From c5c02ff331c461bfb4f5e8628d7d71bd64ba7f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20St=C3=B6neberg?= Date: Tue, 27 Feb 2024 15:58:33 +0100 Subject: [PATCH] fixed fuzzing crash in `simplecpp::Macro::expandToken()` (#345) --- simplecpp.cpp | 2 +- test.cpp | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/simplecpp.cpp b/simplecpp.cpp index 7dad4672..43d8ac4c 100755 --- a/simplecpp.cpp +++ b/simplecpp.cpp @@ -1984,7 +1984,7 @@ namespace simplecpp { if (paren == 0) return tok->next->next; tok = tok->next; - if (parametertokens.front()->next->str() != ")" && parametertokens.size() > args.size()) + if (parametertokens.size() > args.size() && parametertokens.front()->next->str() != ")") tok = expandToken(output, loc, tok, macros, expandedmacros, parametertokens)->previous; } } diff --git a/test.cpp b/test.cpp index 9588441c..322d1876 100644 --- a/test.cpp +++ b/test.cpp @@ -2714,6 +2714,15 @@ static void token() ASSERT_TOKEN("+22", false, true, false); } +static void fuzz_crash() +{ + { + const char code[] = "#define n __VA_OPT__(u\n" + "n\n"; + (void)preprocess(code, simplecpp::DUI()); // do not crash + } +} + int main(int argc, char **argv) { TEST_CASE(backslash); @@ -2940,5 +2949,7 @@ int main(int argc, char **argv) TEST_CASE(token); + TEST_CASE(fuzz_crash); + return numberOfFailedAssertions > 0 ? EXIT_FAILURE : EXIT_SUCCESS; }