Fix #12643-46 fuzzing crashes (#6336)

chrchr-github · web-flow · commit 9fab9b94ca2e · 2024-04-24T10:46:48.000+02:00
diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
@@ -8690,6 +8690,12 @@ void Tokenizer::findGarbageCode() const
             syntaxError(tok);
         if (Token::Match(tok, "^ %op%") && !Token::Match(tok->next(), "[>*+-!~]"))
             syntaxError(tok);
+        if (Token::Match(tok, ": [)]=]"))
+            syntaxError(tok);
+        if (Token::Match(tok, "typedef [,;]"))
+            syntaxError(tok);
+        if (Token::Match(tok, "! %comp%"))
+            syntaxError(tok);
 
         if (tok->link() && Token::Match(tok, "[([]") && (!tok->tokAt(-1) || !tok->tokAt(-1)->isControlFlowKeyword())) {
             const Token* const end = tok->link();
diff --git a/test/cli/fuzz-crash/crash-28733cc31fd7f5d636beeaa3fa2bc30779fc6487 b/test/cli/fuzz-crash/crash-28733cc31fd7f5d636beeaa3fa2bc30779fc6487
@@ -0,0 +1 @@
+assert({:=4;})
diff --git a/test/cli/fuzz-crash/crash-3275671bf6888060270f902458ff36c711718e22 b/test/cli/fuzz-crash/crash-3275671bf6888060270f902458ff36c711718e22
@@ -0,0 +1 @@
+v o(ia){$ i;for(i:)a=[]0;}
diff --git a/test/cli/fuzz-crash/crash-58e1517a74e314553e8eef249268cec29493235b b/test/cli/fuzz-crash/crash-58e1517a74e314553e8eef249268cec29493235b
@@ -0,0 +1 @@
+n a(){!!=!!?:b}
diff --git a/test/cli/fuzz-crash/crash-a431ec7f7379fc460eaa6284627091ded6c0d696 b/test/cli/fuzz-crash/crash-a431ec7f7379fc460eaa6284627091ded6c0d696
@@ -0,0 +1 @@
+{for(typedef,typedef;);}
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
@@ -862,7 +862,7 @@ class TestGarbage : public TestFixture {
         ASSERT_THROW_INTERNAL_EQUALS(checkCode("{ xs :: i(:) ! ! x/5 ! !\n"
                                                "i, :: a :: b integer, } foo2(x) :: j(:)\n"
                                                "b type(*), d(:), a x :: end d(..), foo end\n"
-                                               "foo4 b d(..), a a x type(*), b foo2 b"), INTERNAL, "Internal error. AST cyclic dependency.");
+                                               "foo4 b d(..), a a x type(*), b foo2 b"), SYNTAX, "syntax error");
     }
 
     void garbageCode100() { // #6840
@@ -987,7 +987,7 @@ class TestGarbage : public TestFixture {
     }
 
     void garbageCode125() {
-        ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), UNKNOWN_MACRO);
+        ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), SYNTAX);
         ASSERT_THROW_INTERNAL(checkCode("template < Types > struct S :{ ( S < ) S >} { ( ) { } } ( ) { return S < void > ( ) }"),
                               SYNTAX);
     }
@@ -1661,7 +1661,7 @@ class TestGarbage : public TestFixture {
 
     void garbageCode206() {
         ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (auto operator new : int); }"));
-        ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (a operator== :) }"));
+        ASSERT_EQUALS("[test.cpp:1] syntax error", getSyntaxError("void foo() { for (a operator== :) }"));
     }
 
     void garbageCode207() { // #8750

Original file line number	Diff line number	Diff line change
`@@ -862,7 +862,7 @@ class TestGarbage : public TestFixture {`
`862`	`862`	`ASSERT_THROW_INTERNAL_EQUALS(checkCode("{ xs :: i(:) ! ! x/5 ! !\n"`
`863`	`863`	`"i, :: a :: b integer, } foo2(x) :: j(:)\n"`
`864`	`864`	`"b type(*), d(:), a x :: end d(..), foo end\n"`
`865`		`- "foo4 b d(..), a a x type(*), b foo2 b"), INTERNAL, "Internal error. AST cyclic dependency.");`
	`865`	`+ "foo4 b d(..), a a x type(*), b foo2 b"), SYNTAX, "syntax error");`
`866`	`866`	`}`
`867`	`867`
`868`	`868`	`void garbageCode100() { // #6840`
`@@ -987,7 +987,7 @@ class TestGarbage : public TestFixture {`
`987`	`987`	`}`
`988`	`988`
`989`	`989`	`void garbageCode125() {`
`990`		`- ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), UNKNOWN_MACRO);`
	`990`	`+ ASSERT_THROW_INTERNAL(checkCode("{ T struct B : T valueA_AA ; } T : [ T > ( ) { B } template < T > struct A < > : ] { ( ) { return valueA_AC struct { : } } b A < int > AC ( ) a_aa.M ; ( ) ( ) }"), SYNTAX);`
`991`	`991`	`ASSERT_THROW_INTERNAL(checkCode("template < Types > struct S :{ ( S < ) S >} { ( ) { } } ( ) { return S < void > ( ) }"),`
`992`	`992`	`SYNTAX);`
`993`	`993`	`}`
`@@ -1661,7 +1661,7 @@ class TestGarbage : public TestFixture {`
`1661`	`1661`
`1662`	`1662`	`void garbageCode206() {`
`1663`	`1663`	`ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (auto operator new : int); }"));`
`1664`		`- ASSERT_EQUALS("[test.cpp:1] syntax error: operator", getSyntaxError("void foo() { for (a operator== :) }"));`
	`1664`	`+ ASSERT_EQUALS("[test.cpp:1] syntax error", getSyntaxError("void foo() { for (a operator== :) }"));`
`1665`	`1665`	`}`
`1666`	`1666`
`1667`	`1667`	`void garbageCode207() { // #8750`