Skip to content

Commit c44dd2c

Browse files
GilmarSantosJrGilmarSantosJr
committed
Fix heap-use-after-free in Tokenizer::simplifyUsing()
1 parent 86f4c91 commit c44dd2c

2 files changed

Lines changed: 11 additions & 3 deletions

File tree

lib/tokenize.cpp

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3015,7 +3015,6 @@ bool Tokenizer::simplifyUsing()
30153015
Token::Match(tok->linkAt(2), "] ] = ::| %name%")))))
30163016
continue;
30173017

3018-
const std::string& name = tok->strAt(1);
30193018
const Token *nameToken = tok->next();
30203019
std::string scope = currentScope->fullName;
30213020
Token *usingStart = tok;
@@ -3064,7 +3063,7 @@ bool Tokenizer::simplifyUsing()
30643063
if (!hasName) {
30653064
std::string newName;
30663065
if (structEnd->strAt(2) == ";")
3067-
newName = name;
3066+
newName = nameToken->str();
30683067
else
30693068
newName = "Unnamed" + std::to_string(mUnnamedCount++);
30703069
TokenList::copyTokens(structEnd->next(), tok, start);
@@ -3211,7 +3210,7 @@ bool Tokenizer::simplifyUsing()
32113210
if (!isTypedefInfoAdded && Token::Match(tok1, "%name% (")) {
32123211
isTypedefInfoAdded = true;
32133212
TypedefInfo usingInfo;
3214-
usingInfo.name = name;
3213+
usingInfo.name = nameToken->str();
32153214
usingInfo.filename = list.file(nameToken);
32163215
usingInfo.lineNumber = nameToken->linenr();
32173216
usingInfo.column = nameToken->column();

test/testtokenize.cpp

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -533,6 +533,8 @@ class TestTokenizer : public TestFixture {
533533
TEST_CASE(simplifyEnum1);
534534

535535
TEST_CASE(simplifyEnum2);
536+
537+
TEST_CASE(simplifyUsing1);
536538
}
537539

538540
class TokenizerTest final : public Tokenizer
@@ -9119,6 +9121,13 @@ class TestTokenizer : public TestFixture {
91199121
ASSERT_EQUALS(tok->column(), 24);
91209122
ASSERT_EQUALS(tok->next()->column(), 16);
91219123
}
9124+
9125+
void simplifyUsing1() {
9126+
const char code[] = "using C = struct C { C() {} };";
9127+
SimpleTokenizer tokenizer(settingsDefault, *this, false);
9128+
ASSERT_NO_THROW(tokenizer.tokenize(code));
9129+
ASSERT_EQUALS("struct C { C ( ) { } } ;", tokenizeAndStringify(code));
9130+
}
91229131
};
91239132

91249133
REGISTER_TEST(TestTokenizer)

0 commit comments

Comments
 (0)