From 0ace50204bb853a8b07f563a5dd0ebe9da518d1d Mon Sep 17 00:00:00 2001
From: orbitcowboy <orbitcowboy@web.de>
Date: Sun, 7 Apr 2019 13:27:33 +0200
Subject: [PATCH] Fixed a crash on garbage code. The test input was found by
 afl_cppcheck (type2). Unforunately, the cppcheck-fuzzer-client was crashing
 only when executing the binary input from afl-fuzz. Using the
 translated-input (C-code) did not lead to crash. I tested it with activated
 address/undefined behaviour sanitizer as well as non-instrumented source
 code. Since the translated output is too long (164 lines), i will not add it
 the testgarbage.cpp.

---
 lib/checkcondition.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/checkcondition.cpp b/lib/checkcondition.cpp
index 4b7761510..12edb4735 100644
--- a/lib/checkcondition.cpp
+++ b/lib/checkcondition.cpp
@@ -626,6 +626,10 @@ void CheckCondition::multiCondition2()
                     if (const Token *op = Token::findmatch(tok, "++|--", condEndToken)) {
                         bool bailout = false;
                         while (op) {
+                            if (!op->astOperand1()) {
+                                bailout = true;
+                                break;
+                            }
                             if (vars.find(op->astOperand1()->varId()) != vars.end()) {
                                 bailout = true;
                                 break;