Branch: Tag:

2022-03-30

2022-03-30 14:04:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Compiler [Typechecker]: Fix multiple NULL-dereferences.

1164:    break;       case T_PROGRAM: -  if ((*Pike_compiler->type_stackp)->type != T_OBJECT) { +  if (!*Pike_compiler->type_stackp || +  (*Pike_compiler->type_stackp)->type != T_OBJECT) {    struct pike_type *t = (*Pike_compiler->type_stackp); -  while ((t->type == PIKE_T_NAME) || (t->type == PIKE_T_ATTRIBUTE)) { +  while (t && ((t->type == PIKE_T_NAME) || (t->type == PIKE_T_ATTRIBUTE))) {    t = t->cdr;    } -  if (t->type != T_OBJECT) { +  if (!t || (t->type != T_OBJECT)) {    /* Not a program type, convert it to a type type. */    type = T_TYPE;    }
7817:       /* Check many arg. */    push_finished_type_with_markers(cont->car, markers, 0); -  if (peek_type_stack()->type != T_VOID) { +  if (peek_type_stack() != void_type_string) {    push_finished_type(trans);    push_finished_type(cont);    push_type(PIKE_T_TRANSITIVE);
7984:    }   #endif   #ifdef PIKE_DEBUG -  if(a_markers[m]->type == m+'0') +  if(a_markers[m] && (a_markers[m]->type == m+'0'))    Pike_fatal("Cyclic type!\n");   #endif    }
8139:    }   #endif   #ifdef PIKE_DEBUG -  if(b_markers[m]->type == m+'0') +  if(b_markers[m] && (b_markers[m]->type == m+'0'))    Pike_fatal("Cyclic type!\n");   #endif    }
9583:    case PIKE_T_OPERATOR:    {    struct pike_type *t = apply_type_operator(a->type, a->car, a->cdr); +  if (!t) return 0;    tmp = low_get_return_type(t, b);    free_type(t);    return tmp;
10600:    case PIKE_T_OPERATOR:    {    struct pike_type *t = apply_type_operator(q->type, q->car, q->cdr); +  if (!t) return 0;    num = low_count_arguments(t);    free_type(t);    return num;
10768:       case PIKE_T_OPERATOR:    tmp = apply_type_operator(fun->type, fun->car, fun->cdr); +  if (!tmp) return NULL;    tmp2 = get_argument_type(tmp, arg_no);    free_type(tmp);    return tmp2;
11807:   #endif    ))) {    struct pike_type *tmp2; -  if (!(flags & CALL_STRICT) || (arg_type->type != T_INT) || +  if (!(flags & CALL_STRICT) || !arg_type || (arg_type->type != T_INT) ||    (CAR_TO_INT(arg_type) >= 0) || (CDR_TO_INT(arg_type) <= 0)) {    return NULL;    }
12047:       case PIKE_T_OPERATOR:    tmp = apply_type_operator(fun_type->type, fun_type->car, fun_type->cdr); +  if (!tmp) { +  return NULL; +  }    res = new_get_return_type(tmp, flags);    free_type(tmp);    break;
12242:       case PIKE_T_OPERATOR:    tmp = apply_type_operator(fun_type->type, fun_type->car, fun_type->cdr); +  if (!tmp) { +  res = NULL; +  break; +  }    res = get_first_arg_type(tmp, flags);    free_type(tmp);    break;
12814:    case PIKE_T_OPERATOR:    {    struct pike_type *tmp = apply_type_operator(a->type, a->car, a->cdr); +  if (!tmp) return NULL;    ret = zzap_function_return(tmp, fun_ret);    free_type(tmp);    return ret;