From bd22070df5bf223008cfb01c519dcab654297376 Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Sat, 26 Dec 2020 14:26:39 -0600 Subject: [PATCH] Fix issue 10027: Segmentation fault in ValueFlowAnalyzer::analyze (#2987) --- lib/reverseanalyzer.cpp | 3 +++ test/testvalueflow.cpp | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/lib/reverseanalyzer.cpp b/lib/reverseanalyzer.cpp index 43da453b2..a34ffde7a 100644 --- a/lib/reverseanalyzer.cpp +++ b/lib/reverseanalyzer.cpp @@ -128,6 +128,9 @@ struct ReverseTraversal { break; // Evaluate LHS of assignment before RHS if (Token* assignTok = assignExpr(tok)) { + // If assignTok has broken ast then stop + if (!assignTok->astOperand1() || !assignTok->astOperand2()) + break; Token* assignTop = assignTok; bool continueB = true; while (assignTop->isAssignmentOp()) { diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp index ccc2ab1e7..11f10c800 100644 --- a/test/testvalueflow.cpp +++ b/test/testvalueflow.cpp @@ -4978,6 +4978,20 @@ private: " }\n" "};\n"; valueOfTok(code, "c"); + + code = "void f() {\n" + " char* p = 0;\n" + " int pi =\n" + " p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n" + " : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n" + " : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n" + " : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n" + " : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 : p == \"a\" ? 1 \n" + " : 0;\n" + " int *i2 = 0;\n" + " if (i2) { }\n" + "}\n"; + valueOfTok(code, "p"); } void valueFlowHang() {