Usage of undeclared variables leads to null-pointer dereference

[clesmian]

This has been found while fuzzing c2m compiled from commit d51b45f6c76d2ca03a5b2e1968c195b867eaed30 with ASAN.

poc.txt

Execution of c2m poc.txt leads to a segmentation fault. ASAN reveals a null-pointer dereference in set_type_layout.

ASAN Output

==1860239==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x557a2957e264 bp 0x604000013924 sp 0x7f43b11f9850 T1)
==1860239==The signal is caused by a READ memory access.
==1860239==Hint: address points to the zero page.
    #0 0x557a2957e263 in set_type_layout c2mir/c2mir.c:6091
    #1 0x557a2960d3b4 in check c2mir/c2mir.c:9670
    #2 0x557a2962ead5 in create_decl c2mir/c2mir.c:7797
    #3 0x557a2960c607 in check c2mir/c2mir.c:9155
    #4 0x557a2960fb5f in check c2mir/c2mir.c:8282
    #5 0x557a2960ddc8 in check c2mir/c2mir.c:9421
    #6 0x557a2961d452 in check c2mir/c2mir.c:9350
    #7 0x557a2960fb5f in check c2mir/c2mir.c:8282
    #8 0x557a2960f0d9 in check c2mir/c2mir.c:9427
    #9 0x557a29652284 in do_context c2mir/c2mir.c:9693
    #10 0x557a29652284 in c2mir_compile c2mir/c2mir.c:13477
    #11 0x557a29656534 in compile c2mir/c2mir-driver.c:498
    #12 0x7f43b47f5608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
    #13 0x7f43b471a132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV c2mir/c2mir.c:6091 in set_type_layout
Thread T1 created by T0 here:
    #0 0x7f43b499f815 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208
    #1 0x557a29568cab in init_compilers c2mir/c2mir-driver.c:540
    #2 0x557a29568cab in main c2mir/c2mir-driver.c:656

[vnmakarov]

I fixed it too. Thank you for reporting and the tests.

[clesmian]

Fixed in 41166d91c2281fbea93034710bdbb8f30ca60b7a