Merge pull request doxygen#11628 from albert-github/feature/bug_php_reject

doxygen · web-flow · commit 0aa2496de058 · 2025-06-23T21:08:33.000+02:00
Input buffer overflow
diff --git a/src/code.l b/src/code.l
@@ -1279,10 +1279,10 @@ ENDQopt ("const"|"volatile"|"sealed"|"override")({BN}+("const"|"volatile"|"seale
                                           yyextra->inForEachExpression = FALSE;
                                           BEGIN( SkipStringS );
                                         }
-<SkipString>[^\"\\\r\n]*                {
+<SkipString>[^\"\\\r\n]{1,100}          {
                                           yyextra->code->codify(yytext);
                                         }
-<SkipStringS>[^\'\\\r\n]*               {
+<SkipStringS>[^\'\\\r\n]{1,100}         {
                                           yyextra->code->codify(yytext);
                                         }
 <SkipString,SkipStringS>{CPPC}|{CCS}       {
diff --git a/src/pre.l b/src/pre.l
@@ -607,10 +607,10 @@ WSopt [ \t\r]*
                                           outputChar(yyscanner,*yytext);
                                           BEGIN( CopyStringFtn );
                                         }
-<CopyString>[^\"\\\r\n]+                {
+<CopyString>[^\"\\\r\n]{1,1000}         {
                                           outputArray(yyscanner,yytext,yyleng);
                                         }
-<CopyStringCs>[^\"\r\n]+                {
+<CopyStringCs>[^\"\r\n]{1,1000}         {
                                           outputArray(yyscanner,yytext,yyleng);
                                         }
 <CopyStringCs>\"\"                      {
@@ -623,7 +623,7 @@ WSopt [ \t\r]*
                                           outputChar(yyscanner,*yytext);
                                           BEGIN( CopyLine );
                                         }
-<CopyStringFtnDouble>[^\"\\\r\n]+       {
+<CopyStringFtnDouble>[^\"\\\r\n]{1,1000} {
                                           outputArray(yyscanner,yytext,yyleng);
                                         }
 <CopyStringFtnDouble>\\.                {
@@ -633,7 +633,7 @@ WSopt [ \t\r]*
                                           outputChar(yyscanner,*yytext);
                                           BEGIN( CopyLine );
                                         }
-<CopyStringFtn>[^\'\\\r\n]+             {
+<CopyStringFtn>[^\'\\\r\n]{1,1000}      {
                                           outputArray(yyscanner,yytext,yyleng);
                                         }
 <CopyStringFtn>\\.                      {
@@ -652,7 +652,7 @@ WSopt [ \t\r]*
                                             BEGIN( CopyLine );
                                           }
                                         }
-<CopyRawString>[^)]+                    {
+<CopyRawString>[^)]{1,1000}             {
                                           outputArray(yyscanner,yytext,yyleng);
                                         }
 <CopyRawString>.                        {
diff --git a/src/scanner.l b/src/scanner.l
@@ -5141,7 +5141,7 @@ NONLopt [^\n]*
                                           if (yyextra->insidePHP)
                                           {
                                             yyextra->lastCopyArgStringContext=YY_START;
-                                            BEGIN(CopyArgPHPString);
+                                            BEGIN(SkipPHPString);
                                           }
                                         }
 <ReadFuncArgType,ReadTempArgs,CopyArgString,CopyArgPHPString,CopyArgRound,CopyArgSquare,CopyArgSharp>"<="|">="|"<=>" {

Original file line number	Diff line number	Diff line change
`@@ -1279,10 +1279,10 @@ ENDQopt ("const"\|"volatile"\|"sealed"\|"override")({BN}+("const"\|"volatile"\|"seale`
`1279`	`1279`	`yyextra->inForEachExpression = FALSE;`
`1280`	`1280`	`BEGIN( SkipStringS );`
`1281`	`1281`	`}`
`1282`		`-<SkipString>[^\"\\\r\n]* {`
	`1282`	`+<SkipString>[^\"\\\r\n]{1,100} {`
`1283`	`1283`	`yyextra->code->codify(yytext);`
`1284`	`1284`	`}`
`1285`		`-<SkipStringS>[^\'\\\r\n]* {`
	`1285`	`+<SkipStringS>[^\'\\\r\n]{1,100} {`
`1286`	`1286`	`yyextra->code->codify(yytext);`
`1287`	`1287`	`}`
`1288`	`1288`	`<SkipString,SkipStringS>{CPPC}\|{CCS} {`
Original file line number	Diff line number	Diff line change
`@@ -607,10 +607,10 @@ WSopt [ \t\r]*`
`607`	`607`	`outputChar(yyscanner,*yytext);`
`608`	`608`	`BEGIN( CopyStringFtn );`
`609`	`609`	`}`
`610`		`-<CopyString>[^\"\\\r\n]+ {`
	`610`	`+<CopyString>[^\"\\\r\n]{1,1000} {`
`611`	`611`	`outputArray(yyscanner,yytext,yyleng);`
`612`	`612`	`}`
`613`		`-<CopyStringCs>[^\"\r\n]+ {`
	`613`	`+<CopyStringCs>[^\"\r\n]{1,1000} {`
`614`	`614`	`outputArray(yyscanner,yytext,yyleng);`
`615`	`615`	`}`
`616`	`616`	`<CopyStringCs>\"\" {`
`@@ -623,7 +623,7 @@ WSopt [ \t\r]*`
`623`	`623`	`outputChar(yyscanner,*yytext);`
`624`	`624`	`BEGIN( CopyLine );`
`625`	`625`	`}`
`626`		`-<CopyStringFtnDouble>[^\"\\\r\n]+ {`
	`626`	`+<CopyStringFtnDouble>[^\"\\\r\n]{1,1000} {`
`627`	`627`	`outputArray(yyscanner,yytext,yyleng);`
`628`	`628`	`}`
`629`	`629`	`<CopyStringFtnDouble>\\. {`
`@@ -633,7 +633,7 @@ WSopt [ \t\r]*`
`633`	`633`	`outputChar(yyscanner,*yytext);`
`634`	`634`	`BEGIN( CopyLine );`
`635`	`635`	`}`
`636`		`-<CopyStringFtn>[^\'\\\r\n]+ {`
	`636`	`+<CopyStringFtn>[^\'\\\r\n]{1,1000} {`
`637`	`637`	`outputArray(yyscanner,yytext,yyleng);`
`638`	`638`	`}`
`639`	`639`	`<CopyStringFtn>\\. {`
`@@ -652,7 +652,7 @@ WSopt [ \t\r]*`
`652`	`652`	`BEGIN( CopyLine );`
`653`	`653`	`}`
`654`	`654`	`}`
`655`		`-<CopyRawString>[^)]+ {`
	`655`	`+<CopyRawString>[^)]{1,1000} {`
`656`	`656`	`outputArray(yyscanner,yytext,yyleng);`
`657`	`657`	`}`
`658`	`658`	`<CopyRawString>. {`
Original file line number	Diff line number	Diff line change
`@@ -5141,7 +5141,7 @@ NONLopt [^\n]*`
`5141`	`5141`	`if (yyextra->insidePHP)`
`5142`	`5142`	`{`
`5143`	`5143`	`yyextra->lastCopyArgStringContext=YY_START;`
`5144`		`- BEGIN(CopyArgPHPString);`
	`5144`	`+ BEGIN(SkipPHPString);`
`5145`	`5145`	`}`
`5146`	`5146`	`}`
`5147`	`5147`	`<ReadFuncArgType,ReadTempArgs,CopyArgString,CopyArgPHPString,CopyArgRound,CopyArgSquare,CopyArgSharp>"<="\|">="\|"<=>" {`