walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix #8922 (SIGSEGV below exprDependsOnThis - stack overflow?) (#1761) 

This limits the recursion depth as a last line of defense to avoid stack
overflows when there are really huge arrays.
See https://trac.cppcheck.net/ticket/8922
This commit is contained in:
Sebastian 2019-03-26 18:57:01 +01:00 committed by GitHub
parent 4735b6ca1b
commit 29815b2dd8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/astutils.cpp
View File

@ -248,10 +248,14 @@ static bool isAliased(const Token * startTok, const Token * endTok, unsigned int
return false;
}
static bool exprDependsOnThis(const Token *expr)
static bool exprDependsOnThis(const Token *expr, unsigned int depth)
{
if (!expr)
return false;
if (depth >= 1000)
// Abort recursion to avoid stack overflow
return true;
++depth;
// calling nonstatic method?
if (Token::Match(expr->previous(), "!!:: %name% (") && expr->function() && expr->function()->nestedIn && expr->function()->nestedIn->isClassOrStruct()) {
// is it a method of this?
@ -263,7 +267,7 @@ static bool exprDependsOnThis(const Token *expr)
}
return nestedIn == expr->function()->nestedIn;
}
return exprDependsOnThis(expr->astOperand1()) || exprDependsOnThis(expr->astOperand2());
return exprDependsOnThis(expr->astOperand1(), depth) || exprDependsOnThis(expr->astOperand2(), depth);
}
/// This takes a token that refers to a variable and it will return the token
@ -290,7 +294,7 @@ static const Token * followVariableExpression(const Token * tok, bool cpp, const
if (!varTok)
return tok;
// Bailout. If variable value depends on value of "this".
if (exprDependsOnThis(varTok))
if (exprDependsOnThis(varTok, 0))
return tok;
// Skip array access
if (Token::simpleMatch(varTok, "["))