Skip to content

Commit

Permalink
fixed fuzzing crash
Browse files Browse the repository at this point in the history 
/home/user/CLionProjects/cppcheck-rider/lib/checkautovariables.cpp:61:105: runtime error: member access within null pointer of type 'const Scope'
    #0 0x5cd9c01906fb in isArrayArg(Token const*, Settings const*) /home/user/CLionProjects/cppcheck-rider/lib/checkautovariables.cpp:61:105
    #1 0x5cd9c018d8f4 in CheckAutoVariables::autoVariables() /home/user/CLionProjects/cppcheck-rider/lib/checkautovariables.cpp:293:50
    danmar#2 0x5cd9c01a560f in CheckAutoVariables::runChecks(Tokenizer const&, ErrorLogger*) /home/user/CLionProjects/cppcheck-rider/lib/checkautovariables.h:62:28
    danmar#3 0x5cd9c08088bd in CppCheck::checkNormalTokens(Tokenizer const&) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:1132:20
    danmar#4 0x5cd9c082193b in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::istream*) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:965:17
    danmar#5 0x5cd9c080ef64 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:564:12
    danmar#6 0x5cd9bf91044b in SingleExecutor::check() /home/user/CLionProjects/cppcheck-rider/cli/singleexecutor.cpp:53:29
    danmar#7 0x5cd9bf84a97b in CppCheckExecutor::check_internal(Settings const&) const /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:279:32
    danmar#8 0x5cd9bf84974d in CppCheckExecutor::check_wrapper(Settings const&) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:218:12
    danmar#9 0x5cd9bf84868a in CppCheckExecutor::check(int, char const* const*) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:204:21
    danmar#10 0x5cd9c0f56eb7 in main /home/user/CLionProjects/cppcheck-rider/cli/main.cpp:91:21
    danmar#11 0x7e6d76e1eccf  (/usr/lib/libc.so.6+0x29ccf) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    danmar#12 0x7e6d76e1ed89 in __libc_start_main (/usr/lib/libc.so.6+0x29d89) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    danmar#13 0x5cd9bf6829f4 in _start (/home/user/CLionProjects/cppcheck-rider/cmake-build-debug-clang-asan-ubsan/bin/cppcheck+0xf6b9f4) (BuildId: 57a36609553096fb65d63bdeae23688115ebef1e)
  • Loading branch information
@firewave
firewave committed Mar 28, 2024
1 parent 5218f71 commit 6f88979
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/checkautovariables.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ static bool isPtrArg(const Token *tok)
static bool isArrayArg(const Token *tok, const Settings* settings)
{
const Variable *var = tok->variable();
return (var && var->isArgument() && var->isArray() && !settings->library.isentrypoint(var->scope()->className));
return (var && var->isArgument() && var->isArray() && var->scope() && !settings->library.isentrypoint(var->scope()->className));
}

static bool isArrayVar(const Token *tok)
Expand Down
1 change: 1 addition & 0 deletions test/cli/fuzz-crash/crash-6eadb507c9ee93d9500028a9be2d183d1518f26b
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
i a;u n(;a[]),n(){a[]=0}

0 comments on commit 6f88979

Please sign in to comment.