From b25709a492b5ff608241a2988b6298e9994399ec Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Thu, 20 Feb 2020 23:53:28 -0600 Subject: [PATCH] Fix crash with garbage code (#2547) --- lib/forwardanalyzer.cpp | 2 +- test/testgarbage.cpp | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp index b7ec51f9c..3ba48ddfa 100644 --- a/lib/forwardanalyzer.cpp +++ b/lib/forwardanalyzer.cpp @@ -68,7 +68,7 @@ struct ForwardTraversal { template)> Progress traverseConditional(T* tok, F f, bool traverseUnknown) { - if (Token::Match(tok, "?|&&|%oror%")) { + if (Token::Match(tok, "?|&&|%oror%") && tok->astOperand1() && tok->astOperand2()) { T* condTok = tok->astOperand1(); if (traverseRecursive(condTok, f, traverseUnknown) == Progress::Break) return Progress::Break; diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index 178732ec2..7ddf19d09 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -245,6 +245,7 @@ private: TEST_CASE(garbageCode211); // #8764 TEST_CASE(garbageCode212); // #8765 TEST_CASE(garbageCode213); // #8758 + TEST_CASE(garbageCode214); TEST_CASE(garbageCodeFuzzerClientMode1); // test cases created with the fuzzer client, mode 1 @@ -1666,6 +1667,17 @@ private: ASSERT_THROW(checkCode("{\"\"[(1||)];}"), InternalError); } + void garbageCode214() { + checkCode("void\n" + "f(a, b, h)\n" + "struct g *a; {\n" + " long e;\n" + " if (e) {\n" + " (void) d((long) !b, c ? FALSE : TRUE);\n" + " }\n" + "}\n"); + } + void syntaxErrorFirstToken() { ASSERT_THROW(checkCode("&operator(){[]};"), InternalError); // #7818 ASSERT_THROW(checkCode("*(*const<> (size_t); foo) { } *(*const (size_t)() ; foo) { }"), InternalError); // #6858