.m_ifLevel] = value;
+            m_state.m_skipping[m_state.m_ifLevel] = wasSkipping ? wasSkipping : !value;
+
+            if (m_client && !wasSkipping && !value)
+                startSkippingBlocks(*tk);
+        } else {
+            nestingTooDeep();
+        }
 
         lex(tk); // consume the identifier
 #ifndef NO_DEBUG
diff --git a/tests/auto/cplusplus/preprocessor/tst_preprocessor.cpp b/tests/auto/cplusplus/preprocessor/tst_preprocessor.cpp
index ee326c3d66..3bc5c8eb0d 100644
--- a/tests/auto/cplusplus/preprocessor/tst_preprocessor.cpp
+++ b/tests/auto/cplusplus/preprocessor/tst_preprocessor.cpp
@@ -390,6 +390,7 @@ private slots:
     void empty_trailing_lines_data();
     void undef();
     void concat();
+    void excessive_nesting();
 };
 
 // Remove all #... lines, and 'simplify' string, to allow easily comparing the result
@@ -1895,6 +1896,23 @@ void tst_Preprocessor::concat()
     QCOMPARE(prep.constData(), output.constData());
 }
 
+void tst_Preprocessor::excessive_nesting()
+{
+    Environment env;
+    Preprocessor preprocess(0, &env);
+    QByteArray input;
+    const QByteArray output =
+        "# 1 \"<stdin>\"\n"
+        "# 2001 \"<stdin>\"\n";
+    for (int i = 0; i < 1000; ++i)
+        input += "#if FOO\n";
+    for (int i = 0; i < 1000; ++i)
+        input += "#endif\n";
+    QByteArray prep = preprocess.run(QLatin1String("<stdin>"), input);
+    // Output cannot be precisely determined, but it shouldn't crash.
+    QCOMPARE(prep, output);
+}
+
 void tst_Preprocessor::compare_input_output(bool keepComments)
 {
     QFETCH(QByteArray, input);