diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 2d85f117a17..144529266e4 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -6268,6 +6268,8 @@ void Tokenizer::removeExtraTemplateKeywords() templateName->isTemplate(true); templateName = templateName->next(); } + if (!templateName) + syntaxError(tok); if (Token::Match(templateName->previous(), "operator %op%|(")) { templateName->isTemplate(true); if (templateName->str() == "(" && templateName->link()) @@ -8641,7 +8643,7 @@ void Tokenizer::findGarbageCode() const syntaxError(tok); if (Token::Match(tok, "==|!=|<=|>= %comp%") && tok->strAt(-1) != "operator") syntaxError(tok, tok->str() + " " + tok->strAt(1)); - if (Token::simpleMatch(tok, ":: ::")) + if (Token::simpleMatch(tok, "::") && (!Token::Match(tok->next(), "%name%|*|~") || (tok->next()->isKeyword() && tok->strAt(1) != "operator"))) syntaxError(tok); } diff --git a/test/cli/fuzz-crash/crash-19219d7e7dfe8202248cd22229cdd9a2fd87a78a b/test/cli/fuzz-crash/crash-19219d7e7dfe8202248cd22229cdd9a2fd87a78a new file mode 100644 index 00000000000..b0042052db2 --- /dev/null +++ b/test/cli/fuzz-crash/crash-19219d7e7dfe8202248cd22229cdd9a2fd87a78a @@ -0,0 +1 @@ +n::template u \ No newline at end of file diff --git a/test/cli/fuzz-crash/crash-77a4e4ffd476997f06f67e4a18b5d4eedfa71900 b/test/cli/fuzz-crash/crash-77a4e4ffd476997f06f67e4a18b5d4eedfa71900 new file mode 100644 index 00000000000..f0766577f5c --- /dev/null +++ b/test/cli/fuzz-crash/crash-77a4e4ffd476997f06f67e4a18b5d4eedfa71900 @@ -0,0 +1 @@ +n i(){t i=0-::-t} \ No newline at end of file diff --git a/test/testmemleak.cpp b/test/testmemleak.cpp index 467ed90ce00..8659865c82f 100644 --- a/test/testmemleak.cpp +++ b/test/testmemleak.cpp @@ -407,7 +407,7 @@ class TestMemleakInFunction : public TestFixture { ASSERT_EQUALS("[test.cpp:4]: (error) Common realloc mistake: \'a\' nulled but not freed upon failure\n", errout_str()); check("void f() {\n" - "void *a = std::nullptr;\n" + "void *a = nullptr;\n" "a = malloc(10);\n" "a = realloc(a, 20);\n" "}");