You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
203 lines
6.5 KiB
203 lines
6.5 KiB
10 months ago
|
diff --git a/src/corelib/serialization/qxmlstream.cpp b/src/corelib/serialization/qxmlstream.cpp
|
||
|
index 4f282f19..6c98e7c0 100644
|
||
|
--- a/src/corelib/serialization/qxmlstream.cpp
|
||
|
+++ b/src/corelib/serialization/qxmlstream.cpp
|
||
|
@@ -1302,11 +1302,19 @@ inline int QXmlStreamReaderPrivate::fastScanContentCharList()
|
||
|
return n;
|
||
|
}
|
||
|
|
||
|
-inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||
|
+// Fast scan an XML attribute name (e.g. "xml:lang").
|
||
|
+inline QXmlStreamReaderPrivate::FastScanNameResult
|
||
|
+QXmlStreamReaderPrivate::fastScanName(Value *val)
|
||
|
{
|
||
|
int n = 0;
|
||
|
uint c;
|
||
|
while ((c = getChar()) != StreamEOF) {
|
||
|
+ if (n >= 4096) {
|
||
|
+ // This is too long to be a sensible name, and
|
||
|
+ // can exhaust memory, or the range of decltype(*prefix)
|
||
|
+ raiseNamePrefixTooLongError();
|
||
|
+ return {};
|
||
|
+ }
|
||
|
switch (c) {
|
||
|
case '\n':
|
||
|
case ' ':
|
||
|
@@ -1334,23 +1342,23 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||
|
case '+':
|
||
|
case '*':
|
||
|
putChar(c);
|
||
|
- if (prefix && *prefix == n+1) {
|
||
|
- *prefix = 0;
|
||
|
+ if (val && val->prefix == n + 1) {
|
||
|
+ val->prefix = 0;
|
||
|
putChar(':');
|
||
|
--n;
|
||
|
}
|
||
|
- return n;
|
||
|
+ return FastScanNameResult(n);
|
||
|
case ':':
|
||
|
- if (prefix) {
|
||
|
- if (*prefix == 0) {
|
||
|
- *prefix = n+2;
|
||
|
+ if (val) {
|
||
|
+ if (val->prefix == 0) {
|
||
|
+ val->prefix = n + 2;
|
||
|
} else { // only one colon allowed according to the namespace spec.
|
||
|
putChar(c);
|
||
|
- return n;
|
||
|
+ return FastScanNameResult(n);
|
||
|
}
|
||
|
} else {
|
||
|
putChar(c);
|
||
|
- return n;
|
||
|
+ return FastScanNameResult(n);
|
||
|
}
|
||
|
Q_FALLTHROUGH();
|
||
|
default:
|
||
|
@@ -1359,12 +1367,12 @@ inline int QXmlStreamReaderPrivate::fastScanName(int *prefix)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
- if (prefix)
|
||
|
- *prefix = 0;
|
||
|
+ if (val)
|
||
|
+ val->prefix = 0;
|
||
|
int pos = textBuffer.size() - n;
|
||
|
putString(textBuffer, pos);
|
||
|
textBuffer.resize(pos);
|
||
|
- return 0;
|
||
|
+ return FastScanNameResult(0);
|
||
|
}
|
||
|
|
||
|
enum NameChar { NameBeginning, NameNotBeginning, NotName };
|
||
|
@@ -1873,6 +1881,14 @@ void QXmlStreamReaderPrivate::raiseWellFormedError(const QString &message)
|
||
|
raiseError(QXmlStreamReader::NotWellFormedError, message);
|
||
|
}
|
||
|
|
||
|
+void QXmlStreamReaderPrivate::raiseNamePrefixTooLongError()
|
||
|
+{
|
||
|
+ // TODO: add a ImplementationLimitsExceededError and use it instead
|
||
|
+ raiseError(QXmlStreamReader::NotWellFormedError,
|
||
|
+ QXmlStream::tr("Length of XML attribute name exceeds implemnetation limits (4KiB "
|
||
|
+ "characters)."));
|
||
|
+}
|
||
|
+
|
||
|
void QXmlStreamReaderPrivate::parseError()
|
||
|
{
|
||
|
|
||
|
diff --git a/src/corelib/serialization/qxmlstream.g b/src/corelib/serialization/qxmlstream.g
|
||
|
index b623de95..e4310285 100644
|
||
|
--- a/src/corelib/serialization/qxmlstream.g
|
||
|
+++ b/src/corelib/serialization/qxmlstream.g
|
||
|
@@ -516,7 +516,16 @@ public:
|
||
|
int fastScanLiteralContent();
|
||
|
int fastScanSpace();
|
||
|
int fastScanContentCharList();
|
||
|
- int fastScanName(int *prefix = nullptr);
|
||
|
+
|
||
|
+ struct FastScanNameResult {
|
||
|
+ FastScanNameResult() : ok(false) {}
|
||
|
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
|
||
|
+ operator bool() { return ok; }
|
||
|
+ int operator*() { Q_ASSERT(ok); return addToLen; }
|
||
|
+ int addToLen;
|
||
|
+ bool ok;
|
||
|
+ };
|
||
|
+ FastScanNameResult fastScanName(Value *val = nullptr);
|
||
|
inline int fastScanNMTOKEN();
|
||
|
|
||
|
|
||
|
@@ -525,6 +534,7 @@ public:
|
||
|
|
||
|
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
|
||
|
void raiseWellFormedError(const QString &message);
|
||
|
+ void raiseNamePrefixTooLongError();
|
||
|
|
||
|
QXmlStreamEntityResolver *entityResolver;
|
||
|
|
||
|
@@ -1809,7 +1819,12 @@ space_opt ::= space;
|
||
|
qname ::= LETTER;
|
||
|
/.
|
||
|
case $rule_number: {
|
||
|
- sym(1).len += fastScanName(&sym(1).prefix);
|
||
|
+ Value &val = sym(1);
|
||
|
+ if (auto res = fastScanName(&val))
|
||
|
+ val.len += *res;
|
||
|
+ else
|
||
|
+ return false;
|
||
|
+
|
||
|
if (atEnd) {
|
||
|
resume($rule_number);
|
||
|
return false;
|
||
|
@@ -1820,7 +1835,11 @@ qname ::= LETTER;
|
||
|
name ::= LETTER;
|
||
|
/.
|
||
|
case $rule_number:
|
||
|
- sym(1).len += fastScanName();
|
||
|
+ if (auto res = fastScanName())
|
||
|
+ sym(1).len += *res;
|
||
|
+ else
|
||
|
+ return false;
|
||
|
+
|
||
|
if (atEnd) {
|
||
|
resume($rule_number);
|
||
|
return false;
|
||
|
diff --git a/src/corelib/serialization/qxmlstream_p.h b/src/corelib/serialization/qxmlstream_p.h
|
||
|
index 103b123b..80e7f740 100644
|
||
|
--- a/src/corelib/serialization/qxmlstream_p.h
|
||
|
+++ b/src/corelib/serialization/qxmlstream_p.h
|
||
|
@@ -1005,7 +1005,16 @@ public:
|
||
|
int fastScanLiteralContent();
|
||
|
int fastScanSpace();
|
||
|
int fastScanContentCharList();
|
||
|
- int fastScanName(int *prefix = nullptr);
|
||
|
+
|
||
|
+ struct FastScanNameResult {
|
||
|
+ FastScanNameResult() : ok(false) {}
|
||
|
+ explicit FastScanNameResult(int len) : addToLen(len), ok(true) { }
|
||
|
+ operator bool() { return ok; }
|
||
|
+ int operator*() { Q_ASSERT(ok); return addToLen; }
|
||
|
+ int addToLen;
|
||
|
+ bool ok;
|
||
|
+ };
|
||
|
+ FastScanNameResult fastScanName(Value *val = nullptr);
|
||
|
inline int fastScanNMTOKEN();
|
||
|
|
||
|
|
||
|
@@ -1014,6 +1023,7 @@ public:
|
||
|
|
||
|
void raiseError(QXmlStreamReader::Error error, const QString& message = QString());
|
||
|
void raiseWellFormedError(const QString &message);
|
||
|
+ void raiseNamePrefixTooLongError();
|
||
|
|
||
|
QXmlStreamEntityResolver *entityResolver;
|
||
|
|
||
|
@@ -1937,7 +1947,12 @@ bool QXmlStreamReaderPrivate::parse()
|
||
|
break;
|
||
|
|
||
|
case 262: {
|
||
|
- sym(1).len += fastScanName(&sym(1).prefix);
|
||
|
+ Value &val = sym(1);
|
||
|
+ if (auto res = fastScanName(&val))
|
||
|
+ val.len += *res;
|
||
|
+ else
|
||
|
+ return false;
|
||
|
+
|
||
|
if (atEnd) {
|
||
|
resume(262);
|
||
|
return false;
|
||
|
@@ -1945,7 +1960,11 @@ bool QXmlStreamReaderPrivate::parse()
|
||
|
} break;
|
||
|
|
||
|
case 263:
|
||
|
- sym(1).len += fastScanName();
|
||
|
+ if (auto res = fastScanName())
|
||
|
+ sym(1).len += *res;
|
||
|
+ else
|
||
|
+ return false;
|
||
|
+
|
||
|
if (atEnd) {
|
||
|
resume(263);
|
||
|
return false;
|