diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 22b756fff..033596a6b 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -7434,7 +7434,7 @@ void Tokenizer::simplifyEnum() enumName = tok1; lastValue = 0; tok1 = tok1->tokAt(2); - if (Token::Match(tok1, ",|{|}")) + if (!tok1 || Token::Match(tok1, ",|{|}")) syntaxError(tok1); enumValueStart = tok1; @@ -7442,6 +7442,8 @@ void Tokenizer::simplifyEnum() while (enumValueEnd->next() && (!Token::Match(enumValueEnd->next(), "[},]"))) { if (Token::Match(enumValueEnd, "(|[")) { enumValueEnd = enumValueEnd->link(); + if (!enumValueEnd) // #7018 invalid code + syntaxError(nullptr); continue; } else if (isCPP() && Token::Match(enumValueEnd, "%type% <") && TemplateSimplifier::templateParameters(enumValueEnd->next()) >= 1U) { Token *endtoken = enumValueEnd->next()->findClosingBracket(); @@ -7452,8 +7454,9 @@ void Tokenizer::simplifyEnum() } else syntaxError(enumValueEnd); } - enumValueEnd = enumValueEnd->next(); + if (!enumValueEnd) // #7018 invalid code + syntaxError(nullptr); } // remember this expression in case it needs to be incremented lastEnumValueStart = enumValueStart; diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index b05c426f9..14e8add16 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -167,6 +167,7 @@ private: TEST_CASE(garbageCode125); // 6782, 6834 TEST_CASE(garbageCode126); // #6997 TEST_CASE(garbageCode127); // #6667 + TEST_CASE(garbageCode128); // #7018 TEST_CASE(garbageValueFlow); TEST_CASE(garbageSymbolDatabase); @@ -965,6 +966,11 @@ private: " foo(A(12)).Var\n"); } + void garbageCode128() { + ASSERT_THROW(checkCode("enum { FOO = ( , ) } {{ }} enum {{ FOO << = } ( ) } {{ }} ;"), + InternalError); + } + void garbageValueFlow() { // #6089 const char* code = "{} int foo(struct, x1, struct x2, x3, int, x5, x6, x7)\n"