From ddc80246c2323dc46176927cc306c84de196f300 Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Sat, 30 May 2015 19:15:53 +0200
Subject: [PATCH] #6724 segmentation fault (invalid code)
 Token::isAttributeConstructor. Local fix to avoid access to NULL-token

---
 lib/tokenize.cpp     | 4 ++--
 test/testgarbage.cpp | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 9b586b11a..14caf8c4f 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -9177,7 +9177,7 @@ void Tokenizer::simplifyAttribute()
                 // prototype for constructor is: void func(void);
                 if (tok->next()->link()->next()->str() == "void") // __attribute__((constructor)) void func() {}
                     tok->next()->link()->next()->next()->isAttributeConstructor(true);
-                else if (tok->next()->link()->next()->str() == ";" && tok->linkAt(-1)) // void func() __attribute__((constructor));
+                else if (tok->next()->link()->next()->str() == ";" && tok->linkAt(-1) && tok->previous()->link()->previous()) // void func() __attribute__((constructor));
                     tok->previous()->link()->previous()->isAttributeConstructor(true);
                 else // void __attribute__((constructor)) func() {}
                     tok->next()->link()->next()->isAttributeConstructor(true);
@@ -9187,7 +9187,7 @@ void Tokenizer::simplifyAttribute()
                 // prototype for destructor is: void func(void);
                 if (tok->next()->link()->next()->str() == "void") // __attribute__((destructor)) void func() {}
                     tok->next()->link()->next()->next()->isAttributeDestructor(true);
-                else if (tok->next()->link()->next()->str() == ";" && tok->linkAt(-1)) // void func() __attribute__((destructor));
+                else if (tok->next()->link()->next()->str() == ";" && tok->linkAt(-1) && tok->previous()->link()->previous()) // void func() __attribute__((destructor));
                     tok->previous()->link()->previous()->isAttributeDestructor(true);
                 else // void __attribute__((destructor)) func() {}
                     tok->next()->link()->next()->isAttributeDestructor(true);
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index f6701b5ef..69d85b513 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -93,6 +93,7 @@ private:
         TEST_CASE(garbageCode52); // #6720
         TEST_CASE(garbageCode53); // #6721
         TEST_CASE(garbageCode54); // #6722
+        TEST_CASE(garbageCode55); // #6724
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -530,6 +531,10 @@ private:
         ASSERT_THROW(checkCode("{ typedef long ((pf) p) (); }"), InternalError);
     }
 
+    void garbageCode55() { // #6724
+        checkCode("() __attribute__((constructor)); { } { }");
+    }
+
     void garbageValueFlow() {
         // #6089
         const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"