#6784 segmentation fault (invalid code) in Tokenizer::simplifyTypedef. Avoid null pointer access

2015-06-22 20:43:26 +02:00 · 2015-06-22 20:43:26 +02:00 · 07bcc7157b
parent 99524b1f59
commit 07bcc7157b
2 changed files with 10 additions and 0 deletions
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@ -1396,6 +1396,10 @@ void Tokenizer::simplifyTypedef()

                        // skip over variable name if there
                        if (!inCast) {
+                            if (!tok2 || !tok2->next()) {
+                                syntaxError(nullptr);
+                                return;
+                            }
                            if (tok2->next()->str() != ")")
                                tok2 = tok2->next();
                        }
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@ -1,3 +1,4 @@
+
 /*
 * Cppcheck - A tool for static C/C++ code analysis
 * Copyright (C) 2007-2015 Daniel Marjamäki and Cppcheck team.
@ -123,6 +124,7 @@ private:
        TEST_CASE(garbageCode82);
        TEST_CASE(garbageCode83);
        TEST_CASE(garbageCode84);
+        TEST_CASE(garbageCode85);

        TEST_CASE(garbageValueFlow);
        TEST_CASE(garbageSymbolDatabase);
@ -681,6 +683,10 @@ private:
        checkCode("int main ( [ ] ) { " " [ ] ; int i = 0 ; do { } ; } ( [ ] ) { }"); // do not crash
    }

+    void garbageCode85() { // #6784
+        ASSERT_THROW(checkCode("{ } { } typedef void ( *VoidFunc() ) ( ) ; VoidFunc"), InternalError); // do not crash
+    }
+
    void garbageValueFlow() {
        // #6089
        const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"