#6807 segmentation fault (invalid code) in Tokenizer::simplifyTypedef. #6808 segmentation fault (invalid code) in Tokenizer::simplifyTypedef. Throw InternalError on garbage code

This commit is contained in:
amai2012 2015-07-01 16:31:49 +02:00
parent 6e03e7dca2
commit 4a1695c879
3 changed files with 19 additions and 1 deletions

View File

@ -96,6 +96,9 @@ SymbolDatabase::SymbolDatabase(const Tokenizer *tokenizer, const Settings *setti
// only create base list for classes and structures // only create base list for classes and structures
if (new_scope->isClassOrStruct()) { if (new_scope->isClassOrStruct()) {
// goto initial '{' // goto initial '{'
if (!new_scope->definedType) {
_tokenizer->syntaxError(nullptr); // #6808
}
tok2 = new_scope->definedType->initBaseInfo(tok, tok2); tok2 = new_scope->definedType->initBaseInfo(tok, tok2);
// make sure we have valid code // make sure we have valid code

View File

@ -1505,9 +1505,14 @@ void Tokenizer::simplifyTypedef()
} else if (typeOf) { } else if (typeOf) {
tok2 = copyTokens(tok2, argStart, argEnd); tok2 = copyTokens(tok2, argStart, argEnd);
} else if (tok2->tokAt(2) && tok2->strAt(2) == "[") { } else if (tok2->tokAt(2) && tok2->strAt(2) == "[") {
while (tok2->tokAt(2) && tok2->strAt(2) == "[") while (tok2->tokAt(2) && tok2->strAt(2) == "[") {
if (!tok2->linkAt(2)) {
syntaxError(tok2); // #6807
return;
}
tok2 = tok2->linkAt(2)->previous(); tok2 = tok2->linkAt(2)->previous();
} }
}
if (arrayStart && arrayEnd) { if (arrayStart && arrayEnd) {
do { do {

View File

@ -135,6 +135,8 @@ private:
TEST_CASE(garbageCode93); TEST_CASE(garbageCode93);
TEST_CASE(garbageCode94); TEST_CASE(garbageCode94);
TEST_CASE(garbageCode95); TEST_CASE(garbageCode95);
TEST_CASE(garbageCode96);
TEST_CASE(garbageCode97);
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
@ -751,6 +753,14 @@ private:
checkCode("{ } x x ; { } h h [ ] ( ) ( ) { struct x ( x ) ; int __attribute__ ( ) f ( ) { h - > first = & x ; struct x * n = h - > first ; ( ) n > } }"); // do not crash checkCode("{ } x x ; { } h h [ ] ( ) ( ) { struct x ( x ) ; int __attribute__ ( ) f ( ) { h - > first = & x ; struct x * n = h - > first ; ( ) n > } }"); // do not crash
} }
void garbageCode96() { // #6807
ASSERT_THROW(checkCode("typedef J J[ ; typedef ( ) ( ) { ; } typedef J J ;] ( ) ( J cx ) { n } ;"), InternalError);
}
void garbageCode97() { // #6808
ASSERT_THROW(checkCode("namespace A {> } class A{ { }} class A : T< ;"), InternalError);
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"