diff options
| author | Aurélien Brooke <aurelien@bahiasoft.fr> | 2025-07-18 11:45:41 +0200 |
|---|---|---|
| committer | Aurélien Brooke <aurelien@bahiasoft.fr> | 2025-07-18 16:51:41 +0200 |
| commit | cc5965b266e0803c5bd138083ac620274a275710 (patch) | |
| tree | c4fc25f78e7e77266919e9c0554dd9b3c2328efc /src/tools/moc/parser.cpp | |
| parent | f650ac0047d5ca2aff03a89e8759f9298ab6ce49 (diff) | |
moc: ensure printMsg() respects QByteArrayView boundaries
printMsg() receives a message as a QByteArrayView, which is not
guaranteed to be NUL-terminated. Using fprintf with %s could lead to
reading past the view's bounds.
This wasn't an issue previously, since all QByteArrayViews passed were
derived from QByteArrays or const char *, which are NUL-terminated by
design.
To future-proof the code, use %.*s with msg.size() to ensure only the
bytes inside bounds are printed.
Change-Id: I690e0dabdfc4ea9c23426ef98950845a35cd407a
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
Diffstat (limited to 'src/tools/moc/parser.cpp')
| -rw-r--r-- | src/tools/moc/parser.cpp | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/tools/moc/parser.cpp b/src/tools/moc/parser.cpp index 5f4ff3f143f..a0e68e1df60 100644 --- a/src/tools/moc/parser.cpp +++ b/src/tools/moc/parser.cpp @@ -35,18 +35,20 @@ void Parser::printMsg(QByteArrayView formatStringSuffix, QByteArrayView msg, con QByteArray formatString = "%s:%d:%d: " + formatStringSuffix; #endif fprintf(stderr, formatString.constData(), - currentFilenames.top().constData(), sym.lineNum, 1, msg.data()); + currentFilenames.top().constData(), sym.lineNum, 1, + int(msg.size()), msg.data()); } else { QByteArray formatString = "%s: " + formatStringSuffix; fprintf(stderr, formatString.constData(), - currentFilenames.top().constData(), msg.data()); + currentFilenames.top().constData(), + int(msg.size()), msg.data()); } } void Parser::defaultErrorMsg(const Symbol &sym) { if (sym.lineNum != -1) - printMsg("error: Parse error at \"%s\"\n", sym.lexem().data(), sym); + printMsg("error: Parse error at \"%.*s\"\n", sym.lexem(), sym); else printMsg("error: could not parse file\n", "", sym); } @@ -60,7 +62,7 @@ void Parser::error(const Symbol &sym) void Parser::error(const char *msg) { if (msg || error_msg) - printMsg("error: %s\n", + printMsg("error: %.*s\n", msg ? msg : error_msg, index > 0 ? symbol() : Symbol{}); else @@ -71,14 +73,14 @@ void Parser::error(const char *msg) void Parser::error(const Symbol& symbol, const char *msg) { - printMsg("error: %s\n", msg, symbol); + printMsg("error: %.*s\n", msg, symbol); exit(EXIT_FAILURE); } void Parser::warning(const Symbol &sym, QByteArrayView msg) { if (displayWarnings) - printMsg("warning: %s\n", msg, sym); + printMsg("warning: %.*s\n", msg, sym); } void Parser::warning(const char *msg) { @@ -87,7 +89,7 @@ void Parser::warning(const char *msg) { void Parser::note(const char *msg) { if (displayNotes && msg) - printMsg("note: %s\n", msg, index > 0 ? symbol() : Symbol{}); + printMsg("note: %.*s\n", msg, index > 0 ? symbol() : Symbol{}); } QT_END_NAMESPACE |