danmar#6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope().

Author: amai2012

lib/checkbufferoverrun.cpp

@@ -517,7 +517,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
 
     const bool isPortabilityEnabled = _settings->isEnabled("portability");
 
-    for (const Token* const end = tok->scope()->classEnd; tok != end; tok = tok->next()) {
+    for (const Token* const end = tok->scope()->classEnd; tok && tok != end; tok = tok->next()) {
         if (declarationId != 0 && Token::Match(tok, "%varid% = new|malloc|realloc", declarationId)) {
             // Abort
             break;

test/testbufferoverrun.cpp

@@ -316,6 +316,8 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(writeOutsideBufferSize)
 
         TEST_CASE(negativeMemoryAllocationSizeError) // #389
+
+        TEST_CASE(garbage1) // #6303
     }
 
 
@@ -4262,6 +4264,14 @@ class TestBufferOverrun : public TestFixture {
               "}\n");
         ASSERT_EQUALS("[test.cpp:4]: (error) Memory allocation size is negative.\n", errout.str());
     }
+
+    void garbage1() {
+        check("void foo() {\n"
+              "char *a = malloc(10);\n"
+              "a[0]\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
 };
 
 REGISTER_TEST(TestBufferOverrun)