Fix #12540 #12542 fuzzing crashes (#6177)

Author: chrchr-github

lib/tokenize.cpp

@@ -6268,6 +6268,8 @@ void Tokenizer::removeExtraTemplateKeywords()
                     templateName->isTemplate(true);
                     templateName = templateName->next();
                 }
+                if (!templateName)
+                    syntaxError(tok);
                 if (Token::Match(templateName->previous(), "operator %op%|(")) {
                     templateName->isTemplate(true);
                     if (templateName->str() == "(" && templateName->link())
@@ -8641,7 +8643,7 @@ void Tokenizer::findGarbageCode() const
             syntaxError(tok);
         if (Token::Match(tok, "==|!=|<=|>= %comp%") && tok->strAt(-1) != "operator")
             syntaxError(tok, tok->str() + " " + tok->strAt(1));
-        if (Token::simpleMatch(tok, ":: ::"))
+        if (Token::simpleMatch(tok, "::") && (!Token::Match(tok->next(), "%name%|*|~") || (tok->next()->isKeyword() && tok->strAt(1) != "operator")))
             syntaxError(tok);
     }
 

test/cli/fuzz-crash/crash-19219d7e7dfe8202248cd22229cdd9a2fd87a78a

@@ -0,0 +1 @@
+n::template u

test/cli/fuzz-crash/crash-77a4e4ffd476997f06f67e4a18b5d4eedfa71900

@@ -0,0 +1 @@
+n i(){t i=0-::-t}

test/testmemleak.cpp

@@ -407,7 +407,7 @@ class TestMemleakInFunction : public TestFixture {
         ASSERT_EQUALS("[test.cpp:4]: (error) Common realloc mistake: \'a\' nulled but not freed upon failure\n", errout_str());
 
         check("void f() {\n"
-              "void *a = std::nullptr;\n"
+              "void *a = nullptr;\n"
               "a = malloc(10);\n"
               "a = realloc(a, 20);\n"
               "}");