diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index ded3a56e7..fd8ddc36d 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -973,8 +973,17 @@ void Tokenizer::simplifyTypedef() argEnd = tokOffset->link(); argFuncRetStart = argEnd->tokAt(2); + if (!argFuncRetStart) + { + syntaxError(tokOffset); + return; + } argFuncRetEnd = argFuncRetStart->link(); - + if (!argFuncRetEnd) + { + syntaxError(tokOffset); + return; + } tok = argFuncRetEnd->next(); } else if (Token::Match(tokOffset, "( * ( %type% ) (")) { functionRetFuncPtr = true; @@ -985,8 +994,17 @@ void Tokenizer::simplifyTypedef() argEnd = tokOffset->link(); argFuncRetStart = argEnd->tokAt(2); + if (!argFuncRetStart) + { + syntaxError(tokOffset); + return; + } argFuncRetEnd = argFuncRetStart->link(); - + if (!argFuncRetEnd) + { + syntaxError(tokOffset); + return; + } tok = argFuncRetEnd->next(); } diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index 03ac3e1c4..1f38e2217 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -125,6 +125,7 @@ private: TEST_CASE(garbageCode83); TEST_CASE(garbageCode84); TEST_CASE(garbageCode85); + TEST_CASE(garbageCode86); TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -687,6 +688,10 @@ private: ASSERT_THROW(checkCode("{ } { } typedef void ( *VoidFunc() ) ( ) ; VoidFunc"), InternalError); // do not crash } + void garbageCode86() { // #6785 + ASSERT_THROW(checkCode("{ } typedef char ( *( X ) ( void) , char ) ;"), InternalError); // do not crash + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"