walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

#6788 segmentation fault (invalid code) in Tokenizer::simplifyVarDecl. Fix null pointer access

This commit is contained in:
amai2012 2015-06-24 16:54:23 +02:00
parent f806d945a1
commit 9fedc9bd74
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/tokenize.cpp
View File

@ -5371,7 +5371,10 @@ void Tokenizer::simplifyVarDecl(Token * tokBegin, Token * tokEnd, bool only_k_r_
if (Token::simpleMatch(tok, "= {")) { if (Token::simpleMatch(tok, "= {")) {
tok = tok->next()->link(); tok = tok->next()->link();
} }
if (!tok) {
syntaxError(tokBegin);
return;
}
if (only_k_r_fpar && finishedwithkr) { if (only_k_r_fpar && finishedwithkr) {
if (Token::Match(tok, "(|[|{")) { if (Token::Match(tok, "(|[|{")) {
tok = tok->link(); tok = tok->link();

5
test/testgarbage.cpp
View File

@ -126,6 +126,7 @@ private:
TEST_CASE(garbageCode84); TEST_CASE(garbageCode84);
TEST_CASE(garbageCode85); TEST_CASE(garbageCode85);
TEST_CASE(garbageCode86); TEST_CASE(garbageCode86);
TEST_CASE(garbageCode87);
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
@ -692,6 +693,10 @@ private:
ASSERT_THROW(checkCode("{ } typedef char ( *( X ) ( void) , char ) ;"), InternalError); // do not crash ASSERT_THROW(checkCode("{ } typedef char ( *( X ) ( void) , char ) ;"), InternalError); // do not crash
} }
void garbageCode87() { // #6788
ASSERT_THROW(checkCode("((X (128))) (int a) { v[ = {} (x 42) a] += }"), InternalError); // do not crash
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"