diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index bb7d7480c..8899aa9b8 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -5131,9 +5131,11 @@ void Tokenizer::simplifyVarDecl(bool only_k_r_fpar) else if (strchr(";,", tok2->str()[0])) { // "type var =" => "type var; var =" - Token *VarTok = type0->tokAt((int)typelen); + const Token *VarTok = type0->tokAt((int)typelen); while (Token::Match(VarTok, "*|&|const")) VarTok = VarTok->next(); + if (!VarTok) + break; // ticket 4245 - invalid code probably list.insertTokens(eq, VarTok, 2); eq->str(";"); diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp index 86b9aa4eb..cfd38c763 100644 --- a/test/testtokenize.cpp +++ b/test/testtokenize.cpp @@ -58,6 +58,7 @@ private: TEST_CASE(tokenize23); // tokenize "return - __LINE__;" TEST_CASE(tokenize24); // #4195 (segmentation fault) TEST_CASE(tokenize25); // #4239 (segmentation fault) + TEST_CASE(tokenize26); // #4245 (segmentation fault) // don't freak out when the syntax is wrong TEST_CASE(wrong_syntax1); @@ -651,6 +652,11 @@ private: void tokenize25() { tokenizeAndStringify("f ( struct { int typedef T x ; } ) { }"); } + + // #4245 - segfault + void tokenize26() { + tokenizeAndStringify("class x { protected : template < int y = } ;"); + } void wrong_syntax1() { {