From 27aae8d0324638a7d8b92ac803e3606ec4f36cb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Thu, 30 Aug 2018 10:01:19 +0200
Subject: [PATCH] Fixed #8644 (crash
 (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)

---
 lib/checkbufferoverrun.cpp | 4 ++++
 test/testbufferoverrun.cpp | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index d04290368..2dc2a5e21 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1265,6 +1265,10 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
 
             // varid : The variable id for the array
             const Variable *var = tok->next()->variable();
+            // FIXME: This is an ugly fix for a crash. The SymbolDatabase
+            // should create the variable.
+            if (!var)
+                continue;
 
             if (mTokenizer->isCPP() && Token::Match(tok, "[*;{}] %var% = new %type% [")) {
                 tok = tok->tokAt(5);
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 3e5429e19..5694e9d1e 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -225,6 +225,7 @@ private:
         TEST_CASE(crash2);  // Ticket #3034 - crash
         TEST_CASE(crash3);  // Ticket #5426 - crash
         TEST_CASE(crash4);  // Ticket #8679 - crash
+        TEST_CASE(crash5);  // Ticket #8644 - crash
 
         TEST_CASE(executionPaths1);
         TEST_CASE(executionPaths2);
@@ -3654,6 +3655,14 @@ private:
               "}");
     }
 
+    void crash5() { // 8644 - token has varId() but variable() is null
+        check("int a() {\n"
+              "    void b(char **dst) {\n"
+              "        *dst = malloc(50);\n"
+              "    }\n"
+              "}");
+    }
+
     void executionPaths1() {
         check("void f(int a)\n"
               "{\n"