From 7a3a43b5ad108a21a6b59f870461ebdc1bf4d076 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Fri, 26 Apr 2024 12:55:42 +0200
Subject: [PATCH] Fix #12652, #12654 fuzzing crashes (#6344)

---
 lib/tokenize.cpp                                              | 4 +++-
 .../fuzz-crash/crash-1b9524a7fa25529c34c06b04372efd44e72ccfdc | 1 +
 .../fuzz-crash/crash-2adde1da09b2db453c18898785b78024adb02c78 | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 test/cli/fuzz-crash/crash-1b9524a7fa25529c34c06b04372efd44e72ccfdc
 create mode 100644 test/cli/fuzz-crash/crash-2adde1da09b2db453c18898785b78024adb02c78

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index eb86ebbdc69..f03cf667fe1 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -4352,7 +4352,7 @@ static void setVarIdStructMembers(Token *&tok1,
 
     while (Token::Match(tok->next(), ")| . %name% !!(")) {
         // Don't set varid for trailing return type
-        if (tok->strAt(1) == ")" && (tok->linkAt(1)->previous()->isName() || tok->linkAt(1)->strAt(-1) == "]") &&
+        if (tok->strAt(1) == ")" && Token::Match(tok->linkAt(1)->tokAt(-1), "%name%|]") &&
             Tokenizer::isFunctionHead(tok->linkAt(1), "{|;")) {
             tok = tok->tokAt(3);
             continue;
@@ -10610,6 +10610,8 @@ void Tokenizer::simplifyNamespaceAliases()
         else if (Token::Match(tok, "namespace %name% =") || (isPrev = Token::Match(tok->previous(), "namespace %name% ="))) {
             if (isPrev)
                 tok = tok->previous();
+            if (tok->tokAt(-1) && !Token::Match(tok->tokAt(-1), "[;{}]"))
+                syntaxError(tok->tokAt(-1));
             const std::string name(tok->next()->str());
             Token * tokNameStart = tok->tokAt(3);
             Token * tokNameEnd = tokNameStart;
diff --git a/test/cli/fuzz-crash/crash-1b9524a7fa25529c34c06b04372efd44e72ccfdc b/test/cli/fuzz-crash/crash-1b9524a7fa25529c34c06b04372efd44e72ccfdc
new file mode 100644
index 00000000000..802e88e43fc
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-1b9524a7fa25529c34c06b04372efd44e72ccfdc
@@ -0,0 +1 @@
+(h l).h
\ No newline at end of file
diff --git a/test/cli/fuzz-crash/crash-2adde1da09b2db453c18898785b78024adb02c78 b/test/cli/fuzz-crash/crash-2adde1da09b2db453c18898785b78024adb02c78
new file mode 100644
index 00000000000..ee90f9ea13d
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-2adde1da09b2db453c18898785b78024adb02c78
@@ -0,0 +1 @@
+S namespace d=S;e namespace d=a
\ No newline at end of file