Skip to content

Fix #12453 fuzzing timeout in getUnsafeFunction()#6020

Merged
chrchr-github merged 13 commits intocppcheck-opensource:mainfrom
chrchr-github:chr_Fix12453
Feb 26, 2024
Merged

Fix #12453 fuzzing timeout in getUnsafeFunction()#6020
chrchr-github merged 13 commits intocppcheck-opensource:mainfrom
chrchr-github:chr_Fix12453

Conversation

@chrchr-github
Copy link
Copy Markdown
Collaborator

@chrchr-github chrchr-github commented Feb 22, 2024

No description provided.

@firewave
Copy link
Copy Markdown
Collaborator

firewave commented Feb 22, 2024

Need to merge #6018 first and rebase on that to make sure everything it working fine. The timeout was kinda broken.

@chrchr-github
Copy link
Copy Markdown
Collaborator Author

chrchr-github commented Feb 22, 2024

We could also throw an error in findExpressionStartEndTokens() to be on the safe side.

@firewave
Copy link
Copy Markdown
Collaborator

firewave commented Feb 22, 2024

We could also throw an error in findExpressionStartEndTokens() to be on the safe side.

Do what you think is appropriate.

One of the fuzzing improvements so we use input closer to real code is that I would discard all cases where we encounter a syntaxError. That would prevent us from finding more potential issues but seems like more reasonable. I already do that for simplecpp.

@chrchr-github chrchr-github marked this pull request as draft February 23, 2024 07:21
@chrchr-github
Copy link
Copy Markdown
Collaborator Author

chrchr-github commented Feb 23, 2024
edited
Loading

void f(double(&)[4]) {}
For &, findExpressionStartEndTokens() returns double as both start and end. Is this expected behavior?

There is an AST issue, ( only has one operand when there is no variable.

Additionally,

class c {
  typedef char foo[4];
  foo _a;
  operator foo &() { return _a; }
};

gets simplified to

2: class c {
3:
4: char _a@var1 [ 4 ] ;
5: operatorchar ( & ( ) ) [ 4 ] { return _a@var1 ; }
6: } ;

which is wrong.

@chrchr-github chrchr-github marked this pull request as ready for review February 24, 2024 21:12
@chrchr-github chrchr-github merged commit eb2dbd3 into cppcheck-opensource:main Feb 26, 2024
@chrchr-github chrchr-github deleted the chr_Fix12453 branch February 26, 2024 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chrchr-github @firewave