From 5d0671c463d7b2c315498d54d58bceb35d0204d8 Mon Sep 17 00:00:00 2001
From: chrchr-github <noreply@github.com>
Date: Wed, 21 Jan 2026 22:17:45 +0100
Subject: [PATCH 1/4] Fix #14421 Crash in TokenList::isFunctionHead()

---
 lib/tokenize.cpp           | 7 ++++---
 test/testsimplifyusing.cpp | 8 ++++++++
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index d4755fc1260..5effa1490d2 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -3342,10 +3342,11 @@ bool Tokenizer::simplifyUsing()
                 } else if (fpArgList && fpQual && Token::Match(tok1->next(), "%name%")) {
                     // function pointer
                     TokenList::copyTokens(tok1->next(), fpArgList, usingEnd->previous());
-                    Token* const copyEnd = TokenList::copyTokens(tok1, start, fpQual->link()->previous());
-                    tok1->deleteThis();
+                    Token* const copyEnd = TokenList::copyTokens(tok1, start, fpQual->link()->previous());                    
+                    Token* const leftPar = copyEnd->tokAt(copyEnd->strAt(-1) == "(" ? -1 : -2);
                     Token* const rightPar = copyEnd->next()->insertToken(")");
-                    Token::createMutualLinks(tok1->next(), rightPar);
+                    Token::createMutualLinks(leftPar, rightPar);
+                    tok1->deleteThis();
                     substitute = true;
                 } else if (fpArgList && !fpQual && Token::Match(tok1->next(), "* const| %name%")) {
                     // function pointer
diff --git a/test/testsimplifyusing.cpp b/test/testsimplifyusing.cpp
index c73e4c3ac1d..4f670862dc1 100644
--- a/test/testsimplifyusing.cpp
+++ b/test/testsimplifyusing.cpp
@@ -898,6 +898,14 @@ class TestSimplifyUsing : public TestFixture {
         const char expected2[] = "int ( * fp1 ) ( int ) ; int ( * const fp2 ) ( int ) ;";
         ASSERT_EQUALS(expected2, tok(code2));
         ASSERT_EQUALS("", errout_str());
+
+        const char code3[] = "using FP = std::string (*)();\n"
+                             "using FPC = std::string (*const)();\n"
+                             "FP fp;\n"
+                             "FPC fpc;\n";
+        const char expected3[] = "std :: string ( * fp ) ( ) ; std :: string ( * const fpc ) ( ) ;";
+        ASSERT_EQUALS(expected3, tok(code3));
+        ASSERT_EQUALS("", errout_str());
     }
 
     void simplifyUsing8970() {

From 8b276cba4242481e01bf95fefd470a5e65e91cf5 Mon Sep 17 00:00:00 2001
From: chrchr-github <noreply@github.com>
Date: Wed, 21 Jan 2026 22:21:58 +0100
Subject: [PATCH 2/4] init

---
 test/testsimplifyusing.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/testsimplifyusing.cpp b/test/testsimplifyusing.cpp
index 4f670862dc1..c020b99b5dd 100644
--- a/test/testsimplifyusing.cpp
+++ b/test/testsimplifyusing.cpp
@@ -902,8 +902,8 @@ class TestSimplifyUsing : public TestFixture {
         const char code3[] = "using FP = std::string (*)();\n"
                              "using FPC = std::string (*const)();\n"
                              "FP fp;\n"
-                             "FPC fpc;\n";
-        const char expected3[] = "std :: string ( * fp ) ( ) ; std :: string ( * const fpc ) ( ) ;";
+                             "FPC fpc{};\n";
+        const char expected3[] = "std :: string ( * fp ) ( ) ; std :: string ( * const fpc ) ( ) { } ;";
         ASSERT_EQUALS(expected3, tok(code3));
         ASSERT_EQUALS("", errout_str());
     }

From d464e637a4bf1774cbb64bd4c8f4b736f8248f1c Mon Sep 17 00:00:00 2001
From: chrchr-github <noreply@github.com>
Date: Wed, 21 Jan 2026 22:39:33 +0100
Subject: [PATCH 3/4] Fix

---
 lib/tokenize.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index 5effa1490d2..c602e6e19ae 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -3343,7 +3343,9 @@ bool Tokenizer::simplifyUsing()
                     // function pointer
                     TokenList::copyTokens(tok1->next(), fpArgList, usingEnd->previous());
                     Token* const copyEnd = TokenList::copyTokens(tok1, start, fpQual->link()->previous());                    
-                    Token* const leftPar = copyEnd->tokAt(copyEnd->strAt(-1) == "(" ? -1 : -2);
+                    Token* leftPar = copyEnd->previous();
+                    while (leftPar->str() != "(")
+                        leftPar = leftPar->previous();
                     Token* const rightPar = copyEnd->next()->insertToken(")");
                     Token::createMutualLinks(leftPar, rightPar);
                     tok1->deleteThis();

From 7be7c07f370bac9e520962639c23631cde796646 Mon Sep 17 00:00:00 2001
From: chrchr-github <noreply@github.com>
Date: Wed, 21 Jan 2026 22:41:48 +0100
Subject: [PATCH 4/4] Format

---
 lib/tokenize.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp
index c602e6e19ae..ed72d1bb2c8 100644
--- a/lib/tokenize.cpp
+++ b/lib/tokenize.cpp
@@ -3342,7 +3342,7 @@ bool Tokenizer::simplifyUsing()
                 } else if (fpArgList && fpQual && Token::Match(tok1->next(), "%name%")) {
                     // function pointer
                     TokenList::copyTokens(tok1->next(), fpArgList, usingEnd->previous());
-                    Token* const copyEnd = TokenList::copyTokens(tok1, start, fpQual->link()->previous());                    
+                    Token* const copyEnd = TokenList::copyTokens(tok1, start, fpQual->link()->previous());
                     Token* leftPar = copyEnd->previous();
                     while (leftPar->str() != "(")
                         leftPar = leftPar->previous();