From 3b9828a132ffeb1f0ad60752ac7a1e31a67f5724 Mon Sep 17 00:00:00 2001
From: IOBYTE <reif@earthlink.net>
Date: Wed, 2 Jan 2019 01:15:45 -0500
Subject: [PATCH] template simplifier: fix crash on daca c++-annotations
 project (#1556)

Fix scope info bug on derived template class which caused a use after
free crash when deleting a template forward declaration in a different
scope.
---
 lib/templatesimplifier.cpp    |  3 ++-
 test/testsimplifytemplate.cpp | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/lib/templatesimplifier.cpp b/lib/templatesimplifier.cpp
index bbb108773..866983b13 100644
--- a/lib/templatesimplifier.cpp
+++ b/lib/templatesimplifier.cpp
@@ -466,7 +466,8 @@ static void setScopeInfo(const Token *tok, std::list<ScopeInfo2> *scopeInfo)
     }
     tok = tok->next();
     if (tok && tok->str() == ":") {
-        // ...
+        while (tok && !Token::Match(tok, ";|{"))
+            tok = tok->next();
     }
     if (tok && tok->str() == "{") {
         scopeInfo->emplace_back(classname,tok->link());
diff --git a/test/testsimplifytemplate.cpp b/test/testsimplifytemplate.cpp
index 4b977fb9d..dd475193c 100644
--- a/test/testsimplifytemplate.cpp
+++ b/test/testsimplifytemplate.cpp
@@ -130,6 +130,7 @@ private:
         TEST_CASE(template90); // crash
         TEST_CASE(template91);
         TEST_CASE(template92);
+        TEST_CASE(template93); // crash
         TEST_CASE(template_specialization_1);  // #7868 - template specialization template <typename T> struct S<C<T>> {..};
         TEST_CASE(template_specialization_2);  // #7868 - template specialization template <typename T> struct S<C<T>> {..};
         TEST_CASE(template_enum);  // #6299 Syntax error in complex enum declaration (including template)
@@ -1833,6 +1834,38 @@ private:
         ASSERT_EQUALS(exp, tok(code));
     }
 
+    void template93() { // crash
+        const char code[] = "template <typename Iterator>\n"
+                            "void ForEach() { }\n"
+                            "template <typename Type>\n"
+                            "class Vector2 : public Vector {\n"
+                            "    template <typename Iterator>\n"
+                            "    void ForEach();\n"
+                            "public:\n"
+                            "    void process();\n"
+                            "};\n"
+                            "template <typename Type>\n"
+                            "void Vector2<Type>::process() {\n"
+                            "    ForEach<iterator>();\n"
+                            "}\n"
+                            "Vector2<string> c;";
+        const char exp[] = "void ForEach<iterator> ( ) ; "
+                           "class Vector2<string> ; "
+                           "Vector2<string> c ; "
+                           "class Vector2<string> : public Vector { "
+                           "template < typename Iterator > "
+                           "void ForEach ( ) ; "
+                           "public: "
+                           "void process ( ) ; "
+                           "} ; "
+                           "void Vector2<string> :: process ( ) { "
+                           "ForEach<iterator> ( ) ; "
+                           "} "
+                           "void ForEach<iterator> ( ) { "
+                           "}";
+        ASSERT_EQUALS(exp, tok(code));
+    }
+
     void template_specialization_1() {  // #7868 - template specialization template <typename T> struct S<C<T>> {..};
         const char code[] = "template <typename T> struct C {};\n"
                             "template <typename T> struct S {a};\n"