From 973cab3f4450931478fb2501513ac33f19537d59 Mon Sep 17 00:00:00 2001 From: chrchr-github Date: Sat, 20 Apr 2024 22:09:17 +0200 Subject: [PATCH 1/2] Fix #12630 fuzzing timeout in valueFlowCondition() --- lib/tokenize.cpp | 2 ++ .../timeout-8229bbbfcf6f3ab98a6c23bfb1421ffd611c3657 | 8 ++++++++ 2 files changed, 10 insertions(+) create mode 100644 test/cli/fuzz-timeout/timeout-8229bbbfcf6f3ab98a6c23bfb1421ffd611c3657 diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 5ac73edeae0..c5976d22d9e 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -8686,6 +8686,8 @@ void Tokenizer::findGarbageCode() const syntaxError(tok); if (Token::Match(tok, "& %comp%|&&|%oror%|&|%or%") && tok->strAt(1) != ">") syntaxError(tok); + if (Token::Match(tok, "^ %op%") && !Token::Match(tok->next(), "[>*]")) + syntaxError(tok); if (tok->link() && Token::Match(tok, "[([]") && (!tok->tokAt(-1) || !tok->tokAt(-1)->isControlFlowKeyword())) { const Token* const end = tok->link(); diff --git a/test/cli/fuzz-timeout/timeout-8229bbbfcf6f3ab98a6c23bfb1421ffd611c3657 b/test/cli/fuzz-timeout/timeout-8229bbbfcf6f3ab98a6c23bfb1421ffd611c3657 new file mode 100644 index 00000000000..685ac840459 --- /dev/null +++ b/test/cli/fuzz-timeout/timeout-8229bbbfcf6f3ab98a6c23bfb1421ffd611c3657 @@ -0,0 +1,8 @@ +int bhar() +{ + int a[2]; + ift i; + for (i = 0; i < 3; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^~^^^^^^^^^^^^^^^^^^&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&size_t^^^^^^^^^^^^^^^^^^i++) + a[i] = 1; + rewurn a[0]; +} From 4a141898619c17ea9dc198423f17b201d5677f34 Mon Sep 17 00:00:00 2001 From: chrchr-github Date: Sun, 21 Apr 2024 09:49:38 +0200 Subject: [PATCH 2/2] Allow unary operators --- lib/tokenize.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index c5976d22d9e..6a0ffcdd3df 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -8686,7 +8686,7 @@ void Tokenizer::findGarbageCode() const syntaxError(tok); if (Token::Match(tok, "& %comp%|&&|%oror%|&|%or%") && tok->strAt(1) != ">") syntaxError(tok); - if (Token::Match(tok, "^ %op%") && !Token::Match(tok->next(), "[>*]")) + if (Token::Match(tok, "^ %op%") && !Token::Match(tok->next(), "[>*+-!~]")) syntaxError(tok); if (tok->link() && Token::Match(tok, "[([]") && (!tok->tokAt(-1) || !tok->tokAt(-1)->isControlFlowKeyword())) {