From dbba0ca517ad0c32cdd7f0bd68de9c35145e1735 Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" Date: Wed, 8 Jan 2020 01:18:53 +0900 Subject: `p->locals` may be `NULL` when error occurs before the point. This is reported by oss-fuzz: Issue 19886: mruby:mruby_fuzzer: Potential-null-reference in setup_numparams --- mrbgems/mruby-compiler/core/parse.y | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mrbgems/mruby-compiler/core/parse.y b/mrbgems/mruby-compiler/core/parse.y index 993cbca8c..0a5eb2a7b 100644 --- a/mrbgems/mruby-compiler/core/parse.y +++ b/mrbgems/mruby-compiler/core/parse.y @@ -845,7 +845,8 @@ setup_numparams(parser_state *p, node *a) if (a && (a->car || (a->cdr && a->cdr->car) || (a->cdr->cdr && a->cdr->cdr->car) || (a->cdr->cdr->cdr->cdr && a->cdr->cdr->cdr->cdr->car))) { yyerror(p, "ordinary parameter is defined"); } - else { + else if (p->locals) { + /* p->locals should not be NULL unless error happens before the point */ node* args = 0; for (i = nvars; i > 0; i--) { char buf[3]; -- cgit v1.2.3