From 1fb14d6d6435520c14653ebfa83fc0f8aec6a484 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Sun, 29 Dec 2024 22:23:44 +0100 Subject: [PATCH] Fix #13492 Use-after-free in simplifyUsing() (#7143) --- lib/tokenize.cpp | 7 +------ test/testsimplifyusing.cpp | 9 +++++++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 0858097098f..b5b0231a9ae 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -3386,12 +3386,7 @@ bool Tokenizer::simplifyUsing() Token *usingStart = it->startTok; Token *usingEnd = it->endTok; if (usingStart->previous()) { - if (usingEnd->next()) - Token::eraseTokens(usingStart->previous(), usingEnd->next()); - else { - Token::eraseTokens(usingStart->previous(), usingEnd); - usingEnd->deleteThis(); - } + Token::eraseTokens(usingStart->previous(), usingEnd->next()); } else { if (usingEnd->next()) { Token::eraseTokens(usingStart, usingEnd->next()); diff --git a/test/testsimplifyusing.cpp b/test/testsimplifyusing.cpp index aa062dad13d..c3dbd0a6788 100644 --- a/test/testsimplifyusing.cpp +++ b/test/testsimplifyusing.cpp @@ -74,6 +74,7 @@ class TestSimplifyUsing : public TestFixture { TEST_CASE(simplifyUsing32); TEST_CASE(simplifyUsing33); TEST_CASE(simplifyUsing34); + TEST_CASE(simplifyUsing35); TEST_CASE(simplifyUsing8970); TEST_CASE(simplifyUsing8971); @@ -854,6 +855,14 @@ class TestSimplifyUsing : public TestFixture { ASSERT_EQUALS("", errout_str()); } + void simplifyUsing35() { // #13492 + const char code[] = "using a = b;\n" + "using c = d;\n"; + const char expected[] = ";"; + ASSERT_EQUALS(expected, tok(code)); + ASSERT_EQUALS("", errout_str()); + } + void simplifyUsing8970() { const char code[] = "using V = std::vector;\n" "struct A {\n"