Fix fuzzing crash: reject semicolon within parentheses (#6197)

Poached from #6116

Author: chrchr-github

lib/tokenize.cpp

@@ -8646,6 +8646,20 @@ void Tokenizer::findGarbageCode() const
             syntaxError(tok);
         if (Token::Match(tok, "& %comp%|&&|%oror%|&|%or%") && tok->strAt(1) != ">")
             syntaxError(tok);
+
+        if (tok->link() && Token::Match(tok, "[([]") && (!tok->tokAt(-1) || !tok->tokAt(-1)->isControlFlowKeyword())) {
+            const Token* const end = tok->link();
+            for (const Token* inner = tok->next(); inner != end; inner = inner->next()) {
+                if (inner->str() == "{")
+                    inner = inner->link();
+                else if (inner->str() == ";") {
+                    if (tok->tokAt(-1) && tok->tokAt(-1)->isUpperCaseName())
+                        unknownMacroError(tok->tokAt(-1));
+                    else
+                        syntaxError(inner);
+                }
+            }
+        }
     }
 
     // ternary operator without :

test/cli/fuzz-crash/crash-6eadb507c9ee93d9500028a9be2d183d1518f26b

@@ -0,0 +1 @@
+i a;u n(;a[]),n(){a[]=0}

test/testgarbage.cpp

@@ -460,7 +460,7 @@ class TestGarbage : public TestFixture {
     }
 
     void garbageCode5() { // #5168
-        checkCode("( asm : ; void : );");
+        ASSERT_THROW(checkCode("( asm : ; void : );"), InternalError);
     }
 
     void garbageCode6() { // #5214

test/testsimplifytypedef.cpp

@@ -2511,8 +2511,7 @@ class TestSimplifyTypedef : public TestFixture {
 
     void simplifyTypedef105() { // ticket #3616 (segmentation fault)
         const char code[] = "( int typedef char x; ){}";
-        tok(code);
-        ASSERT_EQUALS("", errout_str());
+        ASSERT_THROW(tok(code), InternalError);
     }
 
     void simplifyTypedef106() { // ticket #3619 (segmentation fault)

test/testsymboldatabase.cpp

@@ -2530,7 +2530,7 @@ class TestSymbolDatabase : public TestFixture {
                       "static const std::string j;\n"
                       "const std::string* k;\n"
                       "const char m[];\n"
-                      "void f(const char* const l;) {}");
+                      "void f(const char* const l) {}");
 
         ASSERT(db && db->variableList().size() == 6 && db->getVariableFromVarId(1) && db->getVariableFromVarId(2) && db->getVariableFromVarId(3) && db->getVariableFromVarId(4) && db->getVariableFromVarId(5));
 

test/testtokenize.cpp

@@ -3692,10 +3692,10 @@ class TestTokenizer : public TestFixture {
     void simplifyFunctionPointers3() {
         // Related with ticket #2873
         const char code[] = "void f() {\n"
-                            "(void)(xy(*p)(0);)"
+                            "(void)(xy(*p)(0));"
                             "\n}";
         const char expected[] = "void f ( ) {\n"
-                                "( void ) ( xy ( * p ) ( 0 ) ; )\n"
+                                "( void ) ( xy ( * p ) ( 0 ) ) ;\n"
                                 "}";
         ASSERT_EQUALS(expected, tokenizeAndStringify(code));
     }
@@ -7589,8 +7589,9 @@ class TestTokenizer : public TestFixture {
     }
 
     void checkConfiguration() {
-        ASSERT_THROW(checkConfig("void f() { DEBUG(x();y()); }"), InternalError);
-        ASSERT_EQUALS("[test.cpp:1]: (information) Ensure that 'DEBUG' is defined either using -I, --include or -D.\n", errout_str());
+        ASSERT_THROW_EQUALS(checkConfig("void f() { DEBUG(x();y()); }"),
+                            InternalError,
+                            "There is an unknown macro here somewhere. Configuration is required. If DEBUG is a macro then please configure it.");
     }
 
     void unknownType() { // #8952