Fixed a crash on garbage code. The test input was found by afl_cppcheck (type2). Unforunately, the cppcheck-fuzzer-client was crashing only when executing the binary input from afl-fuzz. Using the translated-input (C-code) did not lead to crash. I tested it with activated address/undefined behaviour sanitizer as well as non-instrumented source code. Since the translated output is too long (164 lines), i will not add it the testgarbage.cpp.
This commit is contained in:
parent
111db91387
commit
0ace50204b
|
@ -626,6 +626,10 @@ void CheckCondition::multiCondition2()
|
||||||
if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) {
|
if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) {
|
||||||
bool bailout = false;
|
bool bailout = false;
|
||||||
while (op) {
|
while (op) {
|
||||||
|
if (!op->astOperand1()) {
|
||||||
|
bailout = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
if (vars.find(op->astOperand1()->varId()) != vars.end()) {
|
if (vars.find(op->astOperand1()->varId()) != vars.end()) {
|
||||||
bailout = true;
|
bailout = true;
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue