From a247845e30fb351cf049a8582f1ad3ec3367bfa9 Mon Sep 17 00:00:00 2001
From: chrchr-github <noreply@github.com>
Date: Sun, 11 Jan 2026 20:24:46 +0100
Subject: [PATCH]  Fix #13712 fuzzing crash (stack overflow) in
 Token::typeDecl()

---
 lib/tokenize.cpp                                                | 2 ++
 .../fuzz-crash/crash-4ad024d4f64dfd58d73a3296173fe13860fb8b70   | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 test/cli/fuzz-crash/crash-4ad024d4f64dfd58d73a3296173fe13860fb8b70

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 7cb080e071f..686ca95d33a 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -8931,6 +8931,8 @@ void Tokenizer::findGarbageCode() const
             syntaxError(tok->next());
         if (Token::Match(tok, "%name% %op% %name%") && !tok->isKeyword() && tok->next()->isIncDecOp())
             syntaxError(tok->next());
+        if (!tok->isKeyword() && Token::Match(tok, "%name% .|-> %name% %name%") && !tok->tokAt(2)->isKeyword())
+            syntaxError(tok);
         if (Token::Match(tok, "[!|+-/%^~] )|]"))
             syntaxError(tok);
         if (Token::Match(tok, "==|!=|<=|>= %comp%") && tok->strAt(-1) != "operator")
diff --git a/test/cli/fuzz-crash/crash-4ad024d4f64dfd58d73a3296173fe13860fb8b70 b/test/cli/fuzz-crash/crash-4ad024d4f64dfd58d73a3296173fe13860fb8b70
new file mode 100644
index 00000000000..7aaf95a8378
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-4ad024d4f64dfd58d73a3296173fe13860fb8b70
@@ -0,0 +1 @@
+n f(){auto x=i->o x}
\ No newline at end of file