#6706 segmentation fault (invalid code) in tokenlist::compilePrecedence3. Local fix to prevent acess to NULL-token

2015-05-27 21:39:31 +02:00 · 2015-05-27 21:39:31 +02:00 · 133d8f9a91
parent 94d376e228
commit 133d8f9a91
2 changed files with 9 additions and 4 deletions
--- a/lib/tokenlist.cpp
+++ b/lib/tokenlist.cpp
@ -156,7 +156,7 @@ void TokenList::addtoken(const std::string & str, const unsigned int lineno, con

 void TokenList::addtoken(const Token * tok, const unsigned int lineno, const unsigned int fileno)
 {
-    if (tok == 0)
+    if (tok == nullptr)
        return;

    if (_back) {
@ -411,7 +411,7 @@ unsigned long long TokenList::calculateChecksum() const

        checksum ^= ((static_cast<unsigned long long>(subchecksum1) << 32) | subchecksum2);

-        bool bit1 = (checksum & 1) != 0;
+        const bool bit1 = (checksum & 1) != 0;
        checksum >>= 1;
        if (bit1)
            checksum |= (1ULL << 63);
@ -689,7 +689,7 @@ static void compilePrecedence3(Token *&tok, AST_state& state)
                state.op.push(tok->next());
                tok = tok->link()->next();
                compileBinOp(tok, state, compilePrecedence2);
-            } else if (tok->str() == "[" || tok->str() == "(")
+            } else if (tok && (tok->str() == "[" || tok->str() == "("))
                compilePrecedence2(tok, state);
            else if (innertype && Token::simpleMatch(tok, ") [")) {
                tok = tok->next();
@ -701,7 +701,7 @@ static void compilePrecedence3(Token *&tok, AST_state& state)
        } else if (state.cpp && Token::Match(tok, "delete %name%|*|&|::|(|[")) {
            Token* tok2 = tok;
            tok = tok->next();
-            if (tok->str() == "[")
+            if (tok && tok->str() == "[")
                tok = tok->link()->next();
            compilePrecedence3(tok, state);
            compileUnaryOp(tok2, state, nullptr);
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@ -85,6 +85,7 @@ private:
        TEST_CASE(garbageCode44); // #6704
        TEST_CASE(garbageCode45); // #6608
        TEST_CASE(garbageCode46); // #6705
+        TEST_CASE(garbageCode47); // #6706

        TEST_CASE(garbageValueFlow);
        TEST_CASE(garbageSymbolDatabase);
@ -490,6 +491,10 @@ private:
        checkCode(" { bar(char *x); void foo (int ...) { struct } va_list ap; va_start(ap, size); va_arg(ap, (d)); }");
    }

+    void garbageCode47() { // #6706
+        checkCode(" { { }; }; * new private: B: B;");
+    }
+
    void garbageValueFlow() {
        // #6089
        const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"