* [PATCH] fix null-pointer crash with with ident same as one of the attributes
@ 2021-04-04 19:37 Luc Van Oostenryck
0 siblings, 0 replies; only message in thread
From: Luc Van Oostenryck @ 2021-04-04 19:37 UTC (permalink / raw)
To: linux-sparse; +Cc: Luc Van Oostenryck
match_attribute() will crash when the token has the same identifier
as one of the attributes but is not an attribute. In this case,
the corresponding symbol_op will be null but this is not checked.
This seems to happen only with old-style declarations.
Fix this by adding the missing null-check.
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
---
parse.c | 2 +-
validation/knr-attr-crash.c | 12 ++++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
create mode 100644 validation/knr-attr-crash.c
diff --git a/parse.c b/parse.c
index 70be616c45ae..bc1c0602fcb4 100644
--- a/parse.c
+++ b/parse.c
@@ -1653,7 +1653,7 @@ static bool match_attribute(struct token *token)
if (token_type(token) != TOKEN_IDENT)
return false;
sym = lookup_keyword(token->ident, NS_TYPEDEF);
- if (!sym)
+ if (!sym || !sym->op)
return false;
return sym->op->type & KW_ATTRIBUTE;
}
diff --git a/validation/knr-attr-crash.c b/validation/knr-attr-crash.c
new file mode 100644
index 000000000000..176ff5032120
--- /dev/null
+++ b/validation/knr-attr-crash.c
@@ -0,0 +1,12 @@
+typedef int word;
+
+void foo(word x);
+
+void foo(x)
+ word x;
+{ }
+
+/*
+ * check-name: knr-attr-crash
+ * check-command: sparse -Wno-old-style-definition $file
+ */
--
2.31.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-04 19:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-04-04 19:37 [PATCH] fix null-pointer crash with with ident same as one of the attributes Luc Van Oostenryck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).