walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

#6800 segmentation fault (invalid code) in SymbolDatabase::SymbolDatabase. Fix null pointer access for invalid C code

This commit is contained in:
Alexander Mai 2015-06-29 19:56:02 +02:00
parent b8e08ca5d8
commit d7aa65c1fc
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/symboldatabase.cpp
View File

@ -54,8 +54,8 @@ SymbolDatabase::SymbolDatabase(const Tokenizer *tokenizer, const Settings *setti
"SymbolDatabase", "SymbolDatabase",
tok->progressValue()); tok->progressValue());
// Locate next class // Locate next class
if (Token::Match(tok, "class|struct|union|namespace ::| %name% {|:|::|<") && if ((_tokenizer->isCPP() && Token::Match(tok, "class|struct|union|namespace ::| %name% {|:|::|<") && tok->strAt(-1) != "friend")
tok->strAt(-1) != "friend") { || (_tokenizer->isC() && Token::Match(tok, "struct|union| %name% {"))) {
const Token *tok2 = tok->tokAt(2); const Token *tok2 = tok->tokAt(2);
if (tok->strAt(1) == "::") if (tok->strAt(1) == "::")
@ -105,7 +105,7 @@ SymbolDatabase::SymbolDatabase(const Tokenizer *tokenizer, const Settings *setti
} }
// definition may be different than declaration // definition may be different than declaration
if (tok->str() == "class") { if (_tokenizer->isCPP() && tok->str() == "class") {
access[new_scope] = Private; access[new_scope] = Private;
new_scope->type = Scope::eClass; new_scope->type = Scope::eClass;
} else if (tok->str() == "struct") { } else if (tok->str() == "struct") {

6
test/testgarbage.cpp
View File

@ -132,6 +132,7 @@ private:
TEST_CASE(garbageCode90); TEST_CASE(garbageCode90);
TEST_CASE(garbageCode91); TEST_CASE(garbageCode91);
TEST_CASE(garbageCode92); TEST_CASE(garbageCode92);
TEST_CASE(garbageCode93);
TEST_CASE(garbageValueFlow); TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase); TEST_CASE(garbageSymbolDatabase);
@ -511,6 +512,7 @@ private:
void garbageCode40() { // #6620 void garbageCode40() { // #6620
checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }"); checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }");
ASSERT_THROW(checkCode("{ ( ) () { virtual } ; { } E } A { : { } ( ) } * const ( ) const { }", "test.c"), InternalError);
} }
void garbageCode41() { // #6685 void garbageCode41() { // #6685
@ -722,6 +724,10 @@ private:
ASSERT_THROW(checkCode("template < typename _Tp ( ( ) ; _Tp ) , decltype > { } { ( ) ( ) }"), InternalError); // do not crash ASSERT_THROW(checkCode("template < typename _Tp ( ( ) ; _Tp ) , decltype > { } { ( ) ( ) }"), InternalError); // do not crash
} }
void garbageCode93() { // #6800
checkCode(" namespace A { } class A{ { }} class A : T ;", "test.c"); // do not crash
}
void garbageValueFlow() { void garbageValueFlow() {
// #6089 // #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n" const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"