Stricter compiler parameter validation of SectionGet/Set* commands

git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@6462 212acab6-be3b-0410-9dea-997c60f758d6
2014-04-15 23:26:54 +00:00 · 2014-04-15 23:26:54 +00:00 · 5d4c8eb40f
commit 5d4c8eb40f
parent 8d7dd2cf9f
7 changed files with 35 additions and 19 deletions
--- a/Source/build.cpp
+++ b/Source/build.cpp
@ -3685,6 +3685,19 @@ void CEXEBuild::VerifyDeclaredUserVarRefs(UserVarsStringList *pVarsStringList)
  }
 }

+bool CEXEBuild::IsIntOrUserVar(const LineParser &line, int token) const
+{
+  const TCHAR *p = line.gettoken_str(token);
+  if ( *p == _T('$') && *(p+1) )
+  {
+    int idxUserVar = m_UserVarNames.get(p+1);
+    return (idxUserVar >= 0 && m_UserVarNames.get_reference(idxUserVar) >= 0);
+  }
+  int succ;
+  line.gettoken_int(token, &succ);
+  return !!succ;
+}
+
 int CEXEBuild::set_target_architecture_data()
 {
  build_strlist.setunicode(build_unicode), ubuild_strlist.setunicode(build_unicode);
--- a/Source/build.h
+++ b/Source/build.h
@ -405,6 +405,7 @@ class CEXEBuild {
    int m_iBaseVarsNum;
    int DeclaredUserVar(const TCHAR *VarName);
    void VerifyDeclaredUserVarRefs(UserVarsStringList *pVarsStringList);
+    bool IsIntOrUserVar(const LineParser &line, int token) const;

    ConstantsStringList m_ShellConstants;

--- a/Source/lineparse.cpp
+++ b/Source/lineparse.cpp
@ -77,7 +77,7 @@ void LineParser::eattoken()
  m_eat++;
 }

-double LineParser::gettoken_float(int token, int *success/*=0*/)
+double LineParser::gettoken_float(int token, int *success/*=0*/) const
 {
  token+=m_eat;
  if (token < 0 || token >= m_nt)
@ -99,7 +99,7 @@ double LineParser::gettoken_float(int token, int *success/*=0*/)
  return _tstof(m_tokens[token]);
 }

-int LineParser::gettoken_int(int token, int *success/*=0*/)
+int LineParser::gettoken_int(int token, int *success/*=0*/) const
 {
  token+=m_eat;
  if (token < 0 || token >= m_nt || !m_tokens[token][0])
@ -117,7 +117,7 @@ int LineParser::gettoken_int(int token, int *success/*=0*/)
  return l;
 }

-double LineParser::gettoken_number(int token, int *success/*=0*/)
+double LineParser::gettoken_number(int token, int *success/*=0*/) const
 {
  const TCHAR*str=gettoken_str(token);
  if (_T('-') == *str || _T('+') == *str) ++str;
@ -125,7 +125,7 @@ double LineParser::gettoken_number(int token, int *success/*=0*/)
  return gettoken_float(token,success);
 }

-TCHAR* LineParser::gettoken_str(int token)
+TCHAR* LineParser::gettoken_str(int token) const
 {
  token+=m_eat;
  if (token < 0 || token >= m_nt) return (TCHAR*)_T("");
--- a/Source/lineparse.h
+++ b/Source/lineparse.h
@ -32,10 +32,10 @@ class LineParser {
    int parse(TCHAR *line, int ignore_escaping=0); // returns -1 on error
    int getnumtokens();
    void eattoken();
-    double gettoken_float(int token, int *success=0);
-    int gettoken_int(int token, int *success=0);
-    double gettoken_number(int token, int *success=0);
-    TCHAR *gettoken_str(int token);
+    double gettoken_float(int token, int *success=0) const;
+    int gettoken_int(int token, int *success=0) const;
+    double gettoken_number(int token, int *success=0) const;
+    TCHAR *gettoken_str(int token) const;
    int gettoken_enum(int token, const TCHAR *strlist); // null separated list

  private:
--- a/Source/script.cpp
+++ b/Source/script.cpp
@ -5972,6 +5972,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[2]=SECTION_FIELD_SET(name_ptr);
      ent.offsets[4]=add_string(line.gettoken_str(2));
+      if (!IsIntOrUserVar(line,1)) PRINTHELP()
      SCRIPT_MSG(_T("SectionSetText: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SECTIONGETTEXT:
@ -5979,7 +5980,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[1]=GetUserVarIndex(line, 2);
      ent.offsets[2]=SECTION_FIELD_GET(name_ptr);
-      if (line.gettoken_str(2)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (!IsIntOrUserVar(line,1) || ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("SectionGetText: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SECTIONSETFLAGS:
@ -5988,6 +5989,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[1]=add_string(line.gettoken_str(2));
      ent.offsets[2]=SECTION_FIELD_SET(flags);
      ent.offsets[3]=1;
+      if (!IsIntOrUserVar(line,1) || !IsIntOrUserVar(line,2)) PRINTHELP()
      SCRIPT_MSG(_T("SectionSetFlags: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SECTIONGETFLAGS:
@ -5995,7 +5997,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[1]=GetUserVarIndex(line, 2);
      ent.offsets[2]=SECTION_FIELD_GET(flags);
-      if (line.gettoken_str(2)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (!IsIntOrUserVar(line,1) || ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("SectionGetFlags: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_INSTTYPESETTEXT:
@ -6010,7 +6012,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[1]=GetUserVarIndex(line, 2);
      ent.offsets[2]=0;
-      if (line.gettoken_str(1)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (!IsIntOrUserVar(line,1) || ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("InstTypeGetText: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SECTIONSETINSTTYPES:
@ -6025,7 +6027,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[1]=GetUserVarIndex(line, 2);
      ent.offsets[2]=SECTION_FIELD_GET(install_types);
-      if (line.gettoken_str(2)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (!IsIntOrUserVar(line,1) || ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("SectionGetInstTypes: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SECTIONSETSIZE:
@ -6040,7 +6042,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[0]=add_string(line.gettoken_str(1));
      ent.offsets[1]=GetUserVarIndex(line, 2);
      ent.offsets[2]=SECTION_FIELD_GET(size_kb);
-      if (line.gettoken_str(2)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (!IsIntOrUserVar(line,1) || ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("SectionGetSize: %") NPRIs _T("->%") NPRIs _T("\n"),line.gettoken_str(1),line.gettoken_str(2));
    return add_entry(&ent);
    case TOK_SETCURINSTTYPE:
@ -6057,7 +6059,7 @@ int CEXEBuild::doCommand(int which_token, LineParser &line)
      ent.offsets[1]=GetUserVarIndex(line,1);
      ent.offsets[2]=0;
      ent.offsets[3]=1;
-      if (line.gettoken_str(1)[0] && ent.offsets[1]<0) PRINTHELP()
+      if (ent.offsets[1]<0) PRINTHELP()
      SCRIPT_MSG(_T("GetCurInstType: %") NPRIs _T("\n"),line.gettoken_str(1));
    return add_entry(&ent);
 #else//!NSIS_CONFIG_COMPONENTPAGE
--- a/Source/strlist.h
+++ b/Source/strlist.h
@ -382,7 +382,7 @@ class SortedStringListND // no delete - can be placed in GrowBuf
      int case_sensitive=0,
      int returnbestpos=0, /* if not found, return best pos */
      int*where=0
-    )
+    ) const
    {
      T *data=(T *) m_gr.get();
      int ul = m_gr.getlen()/sizeof(T);
--- a/Source/uservars.h
+++ b/Source/uservars.h
@ -70,7 +70,7 @@ class UserVarsStringList : public SortedStringListND<struct uservarstring>
 	  * @return The index position of the structure where structure.name ==
 	  * name.
 	  */
-    int get(const TCHAR *name, int n_chars = -1)
+    int get(const TCHAR *name, int n_chars = -1) const
    {
      int v = SortedStringListND<struct uservarstring>::find(name, n_chars);
      if (v == -1) return -1;
@ -82,7 +82,7 @@ class UserVarsStringList : public SortedStringListND<struct uservarstring>
 	  *
 	  * @return The count of strings.
 	  */
-    int getnum()
+    int getnum() const
    {
       return m_index;
    }
@ -93,7 +93,7 @@ class UserVarsStringList : public SortedStringListND<struct uservarstring>
 	  * @return The reference count of the nth uservarstring structure.
 	  * If not found, returns -1.
 	  */
-    int get_reference(int idx)
+    int get_reference(int idx) const
    {
      int pos=get_internal_idx(idx);
      if (pos==-1) return -1;
@ -131,7 +131,7 @@ class UserVarsStringList : public SortedStringListND<struct uservarstring>
  private:
    int m_index;

-    int get_internal_idx(int idx)
+    int get_internal_idx(int idx) const
    {
      struct uservarstring *data=(struct uservarstring *) m_gr.get();
      for (int i = 0; i < m_index; i++)