From 19ac80373a269b868bd81cf8350db8527ac8ae12 Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Fri, 24 Sep 2021 00:48:53 +0900
Subject: [PATCH 1/2] Cxx: [fix] avoid array overrun trigger when parsing too
 deeply nested namespaces

Close #3166 reported by @tsenart.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
 .../parser-cxx.r/bug-issue-3166.d/args.ctags  |  2 +
 .../bug-issue-3166.d/expected.tags            | 17 +++++++
 Units/parser-cxx.r/bug-issue-3166.d/input.cxx | 44 +++++++++++++++++++
 parsers/cxx/cxx_parser_namespace.c            |  2 +-
 4 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 Units/parser-cxx.r/bug-issue-3166.d/args.ctags
 create mode 100644 Units/parser-cxx.r/bug-issue-3166.d/expected.tags
 create mode 100644 Units/parser-cxx.r/bug-issue-3166.d/input.cxx

diff --git a/Units/parser-cxx.r/bug-issue-3166.d/args.ctags b/Units/parser-cxx.r/bug-issue-3166.d/args.ctags
new file mode 100644
index 0000000000..a60a455e15
--- /dev/null
+++ b/Units/parser-cxx.r/bug-issue-3166.d/args.ctags
@@ -0,0 +1,2 @@
+--sort=no
+--fields=+e
diff --git a/Units/parser-cxx.r/bug-issue-3166.d/expected.tags b/Units/parser-cxx.r/bug-issue-3166.d/expected.tags
new file mode 100644
index 0000000000..2f7d23356e
--- /dev/null
+++ b/Units/parser-cxx.r/bug-issue-3166.d/expected.tags
@@ -0,0 +1,17 @@
+DEAMER_LANGUAGE_DATASTRUCTURE_DEFINITION_OBJECT_MAIN_THREAT_THREAT_ANALYZER_DEAMER_LEXICON_TYPE_H	input.cxx	/^#define DEAMER_LANGUAGE_DATASTRUCTURE_DEFINITION_OBJECT_MAIN_THREAT_THREAT_ANALYZER_DEAMER_LEXIC/;"	d	file:	end:24
+deamer	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	file:	end:42
+language	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer	file:	end:42
+type	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language	file:	end:42
+definition	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type	file:	end:42
+object	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition	file:	end:42
+main	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object	file:	end:42
+threat	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main	file:	end:42
+deamer	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main::threat	file:	end:42
+lexicon	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main::threat::deamer	file:
+Type	input.cxx	/^	enum class Type$/;"	g	namespace:deamer::language::type::definition::object::main::threat::deamer::lexicon	file:	end:41
+Unknown	input.cxx	/^		Unknown = 0,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
+UnusedTerminal	input.cxx	/^		UnusedTerminal = 1,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
+DeletedTerminalReferencedInGrammar	input.cxx	/^		DeletedTerminalReferencedInGrammar = 2,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
+CrashTerminalReferencedInGrammar	input.cxx	/^		CrashTerminalReferencedInGrammar = 3,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
+TerminalIsBaseSetOfLaterTerminal	input.cxx	/^		TerminalIsBaseSetOfLaterTerminal = 4,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
+NonStandardNamingConvention	input.cxx	/^		NonStandardNamingConvention = 5,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
diff --git a/Units/parser-cxx.r/bug-issue-3166.d/input.cxx b/Units/parser-cxx.r/bug-issue-3166.d/input.cxx
new file mode 100644
index 0000000000..acaff6f979
--- /dev/null
+++ b/Units/parser-cxx.r/bug-issue-3166.d/input.cxx
@@ -0,0 +1,44 @@
+// Taken from theDeamerProject/Deamer/include/Deamer/Language/Type/Definition/Object/Main/Threat/Threat/Analyzer/Deamer/Lexicon/Type.h
+// of https://github.com/Deruago/theDeamerProject
+/*
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+/*
+ * Part of the DeamerProject.
+ * For more information go to: https://github.com/Deruago/theDeamerProject
+ */
+
+#ifndef DEAMER_LANGUAGE_DATASTRUCTURE_DEFINITION_OBJECT_MAIN_THREAT_THREAT_ANALYZER_DEAMER_LEXICON_TYPE_H
+#define DEAMER_LANGUAGE_DATASTRUCTURE_DEFINITION_OBJECT_MAIN_THREAT_THREAT_ANALYZER_DEAMER_LEXICON_TYPE_H
+
+namespace deamer::language::type::definition::object::main::threat::deamer::lexicon
+{
+	/*! \enum Type
+	 *
+	 *	\brief All lexicon threats
+	 */
+	enum class Type
+	{
+		Unknown = 0,
+
+		UnusedTerminal = 1,
+		DeletedTerminalReferencedInGrammar = 2,
+		CrashTerminalReferencedInGrammar = 3,
+		TerminalIsBaseSetOfLaterTerminal = 4,
+		NonStandardNamingConvention = 5,
+	};
+}
+
+#endif // DEAMER_LANGUAGE_DATASTRUCTURE_DEFINITION_OBJECT_MAIN_THREAT_THREAT_ANALYZER_DEAMER_LEXICON_TYPE_H
diff --git a/parsers/cxx/cxx_parser_namespace.c b/parsers/cxx/cxx_parser_namespace.c
index 41a6972fd5..b9b233dc6f 100644
--- a/parsers/cxx/cxx_parser_namespace.c
+++ b/parsers/cxx/cxx_parser_namespace.c
@@ -324,7 +324,7 @@ bool cxxParserParseNamespace(void)
 		cxxScopePop();
 		iScopeCount--;
 
-		if(aCorkQueueIndices[iScopeCount] > CORK_NIL)
+		if(iScopeCount < MAX_NESTED_NAMESPACES && aCorkQueueIndices[iScopeCount] > CORK_NIL)
 			cxxParserMarkEndLineForTagInCorkQueue(aCorkQueueIndices[iScopeCount]);
 	}
 

From cd304e432cfb41fd3368e95212bcbb98075c91c0 Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Fri, 24 Sep 2021 00:55:18 +0900
Subject: [PATCH 2/2] Cxx: double the size of array for tracking the deeply
 nested namespaces

Signed-off-by: Masatake YAMATO <yamato@redhat.com>

#3166 reported a real world example using deeply nested namespaces.
---
 Units/parser-cxx.r/bug-issue-3166.d/expected.tags | 2 +-
 parsers/cxx/cxx_parser_namespace.c                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Units/parser-cxx.r/bug-issue-3166.d/expected.tags b/Units/parser-cxx.r/bug-issue-3166.d/expected.tags
index 2f7d23356e..2dcb2b2703 100644
--- a/Units/parser-cxx.r/bug-issue-3166.d/expected.tags
+++ b/Units/parser-cxx.r/bug-issue-3166.d/expected.tags
@@ -7,7 +7,7 @@ object	input.cxx	/^namespace deamer::language::type::definition::object::main::t
 main	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object	file:	end:42
 threat	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main	file:	end:42
 deamer	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main::threat	file:	end:42
-lexicon	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main::threat::deamer	file:
+lexicon	input.cxx	/^namespace deamer::language::type::definition::object::main::threat::deamer::lexicon$/;"	n	namespace:deamer::language::type::definition::object::main::threat::deamer	file:	end:42
 Type	input.cxx	/^	enum class Type$/;"	g	namespace:deamer::language::type::definition::object::main::threat::deamer::lexicon	file:	end:41
 Unknown	input.cxx	/^		Unknown = 0,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
 UnusedTerminal	input.cxx	/^		UnusedTerminal = 1,$/;"	e	enum:deamer::language::type::definition::object::main::threat::deamer::lexicon::Type	file:
diff --git a/parsers/cxx/cxx_parser_namespace.c b/parsers/cxx/cxx_parser_namespace.c
index b9b233dc6f..c2fed85d77 100644
--- a/parsers/cxx/cxx_parser_namespace.c
+++ b/parsers/cxx/cxx_parser_namespace.c
@@ -23,7 +23,7 @@
 #include "read.h"
 
 
-#define MAX_NESTED_NAMESPACES 8
+#define MAX_NESTED_NAMESPACES 16
 
 
 bool cxxParserParseNamespace(void)