diff --git a/lib/tokenlist.cpp b/lib/tokenlist.cpp index 5921621fed2..c28075fcec7 100644 --- a/lib/tokenlist.cpp +++ b/lib/tokenlist.cpp @@ -1951,8 +1951,11 @@ void TokenList::validateAst(bool print) const if (tok->str() == "?") { if (!tok->astOperand1() || !tok->astOperand2()) throw InternalError(tok, "AST broken, ternary operator missing operand(s)", InternalError::AST); - if (tok->astOperand2()->str() != ":") + const Token* colon = tok->astOperand2(); + if (colon->str() != ":") throw InternalError(tok, "Syntax Error: AST broken, ternary operator lacks ':'.", InternalError::AST); + if ((colon->astOperand1() && !precedes(colon->astOperand1(), colon)) || !succeeds(colon->astOperand2(), colon)) + throw InternalError(tok, "AST broken, ternary operator has bad operand(s)", InternalError::AST); } // Check for endless recursion diff --git a/test/cli/fuzz-crash_c/14742 b/test/cli/fuzz-crash_c/14742 new file mode 100644 index 00000000000..a645277c405 --- /dev/null +++ b/test/cli/fuzz-crash_c/14742 @@ -0,0 +1 @@ +i(){b?8:{}!$}