Fix #12889 fuzzing crash (heap-use-after-free) in Tokenizer::simplifyTypedef() (#6847)

Author: chrchr-github

lib/tokenize.cpp

@@ -698,7 +698,7 @@ namespace {
                     mRangeAfterVar.second = mEndToken;
                     return;
                 }
-                if (Token::Match(type, "%name% ( !!(") && Token::simpleMatch(type->linkAt(1), ") ;") && !type->isStandardType()) {
+                if (type != start && Token::Match(type, "%name% ( !!(") && Token::simpleMatch(type->linkAt(1), ") ;") && !type->isStandardType()) {
                     mNameToken = type;
                     mEndToken = type->linkAt(1)->next();
                     mRangeType.first = start;

test/cli/fuzz-crash/crash-a3cfaec435c6df0f6c3cfc83f052abd42c75ba4d

@@ -0,0 +1 @@
+typedef C();typedef const C*(*func2)();d(func2())