Fix #12511 fuzzing crash (stack overflow) in getLibraryContainer() (#…

…6165)
danmar · Mar 21, 2024 · e25c512 · e25c512
1 parent 91f1a25
commit e25c512
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -4972,6 +4972,8 @@ static void valueFlowLifetime(TokenList &tokenlist, ErrorLogger *errorLogger, co
         }
         // address of
         else if (tok->isUnaryOp("&")) {
+            if (Token::simpleMatch(tok->astParent(), "*"))
+                continue;
             for (const ValueFlow::LifetimeToken& lt : ValueFlow::getLifetimeTokens(tok->astOperand1())) {
                 if (!settings.certainty.isEnabled(Certainty::inconclusive) && lt.inconclusive)
                     continue;

diff --git a/test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd b/test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd
@@ -0,0 +1 @@
+d o(){t&a=*&a}
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
@@ -7434,6 +7434,9 @@ class TestValueFlow : public TestFixture {
                "    if (*q > 0 && *q < 100) {}\n"
                "}\n";
         valueOfTok(code, "&&");
+
+        code = "void f() { int& a = *&a; }\n"; // #12511
+        valueOfTok(code, "=");
     }
 
     void valueFlowHang() {