From 78f4a95eefd81e4a45b54e6c1afa2dbd434dcd5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Sat, 16 Feb 2013 17:29:28 +0100
Subject: [PATCH] Compiler: Fixed potential NULL-deref in type checker.

debug_low_index_type() accepts a NULL node argument, but
low_check_indexing() assumed it to be a valid pointer.
It doesn't look like debug_low_index_type() is ever called
with a NULL node argument, but...

Also adds a few fall through markers.
---
 src/pike_types.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/pike_types.c b/src/pike_types.c
index ca7b056c38..a66677ecf5 100644
--- a/src/pike_types.c
+++ b/src/pike_types.c
@@ -4837,6 +4837,8 @@ static struct pike_type *debug_low_index_type(struct pike_type *t,
       }
     }
   }
+  /* FALL_THROUGH */
+
   default:
     add_ref(mixed_type_string);
     return mixed_type_string;
@@ -5341,7 +5343,7 @@ static int low_check_indexing(struct pike_type *type,
     {
       int i = -1;
       /* Check against the LFUN types. */
-      if(n->token == F_ARROW)
+      if(n && (n->token == F_ARROW))
       {
 	(i = FIND_LFUN(p,LFUN_ARROW))!=-1 ||
 	  (i = FIND_LFUN(p,LFUN_ASSIGN_ARROW));
@@ -6747,6 +6749,8 @@ static struct pike_type *low_get_first_arg_type(struct pike_type *arg_type,
 	push_type(arg_type->type);
 	return pop_unfinished_type();
       }
+      /* FALL_THROUGH */
+
     case T_ARRAY:
     case T_MULTISET:
       /* Keep void! */
-- 
GitLab