Fixed a crash on garbage code. The test input was found by afl_cppcheck (type2). Unforunately, the cppcheck-fuzzer-client was crashing only when executing the binary input from afl-fuzz. Using the translated-input (C-code) did not lead to crash. I tested it with activated address/undefined behaviour sanitizer as well as non-instrumented source code. Since the translated output is too long (164 lines), i will not add it the testgarbage.cpp.

This commit is contained in:
orbitcowboy 2019-04-07 13:27:33 +02:00
parent 111db91387
commit 0ace50204b
1 changed files with 4 additions and 0 deletions

View File

@ -626,6 +626,10 @@ void CheckCondition::multiCondition2()
if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) { if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) {
bool bailout = false; bool bailout = false;
while (op) { while (op) {
if (!op->astOperand1()) {
bailout = true;
break;
}
if (vars.find(op->astOperand1()->varId()) != vars.end()) { if (vars.find(op->astOperand1()->varId()) != vars.end()) {
bailout = true; bailout = true;
break; break;