Skip to content

Commit 952f81c

Browse files
chrchr-githubchrchr-github
authored
Fix #14438 fuzzing crash (null-pointer-use) in singleAssignInScope() (danmar#8201)
1 parent fbb1055 commit 952f81c

File tree

3 files changed

+4
-3
lines changed

3 files changed

+4
-3
lines changed

lib/tokenize.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9018,8 +9018,8 @@ void Tokenizer::findGarbageCode() const
90189018
syntaxError(tok);
90199019
if (Token::Match(tok, "? %assign%"))
90209020
syntaxError(tok);
9021-
if (Token::Match(tok, "!|~ %comp%") &&
9022-
!(cpp && tok->strAt(1) == ">" && Token::simpleMatch(tok->tokAt(-1), "operator")))
9021+
if (Token::Match(tok, "[!~+-/] %comp%") &&
9022+
!(cpp && Token::Match(tok->next(), "[<>]") && Token::simpleMatch(tok->tokAt(-1), "operator")))
90239023
syntaxError(tok);
90249024
if (Token::Match(tok, "%comp% {") && (!cpp || tok->str() != ">"))
90259025
syntaxError(tok);

test/cli/fuzz-crash/crash-c540e04fe675639b7ead821efc2f5c037b6c89e0

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
o o(){i n;for(i x:v)n=n+<1;}

test/testgarbage.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -848,7 +848,7 @@ class TestGarbage : public TestFixture {
848848
}
849849

850850
void garbageCode95() { // #6804
851-
ASSERT_THROW_INTERNAL(checkCode("{ } x x ; { } h h [ ] ( ) ( ) { struct x ( x ) ; int __attribute__ ( ) f ( ) { h - > first = & x ; struct x * n = h - > first ; ( ) n > } }"), AST); // do not crash
851+
ASSERT_THROW_INTERNAL(checkCode("{ } x x ; { } h h [ ] ( ) ( ) { struct x ( x ) ; int __attribute__ ( ) f ( ) { h - > first = & x ; struct x * n = h - > first ; ( ) n > } }"), SYNTAX); // do not crash
852852
}
853853

854854
void garbageCode96() { // #6807

0 commit comments

Comments
 (0)