From bf08b4397d21567a776e474272ff77786f4733e3 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Mon, 17 Jun 2024 11:30:11 +0200
Subject: [PATCH 1/3] Update tokenize.cpp

---
 lib/tokenize.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 195924e7191..e077c0219c0 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -860,6 +860,10 @@ namespace {
                     Token::createMutualLinks(tok3->next(), after->previous());
                 }
             }
+            if (!after) {
+                mReplaceFailed = true;
+                return;
+            }
 
             bool useAfterVarRange = true;
             if (Token::simpleMatch(mRangeAfterVar.first, "[")) {

From 0970028e01ff07026753d60e3c7d5de47fd49a1b Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Mon, 17 Jun 2024 11:31:10 +0200
Subject: [PATCH 2/3] Add files via upload

---
 .../fuzz-crash/crash-44b5d1f53328660cbcb6e90793eae2ff8ffc4893    | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 test/cli/fuzz-crash/crash-44b5d1f53328660cbcb6e90793eae2ff8ffc4893

diff --git a/test/cli/fuzz-crash/crash-44b5d1f53328660cbcb6e90793eae2ff8ffc4893 b/test/cli/fuzz-crash/crash-44b5d1f53328660cbcb6e90793eae2ff8ffc4893
new file mode 100644
index 00000000000..c45497a8601
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-44b5d1f53328660cbcb6e90793eae2ff8ffc4893
@@ -0,0 +1 @@
+typedef q r[];r A
\ No newline at end of file

From 9d244f21724d4e6c3cf8d728483a59a9d2cf0bac Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Wed, 19 Jun 2024 23:51:31 +0200
Subject: [PATCH 3/3] syntaxError

---
 lib/tokenize.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index e077c0219c0..6f9a2530a0c 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -1128,7 +1128,9 @@ void Tokenizer::simplifyTypedef()
     {
         // remove typedefs
         for (auto &t: typedefs) {
-            if (!t.second.replaceFailed()) {
+            if (t.second.replaceFailed()) {
+                syntaxError(t.second.getTypedefToken());
+            } else {
                 const Token* const typedefToken = t.second.getTypedefToken();
                 TypedefInfo typedefInfo;
                 typedefInfo.name = t.second.name();