This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[PATCH] PR c++/71184: Fix NULL dereference in cp_parser_operator
- From: David Malcolm <dmalcolm at redhat dot com>
- To: gcc-patches at gcc dot gnu dot org
- Cc: David Malcolm <dmalcolm at redhat dot com>
- Date: Wed, 18 May 2016 20:59:37 -0400
- Subject: [PATCH] PR c++/71184: Fix NULL dereference in cp_parser_operator
- Authentication-results: sourceware.org; auth=none
The source-range handling for the array form of operator
new/delete erroneously assumed that the "]" was present,
leading to a dereference of NULL when it's absent.
Fix it thusly.
Successfully bootstrapped®rtested on x86_64-pc-linux-gnu;
adds 6 PASS results to g++.sum.
OK for trunk and gcc-6-branch?
gcc/cp/ChangeLog:
PR c++/71184
* parser.c (cp_parser_operator): For array new/delete, check that
cp_parser_require returned a non-NULL token before dereferencing
it.
gcc/testsuite/ChangeLog:
PR c++/71184
* g++.dg/pr71184.C: New test case.
---
gcc/cp/parser.c | 6 ++++--
gcc/testsuite/g++.dg/pr71184.C | 1 +
2 files changed, 5 insertions(+), 2 deletions(-)
create mode 100644 gcc/testsuite/g++.dg/pr71184.C
diff --git a/gcc/cp/parser.c b/gcc/cp/parser.c
index 539f165..1d1e574 100644
--- a/gcc/cp/parser.c
+++ b/gcc/cp/parser.c
@@ -13791,8 +13791,10 @@ cp_parser_operator (cp_parser* parser)
/* Consume the `[' token. */
cp_lexer_consume_token (parser->lexer);
/* Look for the `]' token. */
- end_loc = cp_parser_require (parser, CPP_CLOSE_SQUARE,
- RT_CLOSE_SQUARE)->location;
+ cp_token *close_token =
+ cp_parser_require (parser, CPP_CLOSE_SQUARE, RT_CLOSE_SQUARE);
+ if (close_token)
+ end_loc = close_token->location;
id = ansi_opname (op == NEW_EXPR
? VEC_NEW_EXPR : VEC_DELETE_EXPR);
}
diff --git a/gcc/testsuite/g++.dg/pr71184.C b/gcc/testsuite/g++.dg/pr71184.C
new file mode 100644
index 0000000..452303e
--- /dev/null
+++ b/gcc/testsuite/g++.dg/pr71184.C
@@ -0,0 +1 @@
+operator new[ // { dg-error "expected type-specifier before 'new'" }
--
1.8.5.3