From 9fedc9bd74383f9093326428c9ba479aee72bb8f Mon Sep 17 00:00:00 2001
From: amai2012 <amai@users.sf.net>
Date: Wed, 24 Jun 2015 16:54:23 +0200
Subject: [PATCH] #6788 segmentation fault (invalid code) in
 Tokenizer::simplifyVarDecl. Fix null pointer access

---
 lib/tokenize.cpp     | 5 ++++-
 test/testgarbage.cpp | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 39ab327e5..c65542da4 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -5371,7 +5371,10 @@ void Tokenizer::simplifyVarDecl(Token * tokBegin, Token * tokEnd, bool only_k_r_
         if (Token::simpleMatch(tok, "= {")) {
             tok = tok->next()->link();
         }
-
+        if (!tok) {
+            syntaxError(tokBegin);
+            return;
+        }
         if (only_k_r_fpar && finishedwithkr) {
             if (Token::Match(tok, "(|[|{")) {
                 tok = tok->link();
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index 1f38e2217..c5f86866c 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -126,6 +126,7 @@ private:
         TEST_CASE(garbageCode84);
         TEST_CASE(garbageCode85);
         TEST_CASE(garbageCode86);
+        TEST_CASE(garbageCode87);
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -692,6 +693,10 @@ private:
         ASSERT_THROW(checkCode("{ } typedef char ( *( X ) ( void) , char ) ;"), InternalError); // do not crash
     }
 
+    void garbageCode87() { // #6788
+        ASSERT_THROW(checkCode("((X (128))) (int a) { v[ = {} (x 42) a] += }"), InternalError); // do not crash
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"