From ecd7a5edffedb08a8abd2a9cfbb8918cc783b874 Mon Sep 17 00:00:00 2001 From: James Graham Date: Thu, 16 Mar 2023 17:32:58 +0000 Subject: [PATCH] Cherrypick Text Handler Avoid accessing QString out of bounds to 23.04 Add end state to text handler and use to ensure that in nextTokenType to stop an out of bounds access to m_databuffer (cherry picked from commit 0d6a83b063cd8722cc43f771ae4fff98d68c02bf) --- src/texthandler.cpp | 8 ++++++-- src/texthandler.h | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/texthandler.cpp b/src/texthandler.cpp index 3a6bf507c..3083c19ff 100644 --- a/src/texthandler.cpp +++ b/src/texthandler.cpp @@ -219,8 +219,12 @@ void TextHandler::next() void TextHandler::nextTokenType() { - if (m_nextTokenType == Type::Tag && getTagType() == QStringLiteral("code") && !isCloseTag() - && m_dataBuffer.indexOf(QStringLiteral(""), m_pos) != m_pos) { + if (m_pos >= m_dataBuffer.length()) { + // This is to stop the function accessing an index outside the length of + // m_dataBuffer during the final loop. + m_nextTokenType = Type::End; + } else if (m_nextTokenType == Type::Tag && getTagType() == QStringLiteral("code") && !isCloseTag() + && m_dataBuffer.indexOf(QStringLiteral(""), m_pos) != m_pos) { m_nextTokenType = Type::TextCode; } else if (m_dataBuffer[m_pos] == u'<' && m_dataBuffer[m_pos + 1] != u' ') { m_nextTokenType = Type::Tag; diff --git a/src/texthandler.h b/src/texthandler.h index bfd70b9e2..7f260fbde 100644 --- a/src/texthandler.h +++ b/src/texthandler.h @@ -48,6 +48,7 @@ public: Text, /*!< Anything not a tag that doesn't have special handling */ Tag, /*!< For any generic tag that doesn't have special handling */ TextCode, /*!< Text between code tags */ + End, /*!< End of the input string */ }; /**