From f348c8eebef9e4c34f713025eca397b21720ecb6 Mon Sep 17 00:00:00 2001
From: Alexander Mai <amai@users.sf.net>
Date: Tue, 2 Jun 2015 20:09:12 +0200
Subject: [PATCH] #6741 segmentation fault (invalid code) in
 Tokenizer::simplifyTypedef.

---
 lib/tokenize.cpp     | 6 +++---
 test/testgarbage.cpp | 9 +++++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 814a99802..b1862fa83 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -1404,16 +1404,16 @@ void Tokenizer::simplifyTypedef()
                         tok2 = tok2->next();
 
                         // skip over name
-                        if (tok2->next()->str() != ")") {
+                        if (tok2 && tok2->next() && tok2->next()->str() != ")") {
                             if (tok2->next()->str() != "(")
                                 tok2 = tok2->next();
 
                             // check for function and skip over args
-                            if (tok2->next() && tok2->next()->str() == "(")
+                            if (tok2 && tok2->next() && tok2->next()->str() == "(")
                                 tok2 = tok2->next()->link();
 
                             // check for array
-                            if (tok2->next() && tok2->next()->str() == "[")
+                            if (tok2 && tok2->next() && tok2->next()->str() == "[")
                                 tok2 = tok2->next()->link();
                         } else {
                             // syntax error
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index f5770c44b..d0b7ad1fe 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -96,13 +96,14 @@ private:
         TEST_CASE(garbageCode55); // #6724
         TEST_CASE(garbageCode56); // #6713
         TEST_CASE(garbageCode57); // #6733
-        //TEST_CASE(garbageCode58); // #6732
+        TEST_CASE(garbageCode58); // #6732
         TEST_CASE(garbageCode59); // #6735
         TEST_CASE(garbageCode60); // #6736
         TEST_CASE(garbageCode61);
         TEST_CASE(garbageCode62);
         TEST_CASE(garbageCode63);
         TEST_CASE(garbageCode64);
+        TEST_CASE(garbageCode65);
 
         TEST_CASE(garbageValueFlow);
         TEST_CASE(garbageSymbolDatabase);
@@ -553,7 +554,7 @@ private:
     }
 
     void garbageCode58() { // #6732
-        ASSERT_THROW(checkCode("{ }> {= ~A()^{} }P { }"), InternalError);
+        //ASSERT_THROW(checkCode("{ }> {= ~A()^{} }P { }"), InternalError);
     }
 
     void garbageCode59() { // #6735
@@ -580,6 +581,10 @@ private:
         ASSERT_THROW(checkCode("{ } foo(void (*bar)(void))"), InternalError);
     }
 
+    void garbageCode65() { // #6741
+        ASSERT_THROW(checkCode("{ } { } typedef int u_array[]; typedef u_array &u_array_ref; (u_array_ref arg) { } u_array_ref"), InternalError);
+    }
+
 
     void garbageValueFlow() {
         // #6089