From 9c950e903f636c92d7b813a989dcf996a6461ac7 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Tue, 25 Jun 2024 22:11:32 +0200
Subject: [PATCH 1/2] Fix #12864, #12865 fuzzing crashes

---
 lib/tokenize.cpp                                             | 5 +++++
 .../crash-c021b973c9f8692ff1ea73710209a4129dc7a834           | 1 +
 .../crash-f158d32510f6eba5e1aa06ed8ef689b88da33a95           | 1 +
 3 files changed, 7 insertions(+)
 create mode 100644 test/cli/fuzz-crash/crash-c021b973c9f8692ff1ea73710209a4129dc7a834
 create mode 100644 test/cli/fuzz-crash/crash-f158d32510f6eba5e1aa06ed8ef689b88da33a95

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 5f9ee4809a7..eda21d6dc18 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -910,6 +910,9 @@ namespace {
 
             Token* const tok4 = useAfterVarRange ? insertTokens(after->previous(), mRangeAfterVar)->next() : tok3->next();
 
+            if (tok->next() == tok4)
+                throw InternalError(tok, "Failed to simplify typedef. Is the code valid?");
+
             tok->deleteThis();
 
             // Unsplit variable declarations
@@ -8695,6 +8698,8 @@ void Tokenizer::findGarbageCode() const
         }
         if (Token::Match(tok, "%num%|%bool%|%char%|%str% %num%|%bool%|%char%|%str%") && !Token::Match(tok, "%str% %str%"))
             syntaxError(tok);
+        if (Token::Match(tok, "%num%|%bool%|%char%|%str% {"))
+            syntaxError(tok);
         if (Token::Match(tok, "%assign% typename|class %assign%"))
             syntaxError(tok);
         if (Token::Match(tok, "%assign% [;)}]") && (!cpp || !Token::simpleMatch(tok->previous(), "operator")))
diff --git a/test/cli/fuzz-crash/crash-c021b973c9f8692ff1ea73710209a4129dc7a834 b/test/cli/fuzz-crash/crash-c021b973c9f8692ff1ea73710209a4129dc7a834
new file mode 100644
index 00000000000..411936bf04e
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-c021b973c9f8692ff1ea73710209a4129dc7a834
@@ -0,0 +1 @@
+typedef const C;C(public C<i)
\ No newline at end of file
diff --git a/test/cli/fuzz-crash/crash-f158d32510f6eba5e1aa06ed8ef689b88da33a95 b/test/cli/fuzz-crash/crash-f158d32510f6eba5e1aa06ed8ef689b88da33a95
new file mode 100644
index 00000000000..52272b364ea
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-f158d32510f6eba5e1aa06ed8ef689b88da33a95
@@ -0,0 +1 @@
+enum{a=1{}=d};
\ No newline at end of file

From 13751198c4b7b2b6e5f7bb4da581c3c3e0cc5c5b Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Tue, 25 Jun 2024 22:29:59 +0200
Subject: [PATCH 2/2] Fix

---
 lib/tokenize.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index eda21d6dc18..a8b41b5b176 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -8698,7 +8698,9 @@ void Tokenizer::findGarbageCode() const
         }
         if (Token::Match(tok, "%num%|%bool%|%char%|%str% %num%|%bool%|%char%|%str%") && !Token::Match(tok, "%str% %str%"))
             syntaxError(tok);
-        if (Token::Match(tok, "%num%|%bool%|%char%|%str% {"))
+        if (Token::Match(tok, "%num%|%bool%|%char%|%str% {") &&
+            !(tok->tokType() == Token::Type::eString && Token::simpleMatch(tok->tokAt(-1), "extern")) &&
+            !(tok->tokType() == Token::Type::eBoolean && cpp && Token::simpleMatch(tok->tokAt(-1), "requires")))
             syntaxError(tok);
         if (Token::Match(tok, "%assign% typename|class %assign%"))
             syntaxError(tok);