From 9876cf2312ef73c4096f4472b8c071b3d41b6045 Mon Sep 17 00:00:00 2001 From: Alexander Mai Date: Mon, 6 Apr 2015 17:23:48 +0200 Subject: [PATCH] #6626 crash: Token::astOperand2() const ( do while ). Fix two segmentation faults on invalid code. --- lib/checkbool.cpp | 2 +- lib/checkstl.cpp | 2 ++ test/testgarbage.cpp | 10 ++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/checkbool.cpp b/lib/checkbool.cpp index 0b65e8c19..a03943599 100644 --- a/lib/checkbool.cpp +++ b/lib/checkbool.cpp @@ -438,7 +438,7 @@ void CheckBool::pointerArithBool() if (tok) tok = tok->astOperand1(); } else if (scope->type == Scope::eDo) - tok = scope->classEnd->tokAt(2)->astOperand2(); + tok = (scope->classEnd->tokAt(2)) ? scope->classEnd->tokAt(2)->astOperand2() : nullptr; pointerArithBoolCond(tok); } diff --git a/lib/checkstl.cpp b/lib/checkstl.cpp index a7c466b91..d0afcab88 100644 --- a/lib/checkstl.cpp +++ b/lib/checkstl.cpp @@ -1455,6 +1455,8 @@ void CheckStl::checkDereferenceInvalidIterator() const Token* startOfCondition = tok->next(); if (i->type == Scope::eDo) startOfCondition = startOfCondition->link()->tokAt(2); + if (!startOfCondition) // ticket #6626 invalid code + continue; const Token* endOfCondition = startOfCondition->link(); if (!endOfCondition) continue; diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index 4e3885b23..9c2293fe8 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -72,6 +72,7 @@ private: TEST_CASE(garbageCode31); // #6539 TEST_CASE(garbageCode32); // #6135 TEST_CASE(garbageCode33); // #6613 + TEST_CASE(garbageCode34); // 6626 TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -410,6 +411,15 @@ private: checkCode("\xe2u."); } + // Bug #6626 crash: Token::astOperand2() const ( do while ) + void garbageCode34() { + checkCode("void foo(void) {\n" + " do\n" + " while (0);\n" + "}"); + ASSERT_EQUALS("", errout.str()); + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"