683ae40560
The fuzzer constructs a long, valid nonsense expression (x+x+x-x+x-x, etc.) which exceeds parse depth. At that point, the token stream points to a `+` token. The parser attempts to consume a new statement but stops in `unaryExpression`; this fails again, due to the max parse-depth, but doesn't consume a token. The parser continues trying to parse the statement, but stopping in `unaryExpression`, making no forward progress in an infinite loop. I've made a couple of changes as a result. - Exceeding the max parse depth now sets `fEncounteredFatalError`. - Encountering a fatal error causes block() to immediately halt. This actually undoes a few of the arbitrary changes from http://review.skia.org/506463 but not in a bad way. - `unaryExpression()` now consumes a token before checking parse-depth. - `structDeclaration()` had a similar issue where it could potentially fail without consuming any tokens; this is fixed as well. - Some unnecessarily-nested logic in ternaryExpression() was flattened while I tried to ensure that it always consumes a token. Change-Id: I52c2161965ffbcef1185761ca6897ec1cba5df89 Bug: oss-fuzz:44551 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/507436 Auto-Submit: John Stiles <johnstiles@google.com> Reviewed-by: Ethan Nicholas <ethannicholas@google.com> Commit-Queue: Ethan Nicholas <ethannicholas@google.com>
11 lines
331 B
Plaintext
11 lines
331 B
Plaintext
void m( ){;
|
|
int x;x+x-x+x+x+++x-+x+x+
|
|
x+
|
|
x+
|
|
x+x+x+x;x* x+7+x+x+x+++x-+x+x+x+x;x+x-x+x* x+8+x+
|
|
x+x+x+x+x-+x+x+x+-x+x+++x-+ x+7+x +x-+x+x+x+++x-+x-+x+x* x+7;x+
|
|
x+x+x+x+x+++x-+x+x+
|
|
void o(){{{{{{{{{{{{{{{{{{{{{{{{{ 3x+
|
|
x+
|
|
x+3+x+x+x+++x-+x+
|
|
x+x+x+x+x+++x&+-+x,~0/1;}void n() {;;m()7.<<void o);;9;;}void l(){n();;;0;;;({}[ colod({h |