From ee5cf0f14156a5b3b45323802d04460141f2e7d1 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Wed, 5 Jul 2023 22:34:25 +0200 Subject: [PATCH] Fix #11810 nullptr deref in compilePrecedence2() (#5218) --- lib/tokenize.cpp | 2 +- test/testtokenize.cpp | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 815040df91e..2c1f152e4be 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -7121,7 +7121,7 @@ void Tokenizer::simplifyVarDecl(Token * tokBegin, const Token * const tokEnd, co if (Token::Match(tok2, "{|(|[")) tok2 = tok2->link(); - else if (!isC() && tok2->str() == "<" && tok2->previous()->isName() && !tok2->previous()->varId()) + else if (!isC() && tok2->str() == "<" && ((tok2->previous()->isName() && !tok2->previous()->varId()) || tok2->strAt(-1) == "]")) tok2 = tok2->findClosingBracket(); else if (std::strchr(";,", tok2->str()[0])) { diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp index 266224c0e29..ec0976528e3 100644 --- a/test/testtokenize.cpp +++ b/test/testtokenize.cpp @@ -3501,6 +3501,20 @@ class TestTokenizer : public TestFixture { ASSERT_EQUALS(true, tok1->link() == tok2); ASSERT_EQUALS(true, tok2->link() == tok1); } + + { // #11810 + const char code[] = "void f() {\n" + " auto g = [] (A a, B&& b) { return a < b; };\n" + "}\n"; + errout.str(""); + Tokenizer tokenizer(&settings0, this); + std::istringstream istr(code); + ASSERT(tokenizer.tokenize(istr, "test.cpp")); + const Token* tok1 = Token::findsimplematch(tokenizer.tokens(), "< A"); + const Token* tok2 = Token::findsimplematch(tok1, "> ("); + ASSERT_EQUALS(true, tok1->link() == tok2); + ASSERT_EQUALS(true, tok2->link() == tok1); + } } void simplifyString() {