From 6933e5329df7f5fe99fae2c6e9b11b77bb07c8c7 Mon Sep 17 00:00:00 2001
From: firewave <firewave@users.noreply.github.com>
Date: Wed, 6 Mar 2024 15:37:39 +0100
Subject: [PATCH] fixed fuzzing crash

/home/user/CLionProjects/cppcheck-rider/lib/tokenlist.cpp:1584:57: runtime error: member call on null pointer of type 'Token'
    #0 0x567b09ca144a in createAstAtToken(Token*, bool) /home/user/CLionProjects/cppcheck-rider/lib/tokenlist.cpp:1584:57
    #1 0x567b09c9f318 in TokenList::createAst() const /home/user/CLionProjects/cppcheck-rider/lib/tokenlist.cpp:1757:15
    #2 0x567b08bffc19 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /home/user/CLionProjects/cppcheck-rider/lib/tokenize.cpp:3380:14
    #3 0x567b096e08ea in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&, std::istream*) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:925:32
    #4 0x567b096cfbb7 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) /home/user/CLionProjects/cppcheck-rider/lib/cppcheck.cpp:556:12
    #5 0x567b087cdf2b in SingleExecutor::check() /home/user/CLionProjects/cppcheck-rider/cli/singleexecutor.cpp:53:29
    #6 0x567b087088dc in CppCheckExecutor::check_internal(Settings const&) const /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:277:32
    #7 0x567b0870773d in CppCheckExecutor::check_wrapper(Settings const&) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:216:12
    #8 0x567b0870667a in CppCheckExecutor::check(int, char const* const*) /home/user/CLionProjects/cppcheck-rider/cli/cppcheckexecutor.cpp:202:21
    #9 0x567b09e173a7 in main /home/user/CLionProjects/cppcheck-rider/cli/main.cpp:91:21
    #10 0x7a285fb55ccf  (/usr/lib/libc.so.6+0x29ccf) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #11 0x7a285fb55d89 in __libc_start_main (/usr/lib/libc.so.6+0x29d89) (BuildId: 0865c4b9ba13e0094e8b45b78dfc7a2971f536d2)
    #12 0x567b085419f4 in _start (/home/user/CLionProjects/cppcheck-rider/cmake-build-debug-clang-asan-ubsan/bin/cppcheck+0xf6d9f4) (BuildId: 0c5083349039fc85dc8c8bb587f97bea024306ef)
---
 lib/tokenlist.cpp                                               | 2 +-
 .../fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac

diff --git a/lib/tokenlist.cpp b/lib/tokenlist.cpp
index 6cd58a78573..d8048af2ee3 100644
--- a/lib/tokenlist.cpp
+++ b/lib/tokenlist.cpp
@@ -1582,7 +1582,7 @@ static Token * createAstAtToken(Token *tok)
             AST_state state1(cpp);
             compileExpression(tok2, state1);
             if (Token::Match(init1, "( !!{")) {
-                for (Token *tok3 = init1; tok3 != tok3->link(); tok3 = tok3->next()) {
+                for (Token *tok3 = init1; tok3 && tok3 != tok3->link(); tok3 = tok3->next()) {
                     if (tok3->astParent()) {
                         while (tok3->astParent())
                             tok3 = tok3->astParent();
diff --git a/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac b/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac
new file mode 100644
index 00000000000..6f94840a159
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-e000709d155e9c993795748ba31fddacbd5a86ac
@@ -0,0 +1 @@
+{for(()s)}
\ No newline at end of file