PR#7165: guard against out-of-range integers in lexer directives

2016-03-05 09:06:56 -05:00 · 2016-03-05 09:06:56 -05:00 · f6fb6a3755
parent d86aa4cd26
commit f6fb6a3755
5 changed files with 33 additions and 4 deletions
--- a/3
+++ b/3
@ -194,6 +194,9 @@ OCaml 4.04.0:
 - PR#7285: Relaxed value restriction broken with principal
  (Jacques Garrigue, report by Leo White)

+- PR#7165, GPR#494: uncaught exception on invalid lexer directive
+  (Gabriel Scherer, report by KC Sivaramakrishnan using afl-fuzz)
+
 * GPR#533: Thread library: fixed [Thread.wait_signal] so that it
  converts back the signal number returned by [sigwait] to an
  OS-independent number
--- a/parsing/lexer.mli
+++ b/parsing/lexer.mli
@ -27,6 +27,7 @@ type error =
  | Unterminated_string_in_comment of Location.t * Location.t
  | Keyword_as_label of string
  | Invalid_literal of string
+  | Invalid_directive of string * string option
 ;;

 exception Error of error * Location.t
--- a/parsing/lexer.mll
+++ b/parsing/lexer.mll
@ -28,6 +28,7 @@ type error =
  | Unterminated_string_in_comment of Location.t * Location.t
  | Keyword_as_label of string
  | Invalid_literal of string
+  | Invalid_directive of string * string option
 ;;

 exception Error of error * Location.t;;
@ -260,6 +261,12 @@ let report_error ppf = function
      fprintf ppf "`%s' is a keyword, it cannot be used as label name" kwd
  | Invalid_literal s ->
      fprintf ppf "Invalid literal %s" s
+  | Invalid_directive (dir, explanation) ->
+      fprintf ppf "Invalid lexer directive %S" dir;
+      begin match explanation with
+        | None -> ()
+        | Some expl -> fprintf ppf ": %s" expl
+      end

 let () =
  Location.register_error_of_exn
@ -426,11 +433,23 @@ rule token = parse
        lexbuf.lex_curr_p <- { curpos with pos_cnum = curpos.pos_cnum - 1 };
        STAR
      }
-  | "#" [' ' '\t']* (['0'-'9']+ as num) [' ' '\t']*
-        ("\"" ([^ '\010' '\013' '\"' ] * as name) "\"")?
+  | ("#" [' ' '\t']* (['0'-'9']+ as num) [' ' '\t']*
+        ("\"" ([^ '\010' '\013' '\"' ] * as name) "\"")?) as directive
        [^ '\010' '\013'] * newline
-      { update_loc lexbuf name (int_of_string num) true 0;
-        token lexbuf
+      {
+        match int_of_string num with
+        | exception _ ->
+            (* PR#7165 *)
+            let loc = Location.curr lexbuf in
+            let explanation = "line number out of range" in
+            let error = Invalid_directive (directive, Some explanation) in
+            raise (Error (error, loc))
+        | line_num ->
+           (* Documentation says that the line number should be
+              positive, but we have never guarded against this and it
+              might have useful hackish uses. *)
+            update_loc lexbuf name line_num true 0;
+            token lexbuf
      }
  | "#"  { HASH }
  | "&"  { AMPERSAND }
--- a/testsuite/tests/parsing/pr7165.ml
+++ b/testsuite/tests/parsing/pr7165.ml
@ -0,0 +1,4 @@
+(* this is a lexer directive with an out-of-bound integer;
+   it should result in a lexing error instead of an
+   uncaught exception as in PR#7165 *)
+#9342101923012312312
--- a/testsuite/tests/parsing/pr7165.ml.reference
+++ b/testsuite/tests/parsing/pr7165.ml.reference
@ -0,0 +1,2 @@
+File "pr7165.ml", line 4, characters 0-21:
+Error: Invalid directive "#9342101923012312312": line number out of range