walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed crash in CheckBufferOverrun on garbage code (#5595)

This commit is contained in:
PKEuS 2014-03-21 13:20:44 +01:00
parent 1efcd670a1
commit 49b25b05d9
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/checkbufferoverrun.cpp
View File

@ -273,7 +273,7 @@ static bool bailoutIfSwitch(const Token *tok, const unsigned int varid)
end = end->linkAt(2); end = end->linkAt(2);
if (Token::simpleMatch(end, "{")) // Ticket #5203: Invalid code, bailout if (Token::simpleMatch(end, "{")) // Ticket #5203: Invalid code, bailout
return true; return true;
for (; tok != end; tok = tok->next()) { for (; tok && tok != end; tok = tok->next()) {
// If scanning a "if" block then bailout for "break" // If scanning a "if" block then bailout for "break"
if (is_if && (tok->str() == "break" || tok->str() == "continue")) if (is_if && (tok->str() == "break" || tok->str() == "continue"))
return true; return true;

5
test/testbufferoverrun.cpp
View File

@ -240,6 +240,7 @@ private:
TEST_CASE(crash2); // Ticket #2607 - crash TEST_CASE(crash2); // Ticket #2607 - crash
TEST_CASE(crash3); // Ticket #3034 - crash TEST_CASE(crash3); // Ticket #3034 - crash
TEST_CASE(crash4); // Ticket #5426 - crash TEST_CASE(crash4); // Ticket #5426 - crash
TEST_CASE(crash5); // TIcket #5595 - crash
TEST_CASE(garbage1); // Ticket #5203 TEST_CASE(garbage1); // Ticket #5203
@ -3673,6 +3674,10 @@ private:
"void d() { struct b *f; f = malloc(108); }"); "void d() { struct b *f; f = malloc(108); }");
} }
void crash5() {
check("static f() { int i; int source[1] = { 1 }; for (i = 0; i < 4; i++) (u, if (y u.x e)) }"); // Garbage code
}
void garbage1() { // Ticket #5203 void garbage1() { // Ticket #5203
check("int f ( int* r ) { { int s[2] ; f ( s ) ; if ( ) } }"); check("int f ( int* r ) { { int s[2] ; f ( s ) ; if ( ) } }");
} }