From 7ca2640c227ef6454a8e91909c66349b189eebf5 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Wed, 6 Mar 2024 21:49:47 +0100
Subject: [PATCH] Fix #12494 fuzzing crash in
 CheckAutoVariables::checkAutoVariableAssignment()

---
 lib/tokenize.cpp                                    |  5 ++++-
 .../crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61  |  1 +
 test/testcondition.cpp                              | 13 ++++++-------
 test/testtokenize.cpp                               |  7 +------
 4 files changed, 12 insertions(+), 14 deletions(-)
 create mode 100644 test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index c62973cc048..cbc00b8eefd 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -6658,7 +6658,10 @@ Token *Tokenizer::simplifyAddBracesPair(Token *tok, bool commandWithCondition)
             }
             if (!tokEnd || tokEnd->str() != ";") {
                 // No trailing ;
-                return tok;
+                if (tokStatement->isUpperCaseName())
+                    unknownMacroError(tokStatement);
+                else
+                    syntaxError(tokStatement);
             }
         }
 
diff --git a/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61 b/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61
new file mode 100644
index 00000000000..de445fa92bf
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-4d4e80f09d4733a9f724282d60ee4e3c3a143b61
@@ -0,0 +1 @@
+d o(i*a){n b;*a=&b;if(a)r{}}
\ No newline at end of file
diff --git a/test/testcondition.cpp b/test/testcondition.cpp
index 5e792ce993e..2cb1d1141c9 100644
--- a/test/testcondition.cpp
+++ b/test/testcondition.cpp
@@ -2792,13 +2792,12 @@ class TestCondition : public TestFixture {
               "}");
         ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (warning) Identical condition 'x>100', second condition is always false\n", errout.str());
 
-        check("void f(int x) {\n"  // #8217 - crash for incomplete code
-              "  if (x > 100) { return; }\n"
-              "  X(do);\n"
-              "  if (x > 100) {}\n"
-              "}");
-        // TODO: we should probably throw unknownMacro InternalError. Complain that the macro X must be defined. We can't check the code well without the definition.
-        ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:4]: (style) Condition 'x>100' is always false\n", errout.str());
+        ASSERT_THROW(check("void f(int x) {\n"  // #8217 - crash for incomplete code
+                           "  if (x > 100) { return; }\n"
+                           "  X(do);\n"
+                           "  if (x > 100) {}\n"
+                           "}"),
+                     InternalError);
 
         check("void f(const int *i) {\n"
               "  if (!i) return;\n"
diff --git a/test/testtokenize.cpp b/test/testtokenize.cpp
index 57d87c2e9a0..8081fb9bdbb 100644
--- a/test/testtokenize.cpp
+++ b/test/testtokenize.cpp
@@ -1139,12 +1139,7 @@ class TestTokenizer : public TestFixture {
             "    for (int k=0; k<VectorSize; k++)"
             "        LOG_OUT(ID_Vector[k])"
             "}";
-        const char expected[] =
-            "void f ( ) { "
-            "for ( int k = 0 ; k < VectorSize ; k ++ ) "
-            "LOG_OUT ( ID_Vector [ k ] ) "
-            "}";
-        ASSERT_EQUALS(expected, tokenizeAndStringify(code));
+        ASSERT_THROW(tokenizeAndStringify(code), InternalError);
     }
 
     void ifAddBraces11() {