diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp
index 5aa543a77..178255a06 100644
--- a/test/testtokenize.cpp
+++ b/test/testtokenize.cpp
@@ -473,6 +473,7 @@ private:
         TEST_CASE(removeMacroInClassDef); // #6058
 
         TEST_CASE(sizeofAddParentheses);
+        TEST_CASE(incompleteTernary); // #6659
     }
 
     std::string tokenizeAndStringify(const char code[], bool simplify = false, bool expand = true, Settings::PlatformType platform = Settings::Unspecified, const char* filename = "test.cpp", bool cpp11 = true) {
@@ -8726,6 +8727,17 @@ private:
                             "CS_PLUGIN_NAMESPACE_END(csparser)\n";
         tokenizeAndStringify(code, true);
     }
+
+    // #6659 heap user after free: kernel: sm750_accel.c
+    void incompleteTernary() {
+        const char * code = "void hw_copyarea() {\n"
+                            "   de_ctrl = (nDirection == RIGHT_TO_LEFT) ?\n"
+                            "    ( (0 & ~(((1 << (1 - (0 ? DE_CONTROL_DIRECTION))) - 1) << (0 ? DE_CONTROL_DIRECTION))) )\n"
+                            "    : 42;\n"
+                            "}";
+
+        tokenizeAndStringify(code, true);
+    }
 };
 
 REGISTER_TEST(TestTokenizer)