From 571c5513294624134e00bd0bb48e8dbbe73f3af7 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Sat, 15 Mar 2025 23:39:13 +0100
Subject: [PATCH 1/2] Fix #13498 assertion in getParentValueTypes (II)

---
 lib/symboldatabase.cpp      |  3 +++
 test/testsymboldatabase.cpp | 21 +++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/lib/symboldatabase.cpp b/lib/symboldatabase.cpp
index 511af3bbea0..ab330fdaaac 100644
--- a/lib/symboldatabase.cpp
+++ b/lib/symboldatabase.cpp
@@ -1213,6 +1213,9 @@ void SymbolDatabase::createSymbolDatabaseSetTypePointers()
         if (!tok->isName() || tok->varId() || tok->function() || tok->type() || tok->enumerator())
             continue;
 
+        if (Token::simpleMatch(tok->next(), "<"))
+            continue;
+
         if (typenames.find(tok->str()) == typenames.end())
             continue;
 
diff --git a/test/testsymboldatabase.cpp b/test/testsymboldatabase.cpp
index c424c1611f0..3dea03b55cb 100644
--- a/test/testsymboldatabase.cpp
+++ b/test/testsymboldatabase.cpp
@@ -425,6 +425,7 @@ class TestSymbolDatabase : public TestFixture {
         TEST_CASE(symboldatabase107);
         TEST_CASE(symboldatabase108);
         TEST_CASE(symboldatabase109); // #13553
+        TEST_CASE(symboldatabase110);
 
         TEST_CASE(createSymbolDatabaseFindAllScopes1);
         TEST_CASE(createSymbolDatabaseFindAllScopes2);
@@ -5760,6 +5761,26 @@ class TestSymbolDatabase : public TestFixture {
         ASSERT(f && f->function() && f->function()->hasVirtualSpecifier());
     }
 
+    void symboldatabase110() { // #13498
+        GET_SYMBOL_DB("struct A;\n"
+                      "template <typename T, typename C>\n"
+                      "struct B {\n"
+                      "    const A& a;\n"
+                      "    const std::vector<C>& c;\n"
+                      "};\n"
+                      "template <typename T>\n"
+                      "struct B<T, void> {\n"
+                      "    const A& a;\n"
+                      "};\n"
+                      "template <typename T, typename C>\n"
+                      "void f(const A & a, const std::vector<C>&c) {\n"
+                      "    B<T, C>{ a, c };\n"
+                      "}\n");
+        const Token *B = db ? Token::findsimplematch(tokenizer.tokens(), "B < T , C >") : nullptr;
+        ASSERT(B != nullptr);
+        ASSERT(!B->type());
+    }
+
     void createSymbolDatabaseFindAllScopes1() {
         GET_SYMBOL_DB("void f() { union {int x; char *p;} a={0}; }");
         ASSERT(db->scopeList.size() == 3);

From 6bb32affee759763c703122f001817e4bb244e87 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Sun, 16 Mar 2025 12:26:51 +0100
Subject: [PATCH 2/2] Fix

---
 .../fuzz-crash/crash-e6c12e56d9711d24fc9a4355e7d35fc23fbf0ff4  | 1 +
 test/testsymboldatabase.cpp                                    | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 test/cli/fuzz-crash/crash-e6c12e56d9711d24fc9a4355e7d35fc23fbf0ff4

diff --git a/test/cli/fuzz-crash/crash-e6c12e56d9711d24fc9a4355e7d35fc23fbf0ff4 b/test/cli/fuzz-crash/crash-e6c12e56d9711d24fc9a4355e7d35fc23fbf0ff4
new file mode 100644
index 00000000000..7249082ff90
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-e6c12e56d9711d24fc9a4355e7d35fc23fbf0ff4
@@ -0,0 +1 @@
+struct B{o a;B<>{0,{}}}
\ No newline at end of file
diff --git a/test/testsymboldatabase.cpp b/test/testsymboldatabase.cpp
index 3dea03b55cb..06739cc86f5 100644
--- a/test/testsymboldatabase.cpp
+++ b/test/testsymboldatabase.cpp
@@ -5777,8 +5777,7 @@ class TestSymbolDatabase : public TestFixture {
                       "    B<T, C>{ a, c };\n"
                       "}\n");
         const Token *B = db ? Token::findsimplematch(tokenizer.tokens(), "B < T , C >") : nullptr;
-        ASSERT(B != nullptr);
-        ASSERT(!B->type());
+        ASSERT(B && !B->type());
     }
 
     void createSymbolDatabaseFindAllScopes1() {