[PATCH] fix crash when inlining casts of erroneous expressions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx>

Sparse do inlining very early, during expansion, just after (type)
evaluation and before IR linearization, and is done even if some
errors have been found. This means that the inlining must be robust
against erroneous code.

However, during inlining, a cast expression is always dereferenced and
a crash will occur if not valid (in which case it should be null).

Fix this by checking for null cast expressions and directly returning
NULL, like done for the inlining of the other invalid expressions.

Link: https://lore.kernel.org/r/e42698a9-494c-619f-ac16-8ffe2c87e04e@xxxxxxxxx
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Yafang Shao <laoar.shao@xxxxxxxxx>
Reported-by: Yujie Liu <yujie.liu@xxxxxxxxx>
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@xxxxxxxxx>
---
 inline.c                                |  2 ++
 validation/inline-early/bug-bad-token.c | 15 +++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 validation/inline-early/bug-bad-token.c

diff --git a/inline.c b/inline.c
index eceef8ba0443..0097e4bf620a 100644
--- a/inline.c
+++ b/inline.c
@@ -155,6 +155,8 @@ static struct expression * copy_expression(struct expression *expr)
 
 	/* Cast/sizeof/__alignof__ */
 	case EXPR_CAST:
+		if (!expr->cast_expression)
+			return NULL;
 		if (expr->cast_expression->type == EXPR_INITIALIZER) {
 			struct expression *cast = expr->cast_expression;
 			struct symbol *sym = expr->cast_type;
diff --git a/validation/inline-early/bug-bad-token.c b/validation/inline-early/bug-bad-token.c
new file mode 100644
index 000000000000..9049bdb48ab0
--- /dev/null
+++ b/validation/inline-early/bug-bad-token.c
@@ -0,0 +1,15 @@
+inline void fun(int x)
+{
+	(typeof(@)) x;
+}
+
+void foo(void)
+{
+	fun;
+}
+
+/*
+ * check-name: bug-bad-token
+ * check-exit-value: 0
+ * check-error-ignore
+ */
-- 
2.36.1




[Index of Archives]     [Newbies FAQ]     [LKML]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Trinity Fuzzer Tool]

  Powered by Linux