From 52f549fa87eccbb4fa7f500a82223b5ace667e13 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Tue, 15 Feb 2022 20:19:03 +0100 Subject: [PATCH] Fix crash on garbage code (#3834) --- lib/tokenize.cpp | 5 ++++- test/testgarbage.cpp | 4 ++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index f8f28e70e..fc9a562df 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -4286,7 +4286,10 @@ void Tokenizer::setVarIdPass2() while (Token::Match(tokStart, ":: %name%") || tokStart->str() == "<") { if (tokStart->str() == "<") { // skip the template part - tokStart = tokStart->findClosingBracket()->next(); + const Token* closeTok = tokStart->findClosingBracket(); + if (!closeTok) + syntaxError(tok); + tokStart = closeTok->next(); } else { classnameTokens.push_back(tokStart->next()); tokStart = tokStart->tokAt(2); diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index 418210bea..8e42829ea 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -250,6 +250,7 @@ private: TEST_CASE(garbageCode218); // #8763 TEST_CASE(garbageCode219); // #10101 TEST_CASE(garbageCode220); // #6832 + TEST_CASE(garbageCode221); TEST_CASE(garbageCodeFuzzerClientMode1); // test cases created with the fuzzer client, mode 1 @@ -1704,6 +1705,9 @@ private: void garbageCode220() { // #6832 ASSERT_THROW(checkCode("(){(){{()}}return;{switch()0 case(){}break;l:()}}\n"), InternalError); // don't crash } + void garbageCode221() { + ASSERT_THROW(checkCode("struct A<0<;\n"), InternalError); // don't crash + } void syntaxErrorFirstToken() { ASSERT_THROW(checkCode("&operator(){[]};"), InternalError); // #7818