Fixed #5426 (crash: btrfs-progs cmds-inspect.c)

2014-01-31 06:19:36 +01:00 · 2014-01-31 06:19:36 +01:00 · 9aa9530e0d
parent a34d2eb7b3
commit 9aa9530e0d
2 changed files with 7 additions and 1 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -1670,7 +1670,7 @@ void CheckBufferOverrun::checkStructVariable()
                                        if (size != 100) { // magic number for size of struct
                                            // check if a real size was specified and give up
                                            // malloc(10) rather than malloc(sizeof(struct))
-                                            if (size < 100)
+                                            if (size < 100 || arrayInfo.element_size() == 0)
                                                continue;

                                            // calculate real array size based on allocated size
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -240,6 +240,7 @@ private:
        TEST_CASE(crash1);  // Ticket #1587 - crash
        TEST_CASE(crash2);  // Ticket #2607 - crash
        TEST_CASE(crash3);  // Ticket #3034 - crash
+        TEST_CASE(crash4);  // Ticket #5426 - crash

        TEST_CASE(garbage1);  // Ticket #5203

@ -3663,6 +3664,11 @@ private:
              "}");
    }

+    void crash4() {
+        check("struct b { unknown v[0]; };\n"
+              "void d() { struct b *f; f = malloc(108); }");
+    }
+
    void garbage1() { // Ticket #5203
        check("int f ( int* r ) { {  int s[2] ; f ( s ) ; if ( ) } }");
    }