[slang-tidy] Fix UB with unmodified stringstream input argument

[likeamahoney]

There is undefined behavior related to reading uninitialized value c (which is UB due to C++ standard) in TidyConfigParser::nextChar because there is no guaranteed that fileStream >> std::noskipws >> c; call will set the value of c due to basic_istream operator>> description in case of empty or bad stream.

nextChar can be called from many different places and there is non-zero chance to enter that call with empty fileStream.

Assume that we are unlucky and got c which was initialized with \t garbage value from stack on some build. So the target loop would be endless. This patch can prove it:

diff --git a/tools/tidy/src/TidyConfigParser.cpp b/tools/tidy/src/TidyConfigParser.cpp
index c6946283..6fe0fdb5 100644
--- a/tools/tidy/src/TidyConfigParser.cpp
+++ b/tools/tidy/src/TidyConfigParser.cpp
@@ -36,7 +36,7 @@ TidyConfigParser::TidyConfigParser(const std::string& config) {
 }

 char TidyConfigParser::nextChar() {
-    char c;
+    char c = '\t';
     do {
         fileStream >> std::noskipws >> c;
     } while (c == ' ' || c == '\t');

[codecov]

Codecov Report

Merging #861 (42f2a61) into master (47a4dc9) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #861   +/-   ##
=======================================
  Coverage   93.72%   93.72%           
=======================================
  Files         189      189           
  Lines       46715    46715           
=======================================
  Hits        43785    43785           
  Misses       2930     2930           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 47a4dc9...42f2a61. Read the comment docs.

[MikePopoloski]

Thanks for the PR!