Fix crashes for garbage code, found by fuzzing

This commit is contained in:
Daniel Marjamäki 2018-01-24 13:53:03 +01:00
parent 4710d80a40
commit 0f561d0ed6
2 changed files with 10 additions and 1 deletions

View File

@ -8356,7 +8356,7 @@ const Token * Tokenizer::findGarbageCode() const
// Operators without operands.. // Operators without operands..
for (const Token *tok = tokens(); tok; tok = tok->next()) { for (const Token *tok = tokens(); tok; tok = tok->next()) {
if (Token::Match(tok, "%cop% %or%|%oror%|/|%")) if (Token::Match(tok, "%cop%|=|,|[ %or%|%oror%|/|%"))
return tok; return tok;
if (Token::Match(tok, ";|(|[ %comp%")) if (Token::Match(tok, ";|(|[ %comp%"))
return tok; return tok;

View File

@ -222,6 +222,9 @@ private:
TEST_CASE(garbageCode189); // #8317 TEST_CASE(garbageCode189); // #8317
TEST_CASE(garbageCode190); // #8307 TEST_CASE(garbageCode190); // #8307
TEST_CASE(garbageCode191); // #8333 TEST_CASE(garbageCode191); // #8333
TEST_CASE(garbageCodeFuzzerClientMode1); // test cases created with the fuzzer client, mode 1
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
TEST_CASE(garbageAST); TEST_CASE(garbageAST);
@ -1198,6 +1201,12 @@ private:
} }
void garbageCodeFuzzerClientMode1() {
ASSERT_THROW(checkCode("void f() { x= name2 & name3 name2 = | 0.1 , | 0.1 , | 0.1 name4 <= >( ); }"), InternalError);
ASSERT_THROW(checkCode("void f() { x = , * [ | + 0xff | > 0xff]; }"), InternalError);
ASSERT_THROW(checkCode("void f() { x = , | 0xff , 0.1 < ; }"), InternalError);
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"