Skip to content

Commit

Permalink
Fix #12767-70 fuzzing crashes (#6441)
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrchr-github
chrchr-github authored May 26, 2024
1 parent 98d56b8 commit 51fb56c
Show file tree
Hide file tree
Showing 9 changed files with 29 additions and 7 deletions.
4 changes: 4 additions & 0 deletions cfg/qt.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5355,6 +5355,8 @@
<define name="Q_UNUSED(X)" value="(void)(X);"/>
<define name="QT_BEGIN_NAMESPACE" value=""/>
<define name="QT_END_NAMESPACE" value=""/>
<define name="QT_BEGIN_MOC_NAMESPACE" value=""/>
<define name="QT_END_MOC_NAMESPACE" value=""/>
<define name="QT_TR_NOOP(x)" value="x"/>
<define name="QT_TR_NOOP_UTF8(x)" value="x"/>
<define name="QT_TRANSLATE_NOOP(scope, x)" value="x"/>
Expand All @@ -5363,6 +5365,8 @@
<define name="QT_TRANSLATE_NOOP3_UTF8(scope, x, comment)" value="{x, comment}"/>
<define name="QT_WARNING_PUSH" value=""/>
<define name="QT_WARNING_POP" value=""/>
<define name="QT_WARNING_DISABLE_GCC(x)" value=""/>
<define name="QT_WARNING_DISABLE_DEPRECATED" value=""/>
<define name="QT_STRINGIFY(x)" value="#x"/>
<define name="QCOMPARE(actual, expected)" value="(void)((actual)==(expected))"/>
<define name="QVERIFY(condition)" value="(void)(condition)"/>
Expand Down
22 changes: 19 additions & 3 deletions lib/tokenize.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8706,7 +8706,7 @@ void Tokenizer::findGarbageCode() const
syntaxError(tok);
if (Token::Match(tok, ": [)]=]"))
syntaxError(tok);
if (Token::Match(tok, "typedef [,;]"))
if (Token::Match(tok, "typedef [,;:]"))
syntaxError(tok);
if (Token::Match(tok, "! %comp%"))
syntaxError(tok);
Expand Down Expand Up @@ -8747,6 +8747,16 @@ void Tokenizer::findGarbageCode() const
syntaxError(tok);
}
}
if (isCPP() && tok->str() == "namespace" && tok->tokAt(-1)) {
if (!Token::Match(tok->tokAt(-1), ";|{|}|using|inline")) {
if (tok->tokAt(-1)->isUpperCaseName())
unknownMacroError(tok->tokAt(-1));
else if (tok->linkAt(-1) && tok->linkAt(-1)->tokAt(-1) && tok->linkAt(-1)->tokAt(-1)->isUpperCaseName())
unknownMacroError(tok->linkAt(-1)->tokAt(-1));
else
syntaxError(tok);
}
}
}

// ternary operator without :
Expand All @@ -8772,10 +8782,16 @@ void Tokenizer::findGarbageCode() const
// Garbage templates..
if (isCPP()) {
for (const Token *tok = tokens(); tok; tok = tok->next()) {
if (Token::simpleMatch(tok, "< >") && !(Token::Match(tok->tokAt(-1), "%name%") || (tok->tokAt(-1) && Token::Match(tok->tokAt(-2), "operator %op%"))))
syntaxError(tok);
if (Token::simpleMatch(tok, "< >")) {
if (!(Token::Match(tok->tokAt(-1), "%name%") || (tok->tokAt(-1) && Token::Match(tok->tokAt(-2), "operator %op%"))))
syntaxError(tok);
if (!tok->tokAt(-1) || tok->tokAt(-1)->isLiteral())
syntaxError(tok);
}
if (!Token::simpleMatch(tok, "template <"))
continue;
if (!tok->tokAt(2) || tok->tokAt(2)->isLiteral())
syntaxError(tok);
if (tok->previous() && !Token::Match(tok->previous(), ":|;|{|}|)|>|\"C++\"")) {
if (tok->previous()->isUpperCaseName())
unknownMacroError(tok->previous());
Expand Down
1 change: 1 addition & 0 deletions test/cli/fuzz-crash/crash-19269c327fd82c6db8f9f2b0c47c645a721ff55a
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
n eu<#F A<>;template<#m<>eu=i
1 change: 1 addition & 0 deletions test/cli/fuzz-crash/crash-49338578888313fd087eb219d248c9aaf4ea9d0b
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
;namespace d=S;r namespace d=X
1 change: 1 addition & 0 deletions test/cli/fuzz-crash/crash-81a29a4459dee76d10e452690f3e52fa0172852f
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{s for(typedef:;){}}
0 ...3686d79bc9bd0e4025445e3a35fa49.crdownload → ...-adb20a108c3686d79bc9bd0e4025445e3a35fa49
View file
File renamed without changes.
1 change: 1 addition & 0 deletions test/cli/fuzz-timeout/oom-0c8e70d5adb08986635b786737dbb5e6ac098f22
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
template<8<>e=e<>>f
4 changes: 1 addition & 3 deletions test/testsimplifytokens.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -586,9 +586,7 @@ class TestSimplifyTokens : public TestFixture {
{
const char code[] = "void f(int namespace) { }";

const char expected[] = "void f ( int namespace ) { }";

ASSERT_EQUALS(expected, tok(code));
ASSERT_THROW_INTERNAL(tok(code), SYNTAX);
}
}

Expand Down
2 changes: 1 addition & 1 deletion test/testtokenize.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5463,7 +5463,7 @@ class TestTokenizer : public TestFixture {
// remove some unhandled macros in the global scope.
ASSERT_EQUALS("void f ( ) { }", tokenizeAndStringify("void f() NOTHROW { }"));
ASSERT_EQUALS("struct Foo { } ;", tokenizeAndStringify("struct __declspec(dllexport) Foo {};"));
ASSERT_EQUALS("namespace { int a ; }", tokenizeAndStringify("ABA() namespace { int a ; }"));
ASSERT_THROW_INTERNAL(tokenizeAndStringify("ABA() namespace { int a ; }"), UNKNOWN_MACRO);

// #3750
ASSERT_THROW_INTERNAL(tokenizeAndStringify("; AB(foo*) foo::foo() { }"), UNKNOWN_MACRO);
Expand Down

0 comments on commit 51fb56c

Please sign in to comment.