diff options
| author | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2021-04-04 21:28:43 +0200 |
|---|---|---|
| committer | Luc Van Oostenryck <luc.vanoostenryck@gmail.com> | 2021-04-04 21:36:34 +0200 |
| commit | 2cd6d34e815a7442b0b113f395504131b3a92e77 (patch) | |
| tree | 9f6191c9d40be12fab6a32d7b892e82e9859108e | |
| parent | 6d5d9b420b2f0e86a01dc40524f31bd80f5ec3ee (diff) | |
| download | sparse-2cd6d34e815a7442b0b113f395504131b3a92e77.tar.gz | |
fix null-pointer crash with with ident same as one of the attributes
match_attribute() will crash when the token has the same identifier
as one of the attributes but is not an attribute. In this case,
the corresponding symbol_op will be null but this is not checked.
This seems to happen only with old-style declarations.
Fix this by adding the missing null-check.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
| -rw-r--r-- | parse.c | 2 | ||||
| -rw-r--r-- | validation/knr-attr-crash.c | 12 |
2 files changed, 13 insertions, 1 deletions
@@ -1653,7 +1653,7 @@ static bool match_attribute(struct token *token) if (token_type(token) != TOKEN_IDENT) return false; sym = lookup_keyword(token->ident, NS_TYPEDEF); - if (!sym) + if (!sym || !sym->op) return false; return sym->op->type & KW_ATTRIBUTE; } diff --git a/validation/knr-attr-crash.c b/validation/knr-attr-crash.c new file mode 100644 index 00000000..176ff503 --- /dev/null +++ b/validation/knr-attr-crash.c @@ -0,0 +1,12 @@ +typedef int word; + +void foo(word x); + +void foo(x) + word x; +{ } + +/* + * check-name: knr-attr-crash + * check-command: sparse -Wno-old-style-definition $file + */ |