Fixed #6021 (TemplateSimplifier::simplifyCalculations causes heap corruption on invalid code)

This commit is contained in:
Daniel Marjamäki 2017-06-07 19:32:56 +02:00
parent 60e36492e2
commit 18abe4a142
2 changed files with 16 additions and 3 deletions

View File

@ -1136,11 +1136,12 @@ bool TemplateSimplifier::simplifyCalculations(Token *_tokens)
} }
} }
if (Token::simpleMatch(tok->previous(), "* 1") || Token::simpleMatch(tok, "1 *")) { if (Token::Match(tok->tokAt(-2), "%any% * 1") || Token::Match(tok->previous(), "%any% 1 *")) {
if (tok->previous() && tok->previous()->isConstOp()) if (tok->isNumber())
tok = tok->previous(); tok = tok->previous();
tok = tok->previous();
tok->deleteNext();
tok->deleteNext(); tok->deleteNext();
tok->deleteThis();
ret = true; ret = true;
} }

View File

@ -95,6 +95,7 @@ private:
TEST_CASE(template55); // #6604 - simplify "const const" to "const" in template instantiations TEST_CASE(template55); // #6604 - simplify "const const" to "const" in template instantiations
TEST_CASE(template56); // #7117 - const ternary operator simplification as template parameter TEST_CASE(template56); // #7117 - const ternary operator simplification as template parameter
TEST_CASE(template57); // #7891 TEST_CASE(template57); // #7891
TEST_CASE(template58); // #6021 - use after free (deleted tokens in simplifyCalculations)
TEST_CASE(template_enum); // #6299 Syntax error in complex enum declaration (including template) TEST_CASE(template_enum); // #6299 Syntax error in complex enum declaration (including template)
TEST_CASE(template_unhandled); TEST_CASE(template_unhandled);
TEST_CASE(template_default_parameter); TEST_CASE(template_default_parameter);
@ -1047,6 +1048,17 @@ private:
ASSERT_EQUALS(exp, tok(code)); ASSERT_EQUALS(exp, tok(code));
} }
void template58() { // #6021
const char code[] = "template <typename A>\n"
"void TestArithmetic() {\n"
" x(1 * CheckedNumeric<A>());\n"
"}\n"
"void foo() {\n"
" TestArithmetic<int>();\n"
"}";
ASSERT_THROW(tok(code), InternalError);
}
void template_enum() { void template_enum() {
const char code1[] = "template <class T>\n" const char code1[] = "template <class T>\n"
"struct Unconst {\n" "struct Unconst {\n"