lint: fix crash on semantically wrong code in ({...})

Found by afl.
2021-06-20 11:42:25 +00:00 · 2021-06-20 11:42:25 +00:00 · 2236887078
parent c6433d2c1a
commit 2236887078
3 changed files with 27 additions and 9 deletions
--- a/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c
+++ b/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c
@ -1,4 +1,4 @@
-/*	$NetBSD: d_gcc_compound_statements1.c,v 1.5 2021/06/19 15:51:11 rillig Exp $	*/
+/*	$NetBSD: d_gcc_compound_statements1.c,v 1.6 2021/06/20 11:42:26 rillig Exp $	*/
 # 3 "d_gcc_compound_statements1.c"

 /* GCC compound statement with expression */
@ -22,3 +22,15 @@ foo(unsigned long z)
 int c = ({
    return 3;		/* expect: return outside function */
 });			/* expect: cannot initialize 'int' from 'void' */
+
+void
+function(void)
+{
+	/*
+	 * Before cgram.y 1.229 from 2021-06-20, lint crashed due to the
+	 * syntax error, which made an expression NULL.
+	 */
+	({
+		0->e;	/* expect: type 'int' does not have member 'e' */
+	});
+}
--- a/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp
+++ b/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp
@ -1,2 +1,3 @@
 d_gcc_compound_statements1.c(23): error: syntax error 'return outside function' [249]
 d_gcc_compound_statements1.c(24): error: cannot initialize 'int' from 'void' [185]
+d_gcc_compound_statements1.c(34): error: type 'int' does not have member 'e' [101]
--- a/usr.bin/xlint/lint1/cgram.y
+++ b/usr.bin/xlint/lint1/cgram.y
@ -1,5 +1,5 @@
 %{
-/* $NetBSD: cgram.y,v 1.228 2021/06/19 19:49:15 rillig Exp $ */
+/* $NetBSD: cgram.y,v 1.229 2021/06/20 11:42:25 rillig Exp $ */

 /*
 * Copyright (c) 1996 Christopher G. Demetriou.  All Rights Reserved.
@ -35,7 +35,7 @@

 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: cgram.y,v 1.228 2021/06/19 19:49:15 rillig Exp $");
+__RCSID("$NetBSD: cgram.y,v 1.229 2021/06/20 11:42:25 rillig Exp $");
 #endif

 #include <limits.h>
@ -2028,12 +2028,17 @@ gcc_statement_expr_item:
 		$$->tn_type = gettyp(VOID);
 	  }
 	| expr T_SEMI {
-		/* XXX: We should really do that only on the last name */
-		if ($1->tn_op == NAME)
-			$1->tn_sym->s_used = true;
-		$$ = $1;
-		expr($1, false, false, false, false);
-		seen_fallthrough = false;
+		if ($1 == NULL) {	/* in case of syntax errors */
+			$$ = expr_zalloc_tnode();
+			$$->tn_type = gettyp(VOID);
+		} else {
+			/* XXX: do that only on the last name */
+			if ($1->tn_op == NAME)
+				$1->tn_sym->s_used = true;
+			$$ = $1;
+			expr($1, false, false, false, false);
+			seen_fallthrough = false;
+		}
 	}
 	;