Fix #12494 fuzzing crash in CheckAutoVariables::checkAutoVariableAssignment() (#6093)

chrchr-github · web-flow · commit b564fdd9a9b0 · 2024-03-08T17:07:31.000+01:00
diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
@@ -6658,7 +6658,10 @@ Token *Tokenizer::simplifyAddBracesPair(Token *tok, bool commandWithCondition)
             }
             if (!tokEnd || tokEnd->str() != ";") {
                 // No trailing ;
-                return tok;
+                if (tokStatement->isUpperCaseName())
+                    unknownMacroError(tokStatement);
+                else
+                    syntaxError(tokStatement);
             }
         }
 
diff --git a/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 b/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61
@@ -0,0 +1 @@
+d o(i*a){n b;*a=&b;if(a)r{}}
diff --git a/test/testcondition.cpp b/test/testcondition.cpp
@@ -2792,13 +2792,12 @@ class TestCondition : public TestFixture {
               "}");
         ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (warning) Identical condition 'x>100', second condition is always false\n", errout.str());
 
-        check("void f(int x) {\n"  // #8217 - crash for incomplete code
-              "  if (x > 100) { return; }\n"
-              "  X(do);\n"
-              "  if (x > 100) {}\n"
-              "}");
-        // TODO: we should probably throw unknownMacro InternalError. Complain that the macro X must be defined. We can't check the code well without the definition.
-        ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (style) Condition 'x>100' is always false\n", errout.str());
+        ASSERT_THROW(check("void f(int x) {\n"  // #8217 - crash for incomplete code
+                           "  if (x > 100) { return; }\n"
+                           "  X(do);\n"
+                           "  if (x > 100) {}\n"
+                           "}"),
+                     InternalError);
 
         check("void f(const int *i) {\n"
               "  if (!i) return;\n"
diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp
@@ -1130,12 +1130,7 @@ class TestTokenizer : public TestFixture {
             "    for (int k=0; k<VectorSize; k++)"
             "        LOG_OUT(ID_Vector[k])"
             "}";
-        const char expected[] =
-            "void f ( ) { "
-            "for ( int k = 0 ; k < VectorSize ; k ++ ) "
-            "LOG_OUT ( ID_Vector [ k ] ) "
-            "}";
-        ASSERT_EQUALS(expected, tokenizeAndStringify(code));
+        ASSERT_THROW(tokenizeAndStringify(code), InternalError);
     }
 
     void ifAddBraces11() {
@@ -1358,16 +1353,12 @@ class TestTokenizer : public TestFixture {
 
         {
             const char code[] = "{ UNKNOWN_MACRO ( do ) ; while ( a -- ) ; }";
-            const char result[] = "{ UNKNOWN_MACRO ( do ) ; while ( a -- ) { ; } }";
-
-            ASSERT_EQUALS(result, tokenizeAndStringify(code));
+            ASSERT_THROW(tokenizeAndStringify(code), InternalError);
         }
 
         {
             const char code[] = "{ UNKNOWN_MACRO ( do , foo ) ; while ( a -- ) ; }";
-            const char result[] = "{ UNKNOWN_MACRO ( do , foo ) ; while ( a -- ) { ; } }";
-
-            ASSERT_EQUALS(result, tokenizeAndStringify(code));
+            ASSERT_THROW(tokenizeAndStringify(code), InternalError);
         }
 
         {

Original file line number	Diff line number	Diff line change
`@@ -6658,7 +6658,10 @@ Token Tokenizer::simplifyAddBracesPair(Token tok, bool commandWithCondition)`
`6658`	`6658`	`}`
`6659`	`6659`	`if (!tokEnd \|\| tokEnd->str() != ";") {`
`6660`	`6660`	`// No trailing ;`
`6661`		`- return tok;`
	`6661`	`+ if (tokStatement->isUpperCaseName())`
	`6662`	`+ unknownMacroError(tokStatement);`
	`6663`	`+ else`
	`6664`	`+ syntaxError(tokStatement);`
`6662`	`6665`	`}`
`6663`	`6666`	`}`
`6664`	`6667`
Original file line number	Diff line number	Diff line change
`@@ -1130,12 +1130,7 @@ class TestTokenizer : public TestFixture {`
`1130`	`1130`	`" for (int k=0; k<VectorSize; k++)"`
`1131`	`1131`	`" LOG_OUT(ID_Vector[k])"`
`1132`	`1132`	`"}";`
`1133`		`- const char expected[] =`
`1134`		`- "void f ( ) { "`
`1135`		`- "for ( int k = 0 ; k < VectorSize ; k ++ ) "`
`1136`		`- "LOG_OUT ( ID_Vector [ k ] ) "`
`1137`		`- "}";`
`1138`		`- ASSERT_EQUALS(expected, tokenizeAndStringify(code));`
	`1133`	`+ ASSERT_THROW(tokenizeAndStringify(code), InternalError);`
`1139`	`1134`	`}`
`1140`	`1135`
`1141`	`1136`	`void ifAddBraces11() {`
`@@ -1358,16 +1353,12 @@ class TestTokenizer : public TestFixture {`
`1358`	`1353`
`1359`	`1354`	`{`
`1360`	`1355`	`const char code[] = "{ UNKNOWN_MACRO ( do ) ; while ( a -- ) ; }";`
`1361`		`- const char result[] = "{ UNKNOWN_MACRO ( do ) ; while ( a -- ) { ; } }";`
`1362`		`-`
`1363`		`- ASSERT_EQUALS(result, tokenizeAndStringify(code));`
	`1356`	`+ ASSERT_THROW(tokenizeAndStringify(code), InternalError);`
`1364`	`1357`	`}`
`1365`	`1358`
`1366`	`1359`	`{`
`1367`	`1360`	`const char code[] = "{ UNKNOWN_MACRO ( do , foo ) ; while ( a -- ) ; }";`
`1368`		`- const char result[] = "{ UNKNOWN_MACRO ( do , foo ) ; while ( a -- ) { ; } }";`
`1369`		`-`
`1370`		`- ASSERT_EQUALS(result, tokenizeAndStringify(code));`
	`1361`	`+ ASSERT_THROW(tokenizeAndStringify(code), InternalError);`
`1371`	`1362`	`}`
`1372`	`1363`
`1373`	`1364`	`{`