From 841d4b5fb9ca42e697faf28148abe2bcd7230da5 Mon Sep 17 00:00:00 2001 From: John McFarland Date: Sat, 6 Jul 2019 11:07:50 -0500 Subject: Add iterator safety check in DoxygenParser::parse If the code called by DoxygenParser::parse does not behave correctly, it may move the iterator m_tokenListIt past the value endParsingIndex. This was not caught by the previous checks and could lead to dereferencing an invalid m_tokenListIt iterator value (and segfault). This is now protected against by using a less than check in the while loop instead of not equals. A warning is also printed if endParsingIndex is exceeded. --- Source/Doxygen/doxyparser.cxx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'Source/Doxygen') diff --git a/Source/Doxygen/doxyparser.cxx b/Source/Doxygen/doxyparser.cxx index cbad7c74d..2e826b265 100644 --- a/Source/Doxygen/doxyparser.cxx +++ b/Source/Doxygen/doxyparser.cxx @@ -971,7 +971,9 @@ DoxygenEntityList DoxygenParser::parse(TokenListCIt endParsingIndex, const Token std::string currPlainstringCommandType = root ? "partofdescription" : "plainstd::string"; DoxygenEntityList aNewList; - while (m_tokenListIt != endParsingIndex) { + // Less than check (instead of not equal) is a safeguard in case the + // iterator is incremented past the end + while (m_tokenListIt < endParsingIndex) { Token currToken = *m_tokenListIt; @@ -988,6 +990,10 @@ DoxygenEntityList DoxygenParser::parse(TokenListCIt endParsingIndex, const Token addCommand(currPlainstringCommandType, tokList, aNewList); } + // If addCommand above misbehaves, it can move the iterator past endParsingIndex + if (m_tokenListIt > endParsingIndex) + printListError(WARN_DOXYGEN_UNEXPECTED_ITERATOR_VALUE, "Unexpected iterator value in DoxygenParser::parse"); + if (endParsingIndex != tokList.end() && m_tokenListIt == tokList.end()) { // this could happen if we can't reach the original endParsingIndex printListError(WARN_DOXYGEN_UNEXPECTED_END_OF_COMMENT, "Unexpected end of Doxygen comment encountered."); -- cgit v1.2.1