From b564fdd9a9b0df4de7cfe2ea96f4e91ea9874c15 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Fri, 8 Mar 2024 17:07:31 +0100 Subject: [PATCH] Fix #12494 fuzzing crash in CheckAutoVariables::checkAutoVariableAssignment() (#6093) --- lib/tokenize.cpp | 5 ++++- ...crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 | 1 + test/testcondition.cpp | 13 ++++++------- test/testtokenize.cpp | 15 +++------------ 4 files changed, 14 insertions(+), 20 deletions(-) create mode 100644 test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index da1a6fd0456..e51429466f2 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -6658,7 +6658,10 @@ Token *Tokenizer::simplifyAddBracesPair(Token *tok, bool commandWithCondition) } if (!tokEnd || tokEnd->str() != ";") { // No trailing ; - return tok; + if (tokStatement->isUpperCaseName()) + unknownMacroError(tokStatement); + else + syntaxError(tokStatement); } } diff --git a/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 b/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 new file mode 100644 index 00000000000..de445fa92bf --- /dev/null +++ b/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 @@ -0,0 +1 @@ +d o(i*a){n b;*a=&b;if(a)r{}} \ No newline at end of file diff --git a/test/testcondition.cpp b/test/testcondition.cpp index 07069f127c9..39d326952a8 100644 --- a/test/testcondition.cpp +++ b/test/testcondition.cpp @@ -2792,13 +2792,12 @@ class TestCondition : public TestFixture { "}"); ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (warning) Identical condition 'x>100', second condition is always false\n", errout.str()); - check("void f(int x) {\n" // #8217 - crash for incomplete code - " if (x > 100) { return; }\n" - " X(do);\n" - " if (x > 100) {}\n" - "}"); - // TODO: we should probably throw unknownMacro InternalError. Complain that the macro X must be defined. We can't check the code well without the definition. - ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (style) Condition 'x>100' is always false\n", errout.str()); + ASSERT_THROW(check("void f(int x) {\n" // #8217 - crash for incomplete code + " if (x > 100) { return; }\n" + " X(do);\n" + " if (x > 100) {}\n" + "}"), + InternalError); check("void f(const int *i) {\n" " if (!i) return;\n" diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp index 33fb3228954..94e273d7257 100644 --- a/test/testtokenize.cpp +++ b/test/testtokenize.cpp @@ -1130,12 +1130,7 @@ class TestTokenizer : public TestFixture { " for (int k=0; k