From 133d8f9a9110c1c2f58a3a47b48897de11a4871c Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Wed, 27 May 2015 21:39:31 +0200
Subject: [PATCH] #6706 segmentation fault (invalid code) in
 tokenlist::compilePrecedence3. Local fix to prevent acess to NULL-token

---
 lib/tokenlist.cpp    | 8 ++++----
 test/testgarbage.cpp | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/tokenlist.cpp b/lib/tokenlist.cpp
index b5f1d1b79..d55d450b3 100644
--- a/lib/tokenlist.cpp
+++ b/lib/tokenlist.cpp
@@ -156,7 +156,7 @@ void TokenList::addtoken(const std::string & str, const unsigned int lineno, con
 
 void TokenList::addtoken(const Token * tok, const unsigned int lineno, const unsigned int fileno)
 {
-    if (tok == 0)
+    if (tok == nullptr)
         return;
 
     if (_back) {
@@ -411,7 +411,7 @@ unsigned long long TokenList::calculateChecksum() const
 
         checksum ^= ((static_cast<unsigned long long>(subchecksum1) << 32) | subchecksum2);
 
-        bool bit1 = (checksum & 1) != 0;
+        const bool bit1 = (checksum & 1) != 0;
         checksum >>= 1;
         if (bit1)
             checksum |= (1ULL << 63);
@@ -689,7 +689,7 @@ static void compilePrecedence3(Token *&tok, AST_state& state)
                 state.op.push(tok->next());
                 tok = tok->link()->next();
                 compileBinOp(tok, state, compilePrecedence2);
-            } else if (tok->str() == "[" || tok->str() == "(")
+            } else if (tok && (tok->str() == "[" || tok->str() == "("))
                 compilePrecedence2(tok, state);
             else if (innertype && Token::simpleMatch(tok, ") [")) {
                 tok = tok->next();
@@ -701,7 +701,7 @@ static void compilePrecedence3(Token *&tok, AST_state& state)
         } else if (state.cpp && Token::Match(tok, "delete %name%|*|&|::|(|[")) {
             Token* tok2 = tok;
             tok = tok->next();
-            if (tok->str() == "[")
+            if (tok && tok->str() == "[")
                 tok = tok->link()->next();
             compilePrecedence3(tok, state);
             compileUnaryOp(tok2, state, nullptr);
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index fbaaae122..6b7ad6114 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -85,6 +85,7 @@ private:
         TEST_CASE(garbageCode44); // #6704
         TEST_CASE(garbageCode45); // #6608
         TEST_CASE(garbageCode46); // #6705
+        TEST_CASE(garbageCode47); // #6706
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -490,6 +491,10 @@ private:
         checkCode(" { bar(char *x); void foo (int ...) { struct } va_list ap; va_start(ap, size); va_arg(ap, (d)); }");
     }
 
+    void garbageCode47() { // #6706
+        checkCode(" { { }; }; * new private: B: B;");
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"