From f2d397882f38e9d39786d1751cc204231ee6d04f Mon Sep 17 00:00:00 2001 From: amai2012 Date: Wed, 3 Jun 2015 17:17:53 +0200 Subject: [PATCH] #6753 segmentation fault (invalid code) in CheckMemoryLeakStructMember::checkStructVariable. #6754 segmentation fault (invalid code) in CheckUnusedVar::checkFunctionVariableUsage_iterateScopes. Trivial fixes to avoid null pointer access --- lib/checkmemoryleak.cpp | 2 +- lib/checkunusedvar.cpp | 12 ++++++------ test/testgarbage.cpp | 10 ++++++++++ 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/lib/checkmemoryleak.cpp b/lib/checkmemoryleak.cpp index d1bc095be..d31e2b9e9 100644 --- a/lib/checkmemoryleak.cpp +++ b/lib/checkmemoryleak.cpp @@ -2520,7 +2520,7 @@ void CheckMemoryLeakStructMember::checkStructVariable(const Variable * const var // Check struct.. unsigned int indentlevel2 = 0; - for (const Token *tok2 = variable->nameToken(); tok2 != variable->scope()->classEnd; tok2 = tok2->next()) { + for (const Token *tok2 = variable->nameToken(); tok2 && tok2 != variable->scope()->classEnd; tok2 = tok2->next()) { if (tok2->str() == "{") ++indentlevel2; diff --git a/lib/checkunusedvar.cpp b/lib/checkunusedvar.cpp index 0a8e5543e..5ca1a0b89 100644 --- a/lib/checkunusedvar.cpp +++ b/lib/checkunusedvar.cpp @@ -440,7 +440,7 @@ static const Token* doAssignment(Variables &variables, const Token *tok, bool de tok = tok->next(); if (Token::Match(tok, "(| &| %name%") || - Token::Match(tok->next(), "< const| struct|union| %type% *| > ( &| %name%")) { + (tok && Token::Match(tok->next(), "< const| struct|union| %type% *| > ( &| %name%"))) { bool addressOf = false; if (Token::Match(tok, "%var% .")) @@ -504,7 +504,7 @@ static const Token* doAssignment(Variables &variables, const Token *tok, bool de // check if variable is local unsigned int varid2 = tok->varId(); - Variables::VariableUsage* var2 = variables.find(varid2); + const Variables::VariableUsage* var2 = variables.find(varid2); if (var2) { // local variable (alias or read it) if (var1->_type == Variables::pointer || var1->_type == Variables::pointerArray) { @@ -599,9 +599,9 @@ static const Token* doAssignment(Variables &variables, const Token *tok, bool de // check for alias to struct member // char c[10]; a.b = c; else if (Token::Match(tok->tokAt(-2), "%name% .")) { - if (tok->tokAt(2)->varId()) { - unsigned int varid2 = tok->tokAt(2)->varId(); - Variables::VariableUsage *var2 = variables.find(varid2); + if (tok->tokAt(2) && tok->tokAt(2)->varId()) { + const unsigned int varid2 = tok->tokAt(2)->varId(); + const Variables::VariableUsage *var2 = variables.find(varid2); // struct member aliased to local variable if (var2 && (var2->_type == Variables::array || @@ -616,7 +616,7 @@ static const Token* doAssignment(Variables &variables, const Token *tok, bool de // Possible pointer alias else if (Token::Match(tok, "%name% = %name% ;")) { const unsigned int varid2 = tok->tokAt(2)->varId(); - Variables::VariableUsage *var2 = variables.find(varid2); + const Variables::VariableUsage *var2 = variables.find(varid2); if (var2 && (var2->_type == Variables::array || var2->_type == Variables::pointer)) { variables.use(varid2,tok); diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index e393ae881..175a48852 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -113,6 +113,8 @@ private: TEST_CASE(garbageCode72); TEST_CASE(garbageCode73); TEST_CASE(garbageCode74); + TEST_CASE(garbageCode75); + TEST_CASE(garbageCode76); TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -630,6 +632,14 @@ private: checkCode("_lenraw(const char* digits) { } typedef decltype(sizeof(0)) { } operator"); } + void garbageCode75() { // #6753 + checkCode("{ { void foo() { struct }; { }; } }; struct S { } f =", "test.c"); + } + + void garbageCode76() { // #6754 + checkCode(" ( ) ( ) { ( ) [ ] } TEST ( ) { ( _broadcast_f32x4 ) ( ) ( ) ( ) ( ) if ( ) ( ) ; } E mask = ( ) [ ] ( ) res1.x ="); + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"