Package: cppcheck Version: 1.67-1 Usertags: afl cppcheck crashes on the attached file:
$ cppcheck crash.c Checking crash.c... Segmentation fault Backtrace: #0 0x086038c0 in Tokenizer::duplicateTypedef (this=0xffffcb50, tokPtr=0xffffc91c, name=0x878dc80, typeDef=0x878dbb0, undefinedStruct=false) at lib/tokenize.cpp:185 #1 0x08649ac4 in Tokenizer::simplifyTypedef (this=0xffffcb50) at lib/tokenize.cpp:1093 #2 0x08670e94 in Tokenizer::simplifyTokenList1 (this=0xffffcb50, FileName=0x878ab5c "crash.c") at lib/tokenize.cpp:3383 #3 0x0867154a in Tokenizer::tokenize (this=0xffffcb50, code=..., FileName=0x878ab5c "crash.c", configuration=..., noSymbolDB_AST=false) at lib/tokenize.cpp:1592 #4 0x0841e865 in CppCheck::checkFile (this=0xffffd320, code=..., FileName=0x878ab5c "crash.c", checksums=...) at lib/cppcheck.cpp:354 #5 0x084262fb in CppCheck::processFile (this=0xffffd320, filename=..., fileStream=...) at lib/cppcheck.cpp:234 #6 0x0842ca4e in CppCheck::check (this=0xffffd320, path=...) at lib/cppcheck.cpp:67 #7 0x080b2054 in CppCheckExecutor::check_internal (this=0xffffd72c, cppcheck=..., argv=0xffffd834) at cli/cppcheckexecutor.cpp:742 #8 0x080b7aab in CppCheckExecutor::check (this=0xffffd72c, argc=2, argv=0xffffd834) at cli/cppcheckexecutor.cpp:188 #9 0x08079e40 in main (argc=2, argv=0xffffd834) at cli/main.cpp:129 #10 0xf7c5ea63 in __libc_start_main (main=0x8079de0 <main>, argc=2, argv=0xffffd834, init=0x8715f50 <__libc_csu_init>, fini=0x8715fc0 <__libc_csu_fini>, rtld_fini=0xf7febc90 <_dl_fini>, stack_end=0xffffd82c) at libc-start.c:287 #11 0x0807e876 in _start () This bug was found using American fuzzy lop: http://lcamtuf.coredump.cx/afl/ (available in Debian experimental) -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages cppcheck depends on: ii libc6 2.19-15 ii libgcc1 1:5-20150205-1 ii libpcre3 2:8.35-3.3 ii libstdc++6 5-20150205-1 ii libtinyxml2-2 2.2.0-1 -- Jakub Wilk
typedef struct{}x[([],)]typedef e y;(y,x 0){}
