From 5b347c537b787fbfc3c599d2610e037b9b412877 Mon Sep 17 00:00:00 2001 From: amai2012 Date: Fri, 29 May 2015 19:30:55 +0200 Subject: [PATCH] Fix #6720 and #6721 (Crashes on garbage code) Local fixes to avoid access to NULL-token --- lib/checkbufferoverrun.cpp | 2 ++ lib/checkstring.cpp | 2 ++ test/testgarbage.cpp | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 99f2987c0..ffb0a8e57 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -1721,6 +1721,8 @@ void CheckBufferOverrun::arrayIndexThenCheck() if (tok->type() == Token::eComparisonOp) tok = tok->tokAt(2); + if (!tok) + break; // skip close parentheses if (tok->str() == ")") tok = tok->next(); diff --git a/lib/checkstring.cpp b/lib/checkstring.cpp index 6c34b2e91..3348c5e5e 100644 --- a/lib/checkstring.cpp +++ b/lib/checkstring.cpp @@ -98,6 +98,8 @@ void CheckString::checkAlwaysTrueOrFalseStringCompare() alwaysTrueFalseStringCompareError(tok, str1, str2); tok = tok->tokAt(5); } + if (!tok) + break; } } diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index 589791498..11026ad13 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -90,6 +90,8 @@ private: TEST_CASE(garbageCode49); // #6715 TEST_CASE(garbageCode50); // #6718 TEST_CASE(garbageCode51); // #6719 + TEST_CASE(garbageCode52); // #6720 + TEST_CASE(garbageCode53); // #6721 TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -515,6 +517,14 @@ private: checkCode(" (const \"C\" ...); struct base { int f2; base (int arg1, int arg2); }; global_base(0x55, 0xff); { ((global_base.f1 0x55) (global_base.f2 0xff)) { } } base::base(int arg1, int arg2) { f2 = }"); } + void garbageCode52() { // #6720 + checkCode("a \"b\" not_eq \"c\""); + } + + void garbageCode53() { // #6721 + checkCode("{ { } }; void foo (struct int i) { x->b[i] = = }"); + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"