Fixed a crash on garbage code. The test input was found by afl_cppcheck (type2). Unforunately, the cppcheck-fuzzer-client was crashing only when executing the binary input from afl-fuzz. Using the translated-input (C-code) did not lead to crash. I tested it with activated address/undefined behaviour sanitizer as well as non-instrumented source code. Since the translated output is too long (164 lines), i will not add it the testgarbage.cpp.
This commit is contained in:
parent
111db91387
commit
0ace50204b
|
@ -626,6 +626,10 @@ void CheckCondition::multiCondition2()
|
|||
if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) {
|
||||
bool bailout = false;
|
||||
while (op) {
|
||||
if (!op->astOperand1()) {
|
||||
bailout = true;
|
||||
break;
|
||||
}
|
||||
if (vars.find(op->astOperand1()->varId()) != vars.end()) {
|
||||
bailout = true;
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue