#6788 segmentation fault (invalid code) in Tokenizer::simplifyVarDecl. Fix null pointer access

2015-06-24 16:54:23 +02:00 · 2015-06-24 16:54:23 +02:00 · 9fedc9bd74
parent f806d945a1
commit 9fedc9bd74
2 changed files with 9 additions and 1 deletions
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@ -5371,7 +5371,10 @@ void Tokenizer::simplifyVarDecl(Token * tokBegin, Token * tokEnd, bool only_k_r_
        if (Token::simpleMatch(tok, "= {")) {
            tok = tok->next()->link();
        }
-
+        if (!tok) {
+            syntaxError(tokBegin);
+            return;
+        }
        if (only_k_r_fpar && finishedwithkr) {
            if (Token::Match(tok, "(|[|{")) {
                tok = tok->link();
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@ -126,6 +126,7 @@ private:
        TEST_CASE(garbageCode84);
        TEST_CASE(garbageCode85);
        TEST_CASE(garbageCode86);
+        TEST_CASE(garbageCode87);

        TEST_CASE(garbageValueFlow);
        TEST_CASE(garbageSymbolDatabase);
@ -692,6 +693,10 @@ private:
        ASSERT_THROW(checkCode("{ } typedef char ( *( X ) ( void) , char ) ;"), InternalError); // do not crash
    }

+    void garbageCode87() { // #6788
+        ASSERT_THROW(checkCode("((X (128))) (int a) { v[ = {} (x 42) a] += }"), InternalError); // do not crash
+    }
+
    void garbageValueFlow() {
        // #6089
        const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"