danmar#6712 segmentation fault (invalid code) in CheckExceptionSafety::checkRethrowCopy. Local fix to avoid accessing NULL-token

amai2012 · amai2012 · commit 8adff0a31b27 · 2015-05-28T21:12:02.000+02:00
diff --git a/lib/checkexceptionsafety.cpp b/lib/checkexceptionsafety.cpp
@@ -155,9 +155,11 @@ void CheckExceptionSafety::checkRethrowCopy()
         const unsigned int varid = i->classStart->tokAt(-2)->varId();
         if (varid) {
             for (const Token* tok = i->classStart->next(); tok && tok != i->classEnd; tok = tok->next()) {
-                if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) // Don't check inner catch - it is handled in another iteration of outer loop.
+                if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) { // Don't check inner catch - it is handled in another iteration of outer loop.
                     tok = tok->next()->link()->next()->link();
-                else if (Token::Match(tok, "throw %varid% ;", varid))
+                    if (!tok)
+                        break;
+                } else if (Token::Match(tok, "throw %varid% ;", varid))
                     rethrowCopyError(tok, tok->strAt(1));
             }
         }
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
@@ -86,6 +86,7 @@ class TestGarbage : public TestFixture {
         TEST_CASE(garbageCode45); // #6608
         TEST_CASE(garbageCode46); // #6705
         TEST_CASE(garbageCode47); // #6706
+        TEST_CASE(garbageCode48); // #6712
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -495,6 +496,10 @@ class TestGarbage : public TestFixture {
         checkCode(" { { }; }; * new private: B: B;");
     }
 
+    void garbageCode48() { // #6712
+        checkCode(" { d\n\" ) d ...\n\" } int main ( ) { ( ) catch ( A a ) { { } catch ( ) \"\" } }");
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"

Original file line number	Diff line number	Diff line change
`@@ -155,9 +155,11 @@ void CheckExceptionSafety::checkRethrowCopy()`
`155`	`155`	`const unsigned int varid = i->classStart->tokAt(-2)->varId();`
`156`	`156`	`if (varid) {`
`157`	`157`	`for (const Token* tok = i->classStart->next(); tok && tok != i->classEnd; tok = tok->next()) {`
`158`		`- if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) // Don't check inner catch - it is handled in another iteration of outer loop.`
	`158`	`+ if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) { // Don't check inner catch - it is handled in another iteration of outer loop.`
`159`	`159`	`tok = tok->next()->link()->next()->link();`
`160`		`- else if (Token::Match(tok, "throw %varid% ;", varid))`
	`160`	`+ if (!tok)`
	`161`	`+ break;`
	`162`	`+ } else if (Token::Match(tok, "throw %varid% ;", varid))`
`161`	`163`	`rethrowCopyError(tok, tok->strAt(1));`
`162`	`164`	`}`
`163`	`165`	`}`