#7018 segmentation fault (invalid code) in Tokenizer::simplifyEnum

This commit is contained in:
amai2012 2015-10-02 15:33:23 +02:00
parent 2fbb25e9bc
commit fde59242bb
2 changed files with 11 additions and 2 deletions

View File

@ -7434,7 +7434,7 @@ void Tokenizer::simplifyEnum()
enumName = tok1;
lastValue = 0;
tok1 = tok1->tokAt(2);
if (Token::Match(tok1, ",|{|}"))
if (!tok1 || Token::Match(tok1, ",|{|}"))
syntaxError(tok1);
enumValueStart = tok1;
@ -7442,6 +7442,8 @@ void Tokenizer::simplifyEnum()
while (enumValueEnd->next() && (!Token::Match(enumValueEnd->next(), "[},]"))) {
if (Token::Match(enumValueEnd, "(|[")) {
enumValueEnd = enumValueEnd->link();
if (!enumValueEnd) // #7018 invalid code
syntaxError(nullptr);
continue;
} else if (isCPP() && Token::Match(enumValueEnd, "%type% <") && TemplateSimplifier::templateParameters(enumValueEnd->next()) >= 1U) {
Token *endtoken = enumValueEnd->next()->findClosingBracket();
@ -7452,8 +7454,9 @@ void Tokenizer::simplifyEnum()
} else
syntaxError(enumValueEnd);
}
enumValueEnd = enumValueEnd->next();
if (!enumValueEnd) // #7018 invalid code
syntaxError(nullptr);
}
// remember this expression in case it needs to be incremented
lastEnumValueStart = enumValueStart;

View File

@ -167,6 +167,7 @@ private:
TEST_CASE(garbageCode125); // 6782, 6834
TEST_CASE(garbageCode126); // #6997
TEST_CASE(garbageCode127); // #6667
TEST_CASE(garbageCode128); // #7018
TEST_CASE(garbageValueFlow);
TEST_CASE(garbageSymbolDatabase);
@ -965,6 +966,11 @@ private:
" foo(A(12)).Var\n");
}
void garbageCode128() {
ASSERT_THROW(checkCode("enum { FOO = ( , ) } {{ }} enum {{ FOO << = } ( ) } {{ }} ;"),
InternalError);
}
void garbageValueFlow() {
// #6089
const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"