From 6a08c2718300c01b2692063c7814baa01fa5d5ec Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Sat, 22 Mar 2014 11:14:11 +0100
Subject: [PATCH] Fix segfault in variableIsUsedInScope() - loop variable not
 check against NULL

---
 lib/checkautovariables.cpp |  2 +-
 test/testautovariables.cpp | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/checkautovariables.cpp b/lib/checkautovariables.cpp
index 86ec7dbf3..95cf3d4f4 100644
--- a/lib/checkautovariables.cpp
+++ b/lib/checkautovariables.cpp
@@ -107,7 +107,7 @@ static bool variableIsUsedInScope(const Token* start, unsigned int varId, const
     if (!start) // Ticket #5024
         return false;
 
-    for (const Token *tok = start; tok != scope->classEnd; tok = tok->next()) {
+    for (const Token *tok = start; tok && tok != scope->classEnd; tok = tok->next()) {
         if (tok->varId() == varId)
             return true;
         if (tok->scope()->type == Scope::eFor || tok->scope()->type == Scope::eDo || tok->scope()->type == Scope::eWhile) // In case of loops, better checking would be necessary
diff --git a/test/testautovariables.cpp b/test/testautovariables.cpp
index 9bb27f688..f7151c371 100644
--- a/test/testautovariables.cpp
+++ b/test/testautovariables.cpp
@@ -110,6 +110,8 @@ private:
         TEST_CASE(returnParameterAddress);
 
         TEST_CASE(testconstructor); // ticket #5478 - crash
+
+        TEST_CASE(variableIsUsedInScope); // ticket #5599 crash in variableIsUsedInScope()
     }
 
 
@@ -851,6 +853,16 @@ private:
               "};");
     }
 
+    void variableIsUsedInScope() {
+        check("void removed_cb (GList *uids) {\n"
+              "for (; uids; uids = uids->next) {\n"
+              "}\n"
+              "}\n"
+              "void opened_cb () {\n"
+              "	g_signal_connect (G_CALLBACK (removed_cb));\n"
+              "}");
+    }
+
 };
 
 REGISTER_TEST(TestAutoVariables)