fixed fuzzing crash in simplecpp::Macro::expandToken() (#345)

danmar · Feb 27, 2024 · c5c02ff · c5c02ff
1 parent 6547bf7
commit c5c02ff
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/simplecpp.cpp b/simplecpp.cpp
@@ -1984,7 +1984,7 @@ namespace simplecpp {
                             if (paren == 0)
                               return tok->next->next;
                             tok = tok->next;
-                            if (parametertokens.front()->next->str() != ")" && parametertokens.size() > args.size())
+                            if (parametertokens.size() > args.size() && parametertokens.front()->next->str() != ")")
                               tok = expandToken(output, loc, tok, macros, expandedmacros, parametertokens)->previous;
                         }
                     }

diff --git a/test.cpp b/test.cpp
@@ -2714,6 +2714,15 @@ static void token()
     ASSERT_TOKEN("+22", false, true, false);
 }
 
+static void fuzz_crash()
+{
+    {
+        const char code[] = "#define n __VA_OPT__(u\n"
+                            "n\n";
+        (void)preprocess(code, simplecpp::DUI()); // do not crash
+    }
+}
+
 int main(int argc, char **argv)
 {
     TEST_CASE(backslash);
@@ -2940,5 +2949,7 @@ int main(int argc, char **argv)
 
     TEST_CASE(token);
 
+    TEST_CASE(fuzz_crash);
+
     return numberOfFailedAssertions > 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }