From c5b50ed9a90a17fff298677a380c78b489bf3274 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20St=C3=B6neberg?=
 <firewave@users.noreply.github.com>
Date: Wed, 17 Jan 2024 22:46:06 +0100
Subject: [PATCH] CheckUnusedVar: fixed potential crash with incomplete code in
 `doAssignment()` (#5887)

Happened with the IDE integration while I was typing code.
---
 lib/checkunusedvar.cpp | 2 ++
 test/testgarbage.cpp   | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/lib/checkunusedvar.cpp b/lib/checkunusedvar.cpp
index 101c886fe91..01565184736 100644
--- a/lib/checkunusedvar.cpp
+++ b/lib/checkunusedvar.cpp
@@ -474,6 +474,8 @@ static const Token* doAssignment(Variables &variables, const Token *tok, bool de
                     tok = tok->next();
 
                 tok = tok->next();
+                if (!tok)
+                    return tokOld;
                 if (tok->str() == "*")
                     tok = tok->next();
 
diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp
index 75f3ff2abeb..22a727fe719 100644
--- a/test/testgarbage.cpp
+++ b/test/testgarbage.cpp
@@ -252,6 +252,7 @@ class TestGarbage : public TestFixture {
         TEST_CASE(garbageCode221);
         TEST_CASE(garbageCode222); // #10763
         TEST_CASE(garbageCode223); // #11639
+        TEST_CASE(garbageCode224);
 
         TEST_CASE(garbageCodeFuzzerClientMode1); // test cases created with the fuzzer client, mode 1
 
@@ -1719,6 +1720,9 @@ class TestGarbage : public TestFixture {
     void garbageCode223() { // #11639
         ASSERT_THROW(checkCode("struct{}*"), InternalError);  // don't crash
     }
+    void garbageCode224() {
+        checkCode("void f(){ auto* b = dynamic_cast<const }");  // don't crash
+    }
 
     void syntaxErrorFirstToken() {
         ASSERT_THROW(checkCode("&operator(){[]};"), InternalError); // #7818