Fix issue 10027: Segmentation fault in ValueFlowAnalyzer::analyze (#2987)

2020-12-26 14:26:39 -06:00 · 2020-12-26 14:26:39 -06:00 · bd22070df5
parent 9d54303cfa
commit bd22070df5
2 changed files with 17 additions and 0 deletions
--- a/lib/reverseanalyzer.cpp
+++ b/lib/reverseanalyzer.cpp
@ -128,6 +128,9 @@ struct ReverseTraversal {
                break;
            // Evaluate LHS of assignment before RHS
            if (Token* assignTok = assignExpr(tok)) {
+                // If assignTok has broken ast then stop
+                if (!assignTok->astOperand1() || !assignTok->astOperand2())
+                    break;
                Token* assignTop = assignTok;
                bool continueB = true;
                while (assignTop->isAssignmentOp()) {
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@ -4978,6 +4978,20 @@ private:
               "  }\n"
               "};\n";
        valueOfTok(code, "c");
+
+        code = "void f() {\n"
+               "   char* p = 0;\n"
+               "   int pi =\n"
+               "     p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n"
+               "   : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n"
+               "   : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n"
+               "   : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n"
+               "   : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n"
+               "   : 0;\n"
+               "   int *i2 = 0;\n"
+               "   if (i2) { }\n"
+               "}\n";
+        valueOfTok(code, "p");
    }

    void valueFlowHang() {