Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode)

This commit is contained in:
Daniel Marjamäki 2019-03-29 19:37:23 +01:00
parent 54bea2847a
commit b5a285319c
2 changed files with 8 additions and 2 deletions

View File

@ -278,7 +278,7 @@ void CheckBufferOverrun::arrayIndex()
const Token *parent = tok; const Token *parent = tok;
while (Token::simpleMatch(parent, "[")) while (Token::simpleMatch(parent, "["))
parent = parent->astParent(); parent = parent->astParent();
if (parent->isUnaryOp("&")) if (!parent || parent->isUnaryOp("&"))
continue; continue;
} }
if (overflow || equal) { if (overflow || equal) {

View File

@ -228,6 +228,7 @@ private:
TEST_CASE(crash4); // Ticket #8679 - crash TEST_CASE(crash4); // Ticket #8679 - crash
TEST_CASE(crash5); // Ticket #8644 - crash TEST_CASE(crash5); // Ticket #8644 - crash
TEST_CASE(crash6); // Ticket #9024 - crash TEST_CASE(crash6); // Ticket #9024 - crash
TEST_CASE(crash7); // Ticket #9073 - crash
// TODO TEST_CASE(insecureCmdLineArgs); // TODO TEST_CASE(insecureCmdLineArgs);
// TODO TEST_CASE(checkBufferAllocatedWithStrlen); // TODO TEST_CASE(checkBufferAllocatedWithStrlen);
@ -3714,13 +3715,18 @@ private:
"}"); "}");
} }
void crash6() { // 8644 - token has varId() but variable() is null void crash6() {
check("void start(char* name) {\n" check("void start(char* name) {\n"
"char snapname[64] = { 0 }; \n" "char snapname[64] = { 0 }; \n"
"strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n" "strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n"
"}"); "}");
} }
void crash7() { // 9073 - [ has no astParent
check("char x[10];\n"
"void f() { x[10]; }");
}
void insecureCmdLineArgs() { void insecureCmdLineArgs() {
check("int main(int argc, char *argv[])\n" check("int main(int argc, char *argv[])\n"
"{\n" "{\n"