From 07acbe9d3e46fec4dfc1e1e72c9aafad998c2557 Mon Sep 17 00:00:00 2001
From: chrchr <christian.riesch@live.com>
Date: Wed, 20 Mar 2024 13:25:05 +0100
Subject: [PATCH] Fix #12510 fuzzing crash in
 SymbolDatabase::setValueTypeInTokenList()

---
 lib/symboldatabase.cpp                                      | 6 +++---
 .../crash-69570c88fc79e9a66ce2f2c729b455eaa237f3d2          | 1 +
 test/testsymboldatabase.cpp                                 | 6 ++++++
 3 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 test/cli/fuzz-crash/crash-69570c88fc79e9a66ce2f2c729b455eaa237f3d2

diff --git a/lib/symboldatabase.cpp b/lib/symboldatabase.cpp
index 5b421704a49..6c70ae7acf0 100644
--- a/lib/symboldatabase.cpp
+++ b/lib/symboldatabase.cpp
@@ -2558,11 +2558,11 @@ Function::Function(const Token *tok,
     }
 
     // class constructor/destructor
-    else if (((tokenDef->str() == scope->className) ||
+    else if (scope->isClassOrStructOrUnion() &&
+             ((tokenDef->str() == scope->className) ||
               (tokenDef->str().substr(0, scope->className.size()) == scope->className &&
                tokenDef->str().size() > scope->className.size() + 1 &&
-               tokenDef->str()[scope->className.size() + 1] == '<')) &&
-             scope->type != Scope::ScopeType::eNamespace) {
+               tokenDef->str()[scope->className.size() + 1] == '<'))) {
         // destructor
         if (tokenDef->previous()->str() == "~")
             type = Function::eDestructor;
diff --git a/test/cli/fuzz-crash/crash-69570c88fc79e9a66ce2f2c729b455eaa237f3d2 b/test/cli/fuzz-crash/crash-69570c88fc79e9a66ce2f2c729b455eaa237f3d2
new file mode 100644
index 00000000000..a901d0c5c07
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-69570c88fc79e9a66ce2f2c729b455eaa237f3d2
@@ -0,0 +1 @@
+o oo(){extern oo();}
\ No newline at end of file
diff --git a/test/testsymboldatabase.cpp b/test/testsymboldatabase.cpp
index cfbcfe6d0d8..b0decb17a77 100644
--- a/test/testsymboldatabase.cpp
+++ b/test/testsymboldatabase.cpp
@@ -2239,6 +2239,12 @@ class TestSymbolDatabase : public TestFixture {
             ASSERT(db && ctor && ctor->type == Function::eMoveConstructor);
             ASSERT(ctor && ctor->retDef == nullptr);
         }
+        {
+            GET_SYMBOL_DB("void f() { extern void f(); }");
+            ASSERT(db && db->scopeList.size() == 2);
+            const Function* f = findFunctionByName("f", &db->scopeList.back());
+            ASSERT(f && f->type == Function::eFunction);
+        }
     }
 
     void functionDeclarationTemplate() {