#6803 segmentation fault (invalid code) in Token::findClosingBracket.

This commit is contained in:
amai2012 2015-06-30 12:16:55 +02:00
parent 0849deed01
commit c0b91662ba
2 changed files with 11 additions and 2 deletions

View File

@ -820,8 +820,11 @@ const Token * Token::findClosingBracket() const
if (_str == "<") { if (_str == "<") {
unsigned int depth = 0; unsigned int depth = 0;
for (closing = this; closing != nullptr; closing = closing->next()) { for (closing = this; closing != nullptr; closing = closing->next()) {
if (Token::Match(closing, "{|[|(")) if (Token::Match(closing, "{|[|(")) {
closing = closing->link(); closing = closing->link();
if (!closing)
return nullptr; // #6803
}
else if (Token::Match(closing, "}|]|)|;")) else if (Token::Match(closing, "}|]|)|;"))
break; break;
else if (closing->str() == "<") else if (closing->str() == "<")

View File

@ -133,6 +133,7 @@ private:
TEST_CASE(garbageCode91); TEST_CASE(garbageCode91);
TEST_CASE(garbageCode92); TEST_CASE(garbageCode92);
TEST_CASE(garbageCode93); TEST_CASE(garbageCode93);
TEST_CASE(garbageCode94);
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
@ -512,7 +513,7 @@ private:
void garbageCode40() { // #6620 void garbageCode40() { // #6620
checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }"); checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }");
ASSERT_THROW(checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }", "test.c"), InternalError); // test doesn't seem to work on any platform: ASSERT_THROW(checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }", "test.c"), InternalError);
} }
void garbageCode41() { // #6685 void garbageCode41() { // #6685
@ -728,6 +729,11 @@ private:
checkCode(" namespace A { } class A{ { }} class A : T ;", "test.c"); // do not crash checkCode(" namespace A { } class A{ { }} class A : T ;", "test.c"); // do not crash
} }
void garbageCode94() { // #6803
//checkCode("typedef long __m256i __attribute__ ( ( ( ) ) )[ ; ( ) { } typedef __m256i __attribute__ ( ( ( ) ) ) < ] ( ) { ; }");
ASSERT_THROW(checkCode("typedef long __m256i __attribute__ ( ( ( ) ) )[ ; ( ) { } typedef __m256i __attribute__ ( ( ( ) ) ) < ] ( ) { ; }"), InternalError);
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"