walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

#6626 crash: Token::astOperand2() const ( do while ). Fix two segmentation faults on invalid code.

This commit is contained in:
Alexander Mai 2015-04-06 17:23:48 +02:00
parent 7fdbb91694
commit 9876cf2312
3 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/checkbool.cpp
View File

@ -438,7 +438,7 @@ void CheckBool::pointerArithBool()
if (tok) if (tok)
tok = tok->astOperand1(); tok = tok->astOperand1();
} else if (scope->type == Scope::eDo) } else if (scope->type == Scope::eDo)
tok = scope->classEnd->tokAt(2)->astOperand2(); tok = (scope->classEnd->tokAt(2)) ? scope->classEnd->tokAt(2)->astOperand2() : nullptr;
pointerArithBoolCond(tok); pointerArithBoolCond(tok);
} }

2
lib/checkstl.cpp
View File

@ -1455,6 +1455,8 @@ void CheckStl::checkDereferenceInvalidIterator()
const Token* startOfCondition = tok->next(); const Token* startOfCondition = tok->next();
if (i->type == Scope::eDo) if (i->type == Scope::eDo)
startOfCondition = startOfCondition->link()->tokAt(2); startOfCondition = startOfCondition->link()->tokAt(2);
if (!startOfCondition) // ticket #6626 invalid code
continue;
const Token* endOfCondition = startOfCondition->link(); const Token* endOfCondition = startOfCondition->link();
if (!endOfCondition) if (!endOfCondition)
continue; continue;

10
test/testgarbage.cpp
View File

@ -72,6 +72,7 @@ private:
TEST_CASE(garbageCode31); // #6539 TEST_CASE(garbageCode31); // #6539
TEST_CASE(garbageCode32); // #6135 TEST_CASE(garbageCode32); // #6135
TEST_CASE(garbageCode33); // #6613 TEST_CASE(garbageCode33); // #6613
TEST_CASE(garbageCode34); // 6626
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
@ -410,6 +411,15 @@ private:
checkCode("\xe2u."); checkCode("\xe2u.");
} }
// Bug #6626 crash: Token::astOperand2() const ( do while )
void garbageCode34() {
checkCode("void foo(void) {\n"
" do\n"
" while (0);\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"