From e75662aaf1563a9685290bdfabf7522c981f98ba Mon Sep 17 00:00:00 2001 From: Alexander Mai Date: Thu, 25 Jun 2015 20:48:05 +0200 Subject: [PATCH] #6792 segmentation fault (invalid code) in TemplateSimplifier::templateParameters. Avoid null pointer access --- lib/templatesimplifier.cpp | 4 ++++ test/testgarbage.cpp | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/lib/templatesimplifier.cpp b/lib/templatesimplifier.cpp index fc6910582..5bc08e5ef 100644 --- a/lib/templatesimplifier.cpp +++ b/lib/templatesimplifier.cpp @@ -292,6 +292,10 @@ unsigned int TemplateSimplifier::templateParameters(const Token *tok) // Function pointer or prototype.. while (Token::Match(tok, "(|[")) { + if (!tok->link()) { + syntaxError(tok); + return 0; + } tok = tok->link()->next(); while (Token::Match(tok, "const|volatile")) // Ticket #5786: Skip function cv-qualifiers tok = tok->next(); diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index cb433a683..0215d5df4 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -131,6 +131,7 @@ private: TEST_CASE(garbageCode89); TEST_CASE(garbageCode90); TEST_CASE(garbageCode91); + TEST_CASE(garbageCode92); TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -717,6 +718,10 @@ private: checkCode("typedef __attribute__((vector_size (16))) { return[ (v2df){ } ;] }"); // do not crash } + void garbageCode92() { // #6792 + ASSERT_THROW(checkCode("template < typename _Tp ( ( ) ; _Tp ) , decltype > { } { ( ) ( ) }"), InternalError); // do not crash + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"