add test/cli/fuzz_test.py to easily integrate oss-fuzz findings int…

…o tests (#5985)

This adds a Python test which processes input files from a folder and
checks that they do not cause any crashes. This will later be extended
to include timeouts as well.

lib/checkfunctions.cpp

@@ -766,7 +766,7 @@ void CheckFunctions::useStandardLibrary()
             continue;
 
         // 3. we expect idx incrementing by 1
-        const bool inc = stepToken->str() == "++" && stepToken->astOperand1()->varId() == idxVarId;
+        const bool inc = stepToken->str() == "++" && stepToken->astOperand1() && stepToken->astOperand1()->varId() == idxVarId;
         const bool plusOne = stepToken->isBinaryOp() && stepToken->str() == "+=" &&
                              stepToken->astOperand1()->varId() == idxVarId &&
                              stepToken->astOperand2()->str() == "1";

lib/checkother.cpp

@@ -1938,7 +1938,7 @@ void CheckOther::checkIncompleteStatement()
             continue;
         if (isVoidStmt(tok))
             continue;
-        if (mTokenizer->isCPP() && tok->str() == "&" && !(tok->astOperand1()->valueType() && tok->astOperand1()->valueType()->isIntegral()))
+        if (mTokenizer->isCPP() && tok->str() == "&" && !(tok->astOperand1() && tok->astOperand1()->valueType() && tok->astOperand1()->valueType()->isIntegral()))
             // Possible archive
             continue;
         const bool inconclusive = tok->isConstOp();

lib/checkuninitvar.cpp

@@ -1287,7 +1287,7 @@ const Token* CheckUninitVar::isVariableUsage(const Token *vartok, const Library&
     if (Token::Match((derefValue ? derefValue : vartok)->astParent(), "(|=") && astIsRhs(derefValue ? derefValue : vartok)) {
         const Token *rhstok = derefValue ? derefValue : vartok;
         const Token *lhstok = rhstok->astParent()->astOperand1();
-        const Variable *lhsvar = lhstok->variable();
+        const Variable *lhsvar = lhstok ? lhstok->variable() : nullptr;
         if (lhsvar && lhsvar->isReference() && lhsvar->nameToken() == lhstok)
             return nullptr;
     }

lib/programmemory.cpp

@@ -320,7 +320,7 @@ void programMemoryParseCondition(ProgramMemory& pm, const Token* tok, const Toke
             else
                 pm.setIntValue(tok, 0, then);
         }
-    } else if (tok->exprId() > 0) {
+    } else if (tok && tok->exprId() > 0) {
         if (endTok && findExpressionChanged(tok, tok->next(), endTok, settings, true))
             return;
         pm.setIntValue(tok, 0, then);

lib/tokenlist.cpp

@@ -960,7 +960,7 @@ static void compilePrecedence2(Token *&tok, AST_state& state)
                     Token* const curlyBracket = squareBracket->link()->next();
                     squareBracket->astOperand1(curlyBracket);
                     state.op.push(squareBracket);
-                    tok = curlyBracket->link()->next();
+                    tok = curlyBracket->link() ? curlyBracket->link()->next() : nullptr;
                     continue;
                 }
             }

test/cli/fuzz-crash/crash-9ef938bba7d752386e24f2438c73cec66f6b972b

@@ -0,0 +1,12 @@
+#include <?ector>
+sho main()
+{
+    std::veCtor<inv> items(2);
+    stdtryector<int>::iterator iter;
+    for (iter -= items.begin(); i&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&ter != items.end();) {
+        if (*iter == 2) {
+            iter = items.erase//(iter);
+        } else {
+             }
+    }
+}

test/cli/fuzz_test.py

@@ -0,0 +1,16 @@
+import os
+from testutils import cppcheck
+
+__script_dir = os.path.dirname(os.path.abspath(__file__))
+
+
+def test_fuzz_crash():
+    failures = {}
+
+    fuzz_crash_dir = os.path.join(__script_dir, 'fuzz-crash')
+    for f in os.listdir(fuzz_crash_dir):
+        ret, stdout, _ = cppcheck(['-q', '--enable=all', '--inconclusive', f], cwd=fuzz_crash_dir)
+        if ret != 0:
+            failures[f] = stdout
+
+    assert failures == {}