From 5f84272a52cbe5321ab49c4e73e229281cf00fcf Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Mon, 21 Feb 2011 14:25:35 -0500
Subject: [PATCH 1/6] fix segfault: #2591 (cppcheck hangs with 100% cpu load (
 class A : ))

---
 lib/symboldatabase.cpp | 2 +-
 test/testclass.cpp     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/symboldatabase.cpp b/lib/symboldatabase.cpp
index 0eafe3ebb..a600a1a3a 100644
--- a/lib/symboldatabase.cpp
+++ b/lib/symboldatabase.cpp
@@ -899,7 +899,7 @@ const Token *SymbolDatabase::initBaseInfo(Scope *scope, const Token *tok)
             tok2 = tok2->next();
 
             // check for invalid code
-            if (!tok2->next())
+            if (!tok2 || !tok2->next())
                 return NULL;
 
             if (tok2->str() == "public")
diff --git a/test/testclass.cpp b/test/testclass.cpp
index 7f80a053b..a4f727618 100644
--- a/test/testclass.cpp
+++ b/test/testclass.cpp
@@ -195,6 +195,7 @@ private:
         TEST_CASE(symboldatabase12); // ticket #2547
         TEST_CASE(symboldatabase13); // ticket #2577
         TEST_CASE(symboldatabase14); // ticket #2589
+        TEST_CASE(symboldatabase15); // ticket #2591
     }
 
     // Check the operator Equal
@@ -5596,6 +5597,14 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void symboldatabase15()
+    {
+        // ticket #2591 - segmentation fault
+        checkConst("struct A :\n");
+
+        ASSERT_EQUALS("", errout.str());
+    }
+
 };
 
 REGISTER_TEST(TestClass)

From 999646fca626b48379b1b5eb4e1896dd20cf12f1 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Mon, 21 Feb 2011 17:49:30 -0500
Subject: [PATCH 2/6] fix #2599 (segmentation fault of cppcheck ( sizeof ))

---
 lib/tokenize.cpp            |  3 +++
 test/testsimplifytokens.cpp | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index cb23f4c39..c52059dd5 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -3809,6 +3809,9 @@ void Tokenizer::simplifySizeof()
         if (tok->str() != "sizeof")
             continue;
 
+        if (!tok->next())
+            break;
+
         if (Token::simpleMatch(tok->next(), "sizeof"))
             continue;
 
diff --git a/test/testsimplifytokens.cpp b/test/testsimplifytokens.cpp
index 58273fa4a..e883f6adb 100644
--- a/test/testsimplifytokens.cpp
+++ b/test/testsimplifytokens.cpp
@@ -84,6 +84,7 @@ private:
         TEST_CASE(sizeof19);    // #1891 - sizeof 'x'
         TEST_CASE(sizeof20);    // #2024 - sizeof a)
         TEST_CASE(sizeof21);    // #2232 - sizeof...(Args)
+        TEST_CASE(sizeof22);    // #2599
         TEST_CASE(sizeofsizeof);
         TEST_CASE(casting);
 
@@ -1418,6 +1419,15 @@ private:
         tok(code);
     }
 
+    void sizeof22()
+    {
+        // ticket #2599 segmentation fault
+        const char code[] = "sizeof\n";
+
+        // don't segfault
+        tok(code);
+    }
+
 
     void sizeofsizeof()
     {

From 4e1ce93104efb01f9588c13e1eac8d754784b8f3 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Mon, 21 Feb 2011 19:30:40 -0500
Subject: [PATCH 3/6] fix #2600 (segmentation fault of cppcheck ( enum{const}
 ))

---
 lib/tokenize.cpp            | 2 +-
 test/testsimplifytokens.cpp | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index c52059dd5..bc294e187 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -7845,7 +7845,7 @@ void Tokenizer::simplifyEnum()
             }
 
             // check for a variable definition: enum {} x;
-            if (end->next()->str() != ";")
+            if (end->next() && end->next()->str() != ";")
             {
                 Token *tempTok = end;
 
diff --git a/test/testsimplifytokens.cpp b/test/testsimplifytokens.cpp
index e883f6adb..abad36601 100644
--- a/test/testsimplifytokens.cpp
+++ b/test/testsimplifytokens.cpp
@@ -285,6 +285,7 @@ private:
         TEST_CASE(enum17); // ticket #2381 (duplicate enums)
         TEST_CASE(enum18); // #2466 (array with same name as enum constant)
         TEST_CASE(enum19); // ticket #2536
+        TEST_CASE(enum20); // ticket #2600
 
         // remove "std::" on some standard functions
         TEST_CASE(removestd);
@@ -6183,6 +6184,12 @@ private:
         ASSERT_EQUALS(";", tok(code, false));
     }
 
+    void enum20() // ticket #2600 segmentation fault
+    {
+        const char code[] = "enum { const }\n";
+        ASSERT_EQUALS(";", tok(code, false));
+    }
+
     void removestd()
     {
         ASSERT_EQUALS("; strcpy ( a , b ) ;", tok("; std::strcpy(a,b);"));

From ba6c2ca3102df53a58e61240a72f5caab4cfcc2a Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Tue, 22 Feb 2011 06:47:28 -0500
Subject: [PATCH 4/6] fix #2602 (segmentation fault of cppcheck ( class A {A&
 operator=(const A&); }; ))

---
 lib/checkclass.cpp          | 25 ++++++++++++++-----------
 test/testunusedprivfunc.cpp |  9 +++++++++
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/lib/checkclass.cpp b/lib/checkclass.cpp
index 4d19f2c91..b13143d80 100644
--- a/lib/checkclass.cpp
+++ b/lib/checkclass.cpp
@@ -641,20 +641,23 @@ void CheckClass::privateFunctions()
         for (func = scope->functionList.begin(); func != scope->functionList.end(); ++func)
         {
             const Token *ftok = func->start;
-            const Token *etok = ftok->link();
-
-            for (; ftok != etok; ftok = ftok->next())
+            if (ftok)
             {
-                if (Token::Match(ftok, "%var% ("))
+                const Token *etok = ftok->link();
+
+                for (; ftok != etok; ftok = ftok->next())
                 {
-                    // Remove function from FuncList
-                    std::list<const Token *>::iterator it = FuncList.begin();
-                    while (it != FuncList.end())
+                    if (Token::Match(ftok, "%var% ("))
                     {
-                        if (ftok->str() == (*it)->str())
-                            FuncList.erase(it++);
-                        else
-                            ++it;
+                        // Remove function from FuncList
+                        std::list<const Token *>::iterator it = FuncList.begin();
+                        while (it != FuncList.end())
+                        {
+                            if (ftok->str() == (*it)->str())
+                                FuncList.erase(it++);
+                            else
+                                ++it;
+                        }
                     }
                 }
             }
diff --git a/test/testunusedprivfunc.cpp b/test/testunusedprivfunc.cpp
index 272df269f..ea2e2097d 100644
--- a/test/testunusedprivfunc.cpp
+++ b/test/testunusedprivfunc.cpp
@@ -39,6 +39,7 @@ private:
         TEST_CASE(test3);
         TEST_CASE(test4);
         TEST_CASE(test5);
+        TEST_CASE(test6); // ticket #2602
 
         // [ 2236547 ] False positive --style unused function, called via pointer
         TEST_CASE(func_pointer1);
@@ -225,6 +226,14 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void test6() // ticket #2602 segmentation fault
+    {
+        check("class A {\n"
+              "    A& operator=(const A&);\n"
+              "};\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
 
 
 

From 703448171a73c883857b3239a583714adfc3a639 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Tue, 22 Feb 2011 07:02:15 -0500
Subject: [PATCH 5/6] fix #2601 (segmentation fault of cppcheck)

---
 lib/tokenize.cpp            | 3 +++
 test/testsimplifytokens.cpp | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index bc294e187..a9511e766 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -5980,6 +5980,9 @@ void Tokenizer::simplifyIfNotNull()
         {
             tok = tok->next();
 
+            if (!tok)
+                break;
+
             if (Token::simpleMatch(tok, "0 != (") ||
                 Token::Match(tok, "0 != %var%"))
             {
diff --git a/test/testsimplifytokens.cpp b/test/testsimplifytokens.cpp
index abad36601..f0ee842fa 100644
--- a/test/testsimplifytokens.cpp
+++ b/test/testsimplifytokens.cpp
@@ -326,6 +326,8 @@ private:
         TEST_CASE(simplifyFunctionReturn);
 
         TEST_CASE(removeUnnecessaryQualification);
+
+        TEST_CASE(simplifyIfNotNull);
     }
 
     std::string tok(const char code[], bool simplify = true)
@@ -6516,6 +6518,13 @@ private:
         ASSERT_EQUALS(expected, tok(code, false));
         ASSERT_EQUALS("[test.cpp:1]: (portability) Extra qualification 'Fred::' unnecessary and considered an error by many compilers.\n", errout.str());
     }
+
+    void simplifyIfNotNull() // ticket # 2601 segmentation fault
+    {
+        const char code[] = "|| #if #define <=";
+        tok(code, false);
+        ASSERT_EQUALS("", errout.str());
+    }
 };
 
 REGISTER_TEST(TestSimplifyTokens)

From dd12fc177fb827d3d54648ec725c9403cb9edf1a Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Tue, 22 Feb 2011 07:48:34 -0500
Subject: [PATCH 6/6] fix #2603 (segmentation fault of cppcheck ( typedef
 constexpr))

---
 lib/tokenize.cpp            | 14 ++++++++++++++
 test/testsimplifytokens.cpp | 10 ++++++++++
 2 files changed, 24 insertions(+)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index a9511e766..54639fc35 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -1039,6 +1039,13 @@ void Tokenizer::simplifyTypedef()
         Token *namespaceStart = 0;
         Token *namespaceEnd = 0;
 
+        // check for invalid input
+        if (!tok->next())
+        {
+            syntaxError(tok);
+            return;
+        }
+
         if (Token::simpleMatch(tok->next(), "::") ||
             Token::Match(tok->next(), "%type%"))
         {
@@ -1071,6 +1078,13 @@ void Tokenizer::simplifyTypedef()
         else
             continue; // invalid input
 
+        // check for invalid input
+        if (!tok->tokAt(offset))
+        {
+            syntaxError(tok);
+            return;
+        }
+
         // check for template
         if (tok->tokAt(offset)->str() == "<")
         {
diff --git a/test/testsimplifytokens.cpp b/test/testsimplifytokens.cpp
index f0ee842fa..3ee94725f 100644
--- a/test/testsimplifytokens.cpp
+++ b/test/testsimplifytokens.cpp
@@ -240,6 +240,7 @@ private:
         TEST_CASE(simplifyTypedef78); // ticket #2568
         TEST_CASE(simplifyTypedef79); // ticket #2348
         TEST_CASE(simplifyTypedef80); // ticket #2587
+        TEST_CASE(simplifyTypedef81); // ticket #2603
 
         TEST_CASE(simplifyTypedefFunction1);
         TEST_CASE(simplifyTypedefFunction2); // ticket #1685
@@ -4921,6 +4922,15 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void simplifyTypedef81() // ticket #2603 segmentation fault
+    {
+        checkSimplifyTypedef("typedef\n");
+        ASSERT_EQUALS("[test.cpp:1]: (error) syntax error\n", errout.str());
+
+        checkSimplifyTypedef("typedef constexpr\n");
+        ASSERT_EQUALS("[test.cpp:1]: (error) syntax error\n", errout.str());
+    }
+
     void simplifyTypedefFunction1()
     {
         {