From b5a285319ce0810a82cd8dcba5d799c43c89d787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Fri, 29 Mar 2019 19:37:23 +0100 Subject: [PATCH] Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) --- lib/checkbufferoverrun.cpp | 2 +- test/testbufferoverrun.cpp | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 25944688a..295ed4eeb 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -278,7 +278,7 @@ void CheckBufferOverrun::arrayIndex() const Token *parent = tok; while (Token::simpleMatch(parent, "[")) parent = parent->astParent(); - if (parent->isUnaryOp("&")) + if (!parent || parent->isUnaryOp("&")) continue; } if (overflow || equal) { diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index a53bd3d44..73ec58278 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -228,6 +228,7 @@ private: TEST_CASE(crash4); // Ticket #8679 - crash TEST_CASE(crash5); // Ticket #8644 - crash TEST_CASE(crash6); // Ticket #9024 - crash + TEST_CASE(crash7); // Ticket #9073 - crash // TODO TEST_CASE(insecureCmdLineArgs); // TODO TEST_CASE(checkBufferAllocatedWithStrlen); @@ -3714,13 +3715,18 @@ private: "}"); } - void crash6() { // 8644 - token has varId() but variable() is null + void crash6() { check("void start(char* name) {\n" "char snapname[64] = { 0 }; \n" "strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n" "}"); } + void crash7() { // 9073 - [ has no astParent + check("char x[10];\n" + "void f() { x[10]; }"); + } + void insecureCmdLineArgs() { check("int main(int argc, char *argv[])\n" "{\n"