#6807 segmentation fault (invalid code) in Tokenizer::simplifyTypedef. #6808 segmentation fault (invalid code) in Tokenizer::simplifyTypedef. Throw InternalError on garbage code
This commit is contained in:
parent
6e03e7dca2
commit
4a1695c879
|
@ -96,6 +96,9 @@ SymbolDatabase::SymbolDatabase(const Tokenizer *tokenizer, const Settings *setti
|
|||
// only create base list for classes and structures
|
||||
if (new_scope->isClassOrStruct()) {
|
||||
// goto initial '{'
|
||||
if (!new_scope->definedType) {
|
||||
_tokenizer->syntaxError(nullptr); // #6808
|
||||
}
|
||||
tok2 = new_scope->definedType->initBaseInfo(tok, tok2);
|
||||
|
||||
// make sure we have valid code
|
||||
|
|
|
@ -1505,9 +1505,14 @@ void Tokenizer::simplifyTypedef()
|
|||
} else if (typeOf) {
|
||||
tok2 = copyTokens(tok2, argStart, argEnd);
|
||||
} else if (tok2->tokAt(2) && tok2->strAt(2) == "[") {
|
||||
while (tok2->tokAt(2) && tok2->strAt(2) == "[")
|
||||
while (tok2->tokAt(2) && tok2->strAt(2) == "[") {
|
||||
if (!tok2->linkAt(2)) {
|
||||
syntaxError(tok2); // #6807
|
||||
return;
|
||||
}
|
||||
tok2 = tok2->linkAt(2)->previous();
|
||||
}
|
||||
}
|
||||
|
||||
if (arrayStart && arrayEnd) {
|
||||
do {
|
||||
|
|
|
@ -135,6 +135,8 @@ private:
|
|||
TEST_CASE(garbageCode93);
|
||||
TEST_CASE(garbageCode94);
|
||||
TEST_CASE(garbageCode95);
|
||||
TEST_CASE(garbageCode96);
|
||||
TEST_CASE(garbageCode97);
|
||||
|
||||
TEST_CASE(garbageValueFlow);
|
||||
TEST_CASE(garbageSymbolDatabase);
|
||||
|
@ -751,6 +753,14 @@ private:
|
|||
checkCode("{ } x x ; { } h h [ ] ( ) ( ) { struct x ( x ) ; int __attribute__ ( ) f ( ) { h - > first = & x ; struct x * n = h - > first ; ( ) n > } }"); // do not crash
|
||||
}
|
||||
|
||||
void garbageCode96() { // #6807
|
||||
ASSERT_THROW(checkCode("typedef J J[ ; typedef ( ) ( ) { ; } typedef J J ;] ( ) ( J cx ) { n } ;"), InternalError);
|
||||
}
|
||||
|
||||
void garbageCode97() { // #6808
|
||||
ASSERT_THROW(checkCode("namespace A {> } class A{ { }} class A : T< ;"), InternalError);
|
||||
}
|
||||
|
||||
void garbageValueFlow() {
|
||||
// #6089
|
||||
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"
|
||||
|
|
Loading…
Reference in New Issue