simplecpp icon indicating copy to clipboard operation
simplecpp copied to clipboard
verified publisher icon danmar

fuzzing crash in `Macro::expandToken()`

Open firewave opened this issue 10 months ago • 1 comments 

#define S(z)defined z##C
S(,

simplecpp.cpp:2133:58: runtime error: member call on null pointer of type 'const struct Token'
    #0 0x5cd316211cbd in simplecpp::Macro::expandToken(simplecpp::TokenList*, simplecpp::Location const&, simplecpp::Token const*, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, simplecpp::Macro, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, simplecpp::Macro> > > const&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::vector<simplecpp::Token const*, std::allocator<simplecpp::Token const*> > const&) const /home/user/CLionProjects/simplecpp/simplecpp.cpp:2133
    #1 0x5cd316205f6d in simplecpp::Macro::expand(simplecpp::TokenList*, simplecpp::Location const&, simplecpp::Token const*, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, simplecpp::Macro, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, simplecpp::Macro> > > const&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >) const /home/user/CLionProjects/simplecpp/simplecpp.cpp:1960
    #2 0x5cd31621eca8 in simplecpp::Macro::expand(simplecpp::TokenList*, simplecpp::Token const*, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, simplecpp::Macro, std::hash<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::equal_to<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, simplecpp::Macro> > > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) const /home/user/CLionProjects/simplecpp/simplecpp.cpp:1609
    #3 0x5cd31618cfd7 in preprocessToken /home/user/CLionProjects/simplecpp/simplecpp.cpp:3383
    #4 0x5cd3161a64dc in simplecpp::preprocess(simplecpp::TokenList&, simplecpp::TokenList const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, simplecpp::TokenList*, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, simplecpp::TokenList*> > >&, simplecpp::DUI const&, std::__cxx11::list<simplecpp::Output, std::allocator<simplecpp::Output> >*, std::__cxx11::list<simplecpp::MacroUsage, std::allocator<simplecpp::MacroUsage> >*, std::__cxx11::list<simplecpp::IfCond, std::allocator<simplecpp::IfCond> >*) /home/user/CLionProjects/simplecpp/simplecpp.cpp:3870
    #5 0x5cd31615434b in main /home/user/CLionProjects/simplecpp/main.cpp:131
    #6 0x7eb122434e07  (/usr/lib/libc.so.6+0x25e07) (BuildId: aed3a2b0cf4e6cc12296052529af22f6a450a75a)
    #7 0x7eb122434ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: aed3a2b0cf4e6cc12296052529af22f6a450a75a)
    #8 0x5cd316157d64 in _start (/home/user/CLionProjects/simplecpp/simplecpp+0xd3d64) (BuildId: 22b24a767d764a7022955d2ad253a49d3ad9afc0)

firewave avatar Feb 12 '25 13:02 firewave

gcc and clang reject this

a.cpp:2:4: error: unterminated argument list invoking macro ‘S’
    2 | S(,
      |

firewave avatar Sep 06 '25 12:09 firewave