From af49faf73028ae7803e12c94835700dbf478c7b9 Mon Sep 17 00:00:00 2001
From: firewave <firewave@users.noreply.github.com>
Date: Wed, 6 Mar 2024 21:25:15 +0100
Subject: [PATCH] fixed fuzzing crash in
 `CheckAssert::checkVariableAssignment()` [skip ci]

/home/user/CLionProjects/cppcheck-rider/lib/checkassert.cpp:132:53: runtime error: member call on null pointer of type 'Token'
    #0 0x63f3e941d85a in CheckAssert::checkVariableAssignment(Token const*, Scope const*) /home/user/CLionProjects/cppcheck-rider/lib/checkassert.cpp:132:53
    #1 0x63f3e941c846 in CheckAssert::assertWithSideEffects() /home/user/CLionProjects/cppcheck-rider/lib/checkassert.cpp:58:13
    #2 0x63f3e941f243 in CheckAssert::runChecks(Tokenizer const&, ErrorLogger*) /home/user/CLionProjects/cppcheck-rider/lib/checkassert.h:54:21
    #3 0x63f3e9aa04cd in CppCheck::checkNormalTokens(Tokenizer const&) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:1124:20
    #4 0x63f3e9ab94ab in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::istream*) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:957:17
    #5 0x63f3e9aa6a97 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:556:12
    #6 0x63f3e8ba4f2b in SingleExecutor::check() /home/user/CLionProjects/cppcheck-rider/cli/singleexecutor.cpp:53:29
    #7 0x63f3e8adf8dc in CppCheckExecutor::check_internal(Settings const&) const /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:277:32
    #8 0x63f3e8ade73d in CppCheckExecutor::check_wrapper(Settings const&) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:216:12
    #9 0x63f3e8add67a in CppCheckExecutor::check(int, char const* const*) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:202:21
    #10 0x63f3ea1ee2b7 in main /home/user/CLionProjects/cppcheck-rider/cli/main.cpp:91:21
    #11 0x7a2c9501eccf  (/usr/lib/libc.so.6+0x29ccf) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #12 0x7a2c9501ed89 in __libc_start_main (/usr/lib/libc.so.6+0x29d89) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #13 0x63f3e89189f4 in _start (/home/user/CLionProjects/cppcheck-rider/cmake-build-debug-clang-asan-ubsan/bin/cppcheck+0xf6e9f4) (BuildId: 5c2986a23a9dee600c328566a7967a7eba8652c9)
---
 lib/checkassert.cpp                                            | 3 +++
 .../fuzz-crash/crash-186a1454bca1f10fbc8767d8cc74152bf326a449  | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 test/cli/fuzz-crash/crash-186a1454bca1f10fbc8767d8cc74152bf326a449

diff --git a/lib/checkassert.cpp b/lib/checkassert.cpp
index a96191288c2..fb22e192c41 100644
--- a/lib/checkassert.cpp
+++ b/lib/checkassert.cpp
@@ -129,6 +129,9 @@ void CheckAssert::checkVariableAssignment(const Token* assignTok, const Scope *a
     if (!assignTok->isAssignmentOp() && assignTok->tokType() != Token::eIncDecOp)
         return;
 
+    if (!assignTok->astOperand1())
+        return;
+
     const Variable* var = assignTok->astOperand1()->variable();
     if (!var)
         return;
diff --git a/test/cli/fuzz-crash/crash-186a1454bca1f10fbc8767d8cc74152bf326a449 b/test/cli/fuzz-crash/crash-186a1454bca1f10fbc8767d8cc74152bf326a449
new file mode 100644
index 00000000000..3097b665c2b
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-186a1454bca1f10fbc8767d8cc74152bf326a449
@@ -0,0 +1 @@
+assert({=;})
\ No newline at end of file