Fixed #6021 (TemplateSimplifier::simplifyCalculations causes heap corruption on invalid code)
This commit is contained in:
parent
60e36492e2
commit
18abe4a142
|
@ -1136,11 +1136,12 @@ bool TemplateSimplifier::simplifyCalculations(Token *_tokens)
|
|||
}
|
||||
}
|
||||
|
||||
if (Token::simpleMatch(tok->previous(), "* 1") || Token::simpleMatch(tok, "1 *")) {
|
||||
if (tok->previous() && tok->previous()->isConstOp())
|
||||
if (Token::Match(tok->tokAt(-2), "%any% * 1") || Token::Match(tok->previous(), "%any% 1 *")) {
|
||||
if (tok->isNumber())
|
||||
tok = tok->previous();
|
||||
tok = tok->previous();
|
||||
tok->deleteNext();
|
||||
tok->deleteThis();
|
||||
tok->deleteNext();
|
||||
ret = true;
|
||||
}
|
||||
|
||||
|
|
|
@ -95,6 +95,7 @@ private:
|
|||
TEST_CASE(template55); // #6604 - simplify "const const" to "const" in template instantiations
|
||||
TEST_CASE(template56); // #7117 - const ternary operator simplification as template parameter
|
||||
TEST_CASE(template57); // #7891
|
||||
TEST_CASE(template58); // #6021 - use after free (deleted tokens in simplifyCalculations)
|
||||
TEST_CASE(template_enum); // #6299 Syntax error in complex enum declaration (including template)
|
||||
TEST_CASE(template_unhandled);
|
||||
TEST_CASE(template_default_parameter);
|
||||
|
@ -1047,6 +1048,17 @@ private:
|
|||
ASSERT_EQUALS(exp, tok(code));
|
||||
}
|
||||
|
||||
void template58() { // #6021
|
||||
const char code[] = "template <typename A>\n"
|
||||
"void TestArithmetic() {\n"
|
||||
" x(1 * CheckedNumeric<A>());\n"
|
||||
"}\n"
|
||||
"void foo() {\n"
|
||||
" TestArithmetic<int>();\n"
|
||||
"}";
|
||||
ASSERT_THROW(tok(code), InternalError);
|
||||
}
|
||||
|
||||
void template_enum() {
|
||||
const char code1[] = "template <class T>\n"
|
||||
"struct Unconst {\n"
|
||||
|
|
Loading…
Reference in New Issue