match_attribute() will crash when the token has the same identifier as one of the attributes but is not an attribute. In this case, the corresponding symbol_op will be null but this is not checked. This seems to happen only with old-style declarations. Fix this by adding the missing null-check. Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx> --- parse.c | 2 +- validation/knr-attr-crash.c | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 validation/knr-attr-crash.c diff --git a/parse.c b/parse.c index 70be616c45ae..bc1c0602fcb4 100644 --- a/parse.c +++ b/parse.c @@ -1653,7 +1653,7 @@ static bool match_attribute(struct token *token) if (token_type(token) != TOKEN_IDENT) return false; sym = lookup_keyword(token->ident, NS_TYPEDEF); - if (!sym) + if (!sym || !sym->op) return false; return sym->op->type & KW_ATTRIBUTE; } diff --git a/validation/knr-attr-crash.c b/validation/knr-attr-crash.c new file mode 100644 index 000000000000..176ff5032120 --- /dev/null +++ b/validation/knr-attr-crash.c @@ -0,0 +1,12 @@ +typedef int word; + +void foo(word x); + +void foo(x) + word x; +{ } + +/* + * check-name: knr-attr-crash + * check-command: sparse -Wno-old-style-definition $file + */ -- 2.31.1