[src/trunk]: src/usr.bin/xlint/lint1 lint: fix crash on semantically wrong co...

[rillig <rillig%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ea1d042405ed
branches:  trunk
changeset: 379801:ea1d042405ed
user:      rillig <rillig%NetBSD.org@localhost>
date:      Sun Jun 20 11:42:25 2021 +0000

description:
lint: fix crash on semantically wrong code in ({...})

Found by afl.

diffstat:

 tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c   |  14 +++++++++-
 tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp |   1 +
 usr.bin/xlint/lint1/cgram.y                              |  21 +++++++++------
 3 files changed, 27 insertions(+), 9 deletions(-)

diffs (75 lines):

diff -r 6af09c66db8f -r ea1d042405ed tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c
--- a/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c    Sun Jun 20 11:24:32 2021 +0000
+++ b/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.c    Sun Jun 20 11:42:25 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: d_gcc_compound_statements1.c,v 1.5 2021/06/19 15:51:11 rillig Exp $    */
+/*     $NetBSD: d_gcc_compound_statements1.c,v 1.6 2021/06/20 11:42:26 rillig Exp $    */
 # 3 "d_gcc_compound_statements1.c"
 
 /* GCC compound statement with expression */
@@ -22,3 +22,15 @@ foo(unsigned long z)
 int c = ({
     return 3;          /* expect: return outside function */
 });                    /* expect: cannot initialize 'int' from 'void' */
+
+void
+function(void)
+{
+       /*
+        * Before cgram.y 1.229 from 2021-06-20, lint crashed due to the
+        * syntax error, which made an expression NULL.
+        */
+       ({
+               0->e;   /* expect: type 'int' does not have member 'e' */
+       });
+}
diff -r 6af09c66db8f -r ea1d042405ed tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp
--- a/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp  Sun Jun 20 11:24:32 2021 +0000
+++ b/tests/usr.bin/xlint/lint1/d_gcc_compound_statements1.exp  Sun Jun 20 11:42:25 2021 +0000
@@ -1,2 +1,3 @@
 d_gcc_compound_statements1.c(23): error: syntax error 'return outside function' [249]
 d_gcc_compound_statements1.c(24): error: cannot initialize 'int' from 'void' [185]
+d_gcc_compound_statements1.c(34): error: type 'int' does not have member 'e' [101]
diff -r 6af09c66db8f -r ea1d042405ed usr.bin/xlint/lint1/cgram.y
--- a/usr.bin/xlint/lint1/cgram.y       Sun Jun 20 11:24:32 2021 +0000
+++ b/usr.bin/xlint/lint1/cgram.y       Sun Jun 20 11:42:25 2021 +0000
@@ -1,5 +1,5 @@
 %{
-/* $NetBSD: cgram.y,v 1.228 2021/06/19 19:49:15 rillig Exp $ */
+/* $NetBSD: cgram.y,v 1.229 2021/06/20 11:42:25 rillig Exp $ */
 
 /*
  * Copyright (c) 1996 Christopher G. Demetriou.  All Rights Reserved.
@@ -35,7 +35,7 @@
 
 #include <sys/cdefs.h>
 #if defined(__RCSID) && !defined(lint)
-__RCSID("$NetBSD: cgram.y,v 1.228 2021/06/19 19:49:15 rillig Exp $");
+__RCSID("$NetBSD: cgram.y,v 1.229 2021/06/20 11:42:25 rillig Exp $");
 #endif
 
 #include <limits.h>
@@ -2028,12 +2028,17 @@ gcc_statement_expr_item:
                $$->tn_type = gettyp(VOID);
          }
        | expr T_SEMI {
-               /* XXX: We should really do that only on the last name */
-               if ($1->tn_op == NAME)
-                       $1->tn_sym->s_used = true;
-               $$ = $1;
-               expr($1, false, false, false, false);
-               seen_fallthrough = false;
+               if ($1 == NULL) {       /* in case of syntax errors */
+                       $$ = expr_zalloc_tnode();
+                       $$->tn_type = gettyp(VOID);
+               } else {
+                       /* XXX: do that only on the last name */
+                       if ($1->tn_op == NAME)
+                               $1->tn_sym->s_used = true;
+                       $$ = $1;
+                       expr($1, false, false, false, false);
+                       seen_fallthrough = false;
+               }
        }
        ;