Fix #12643-46 fuzzing crashes (danmar#6336)

chrchr-github · Apr 24, 2024 · 9fab9b9 · 9fab9b9
1 parent 7dab204
commit 9fab9b9
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 3 deletions.
diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
@@ -8690,6 +8690,12 @@ void Tokenizer::findGarbageCode() const
             syntaxError(tok);
         if (Token::Match(tok, "^ %op%") && !Token::Match(tok->next(), "[>*+-!~]"))
             syntaxError(tok);
+        if (Token::Match(tok, ": [)]=]"))
+            syntaxError(tok);
+        if (Token::Match(tok, "typedef [,;]"))
+            syntaxError(tok);
+        if (Token::Match(tok, "! %comp%"))
+            syntaxError(tok);
 
         if (tok->link() && Token::Match(tok, "[([]") && (!tok->tokAt(-1) || !tok->tokAt(-1)->isControlFlowKeyword())) {
             const Token* const end = tok->link();

diff --git a/test/cli/fuzz-crash/crash-28733cc31fd7f5d636beeaa3fa2bc30779fc6487 b/test/cli/fuzz-crash/crash-28733cc31fd7f5d636beeaa3fa2bc30779fc6487
@@ -0,0 +1 @@
+assert({:=4;})
diff --git a/test/cli/fuzz-crash/crash-3275671bf6888060270f902458ff36c711718e22 b/test/cli/fuzz-crash/crash-3275671bf6888060270f902458ff36c711718e22
@@ -0,0 +1 @@
+v o(ia){$ i;for(i:)a=[]0;}
diff --git a/test/cli/fuzz-crash/crash-58e1517a74e314553e8eef249268cec29493235b b/test/cli/fuzz-crash/crash-58e1517a74e314553e8eef249268cec29493235b
@@ -0,0 +1 @@
+n a(){!!=!!?:b}
diff --git a/test/cli/fuzz-crash/crash-a431ec7f7379fc460eaa6284627091ded6c0d696 b/test/cli/fuzz-crash/crash-a431ec7f7379fc460eaa6284627091ded6c0d696
@@ -0,0 +1 @@
+{for(typedef,typedef;);}
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
@@ -862,7 +862,7 @@ class TestGarbage : public TestFixture {
         ASSERT_THROW_INTERNAL_EQUALS(checkCode("{ xs :: i(:) ! ! x/5 ! !\n"
                                                "i, :: a :: b integer, } foo2(x) :: j(:)\n"
                                                "b type(*), d(:), a x :: end d(..), foo end\n"
-                                               "foo4 b d(..), a a x type(*), b foo2 b"), INTERNAL, "Internal error. AST cyclic dependency.");
+                                               "foo4 b d(..), a a x type(*), b foo2 b"), SYNTAX, "syntax error");
     }
 
     void garbageCode100() { // #6840
@@ -987,7 +987,7 @@ class TestGarbage : public TestFixture {
     }
 
     void garbageCode125() {
-        ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), UNKNOWN_MACRO);
+        ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), SYNTAX);
         ASSERT_THROW_INTERNAL(checkCode("template < Types > struct S :{ ( S < ) S >} { ( ) { } } ( ) { return S < void > ( ) }"),
                               SYNTAX);
     }
@@ -1661,7 +1661,7 @@ class TestGarbage : public TestFixture {
 
     void garbageCode206() {
         ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (auto operator new : int); }"));
-        ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (a operator== :) }"));
+        ASSERT_EQUALS("[test.cpp:1] syntax error", getSyntaxError("void foo() { for (a operator== :) }"));
     }
 
     void garbageCode207() { // #8750