`p->locals` may be `NULL` when error occurs before the point.

This is reported by oss-fuzz:
Issue 19886: mruby:mruby_fuzzer: Potential-null-reference in setup_numparams
parent afad9391
...@@ -845,7 +845,8 @@ setup_numparams(parser_state *p, node *a) ...@@ -845,7 +845,8 @@ setup_numparams(parser_state *p, node *a)
if (a && (a->car || (a->cdr && a->cdr->car) || (a->cdr->cdr && a->cdr->cdr->car) || (a->cdr->cdr->cdr->cdr && a->cdr->cdr->cdr->cdr->car))) { if (a && (a->car || (a->cdr && a->cdr->car) || (a->cdr->cdr && a->cdr->cdr->car) || (a->cdr->cdr->cdr->cdr && a->cdr->cdr->cdr->cdr->car))) {
yyerror(p, "ordinary parameter is defined"); yyerror(p, "ordinary parameter is defined");
} }
else { else if (p->locals) {
/* p->locals should not be NULL unless error happens before the point */
node* args = 0; node* args = 0;
for (i = nvars; i > 0; i--) { for (i = nvars; i > 0; i--) {
char buf[3]; char buf[3];
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment