From 8adff0a31b27eb32ecbab5753ec97fdbce4f6c87 Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Thu, 28 May 2015 21:12:02 +0200
Subject: [PATCH] #6712 segmentation fault (invalid code) in
 CheckExceptionSafety::checkRethrowCopy. Local fix to avoid accessing
 NULL-token

---
 lib/checkexceptionsafety.cpp | 6 ++++--
 test/testgarbage.cpp         | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/checkexceptionsafety.cpp b/lib/checkexceptionsafety.cpp
index a9bda350e..5f9823b41 100644
--- a/lib/checkexceptionsafety.cpp
+++ b/lib/checkexceptionsafety.cpp
@@ -155,9 +155,11 @@ void CheckExceptionSafety::checkRethrowCopy()
         const unsigned int varid = i->classStart->tokAt(-2)->varId();
         if (varid) {
             for (const Token* tok = i->classStart->next(); tok && tok != i->classEnd; tok = tok->next()) {
-                if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) // Don't check inner catch - it is handled in another iteration of outer loop.
+                if (Token::simpleMatch(tok, "catch (") && tok->next()->link() && tok->next()->link()->next()) { // Don't check inner catch - it is handled in another iteration of outer loop.
                     tok = tok->next()->link()->next()->link();
-                else if (Token::Match(tok, "throw %varid% ;", varid))
+                    if (!tok)
+                        break;
+                } else if (Token::Match(tok, "throw %varid% ;", varid))
                     rethrowCopyError(tok, tok->strAt(1));
             }
         }
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index 6b7ad6114..a8cf71a3e 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -86,6 +86,7 @@ private:
         TEST_CASE(garbageCode45); // #6608
         TEST_CASE(garbageCode46); // #6705
         TEST_CASE(garbageCode47); // #6706
+        TEST_CASE(garbageCode48); // #6712
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -495,6 +496,10 @@ private:
         checkCode(" { { }; }; * new private: B: B;");
     }
 
+    void garbageCode48() { // #6712
+        checkCode(" { d\n\" ) d ...\n\" } int main ( ) { ( ) catch ( A a ) { { } catch ( ) \"\" } }");
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"