From 8427398d9d7a283d76b6d7a7be631b9c6c115c80 Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Tue, 24 Feb 2015 11:15:23 +0100
Subject: [PATCH] #6539 Segmentation fault in Tokenizer::duplicateTypedef.
 Avoid crash on garbage code

---
 lib/tokenize.cpp     | 2 +-
 test/testgarbage.cpp | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 4ced99bf5..c238581a8 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -184,7 +184,7 @@ bool Tokenizer::duplicateTypedef(Token **tokPtr, const Token *name, const Token
                 if (end->next()->str() == "(")
                     end = end->linkAt(1);
 
-                end = end->next();
+                end = (end)?end->next():nullptr;
             }
             if (end)
                 end = end->next();
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index 2ce2688c3..7011801f6 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -71,6 +71,7 @@ private:
         TEST_CASE(garbageCode28);
         TEST_CASE(garbageCode29);
         TEST_CASE(garbageCode30); // #5867
+        TEST_CASE(garbageCode31); // #6539
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -393,6 +394,10 @@ private:
                   "}");
     }
 
+    void garbageCode31() {
+        ASSERT_THROW(checkCode("typedef struct{}x[([],)]typedef e y;(y,x 0){}"), InternalError);
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"