From 169b136597cd8fa2b0ee388c4c248023ec3010b0 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Thu, 23 Jan 2025 23:46:06 +0100
Subject: [PATCH 1/2] Fix #12612 FP uninitvar with pointer alias in subfunction

---
 lib/vf_analyzers.cpp   |  9 +++++++--
 test/testuninitvar.cpp | 11 +++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/vf_analyzers.cpp b/lib/vf_analyzers.cpp
index 32b06eb96e4..ec0307c2565 100644
--- a/lib/vf_analyzers.cpp
+++ b/lib/vf_analyzers.cpp
@@ -586,7 +586,7 @@ struct ValueFlowAnalyzer : Analyzer {
         } else if (ref->isUnaryOp("*") && !match(ref->astOperand1())) {
             const Token* lifeTok = nullptr;
             for (const ValueFlow::Value& v:ref->astOperand1()->values()) {
-                if (!v.isLocalLifetimeValue())
+                if (!v.isLocalLifetimeValue() && !v.isSubFunctionLifetimeValue())
                     continue;
                 if (lifeTok)
                     return Action::None;
@@ -1046,7 +1046,12 @@ struct MultiValueFlowAnalyzer : ValueFlowAnalyzer {
     }
 
     bool match(const Token* tok) const override {
-        return values.count(tok->varId()) > 0;
+        if (tok->varId() == 0)
+            return false;
+        return values.count(tok->varId()) > 0 ||
+               std::any_of(values.begin(), values.end(), [&](const std::pair<nonneg int, ValueFlow::Value>& p) {
+                    return p.second.isUninitValue() && p.second.tokvalue->varId() == tok->varId();
+               });
     }
 
     ProgramState getProgramState() const override {
diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp
index e19ea083fbc..89781b14c72 100644
--- a/test/testuninitvar.cpp
+++ b/test/testuninitvar.cpp
@@ -4387,6 +4387,17 @@ class TestUninitVar : public TestFixture {
                         "    return f(i, 0);\n"
                         "}");
         ASSERT_EQUALS("[test.cpp:8] -> [test.cpp:4]: (warning) Uninitialized variable: i\n", errout_str());
+
+        valueFlowUninit("char *f (char *b) {\n" // #12612
+                        "    char* p = b;\n"
+                        "    *p = '\\0';\n"
+                        "    return b;\n"
+                        "}\n"
+                        "void g() {\n"
+                        "    char a[24];\n"
+                        "    f(a);\n"
+                        "}\n");
+        ASSERT_EQUALS("", errout_str());
     }
 
     void uninitStructMember() { // struct members

From 35393b0866b094c3c1e6e1e01ea3d43d7e484654 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Thu, 23 Jan 2025 23:55:14 +0100
Subject: [PATCH 2/2] Update vf_analyzers.cpp

---
 lib/vf_analyzers.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/vf_analyzers.cpp b/lib/vf_analyzers.cpp
index ec0307c2565..766ccd861e0 100644
--- a/lib/vf_analyzers.cpp
+++ b/lib/vf_analyzers.cpp
@@ -1050,8 +1050,8 @@ struct MultiValueFlowAnalyzer : ValueFlowAnalyzer {
             return false;
         return values.count(tok->varId()) > 0 ||
                std::any_of(values.begin(), values.end(), [&](const std::pair<nonneg int, ValueFlow::Value>& p) {
-                    return p.second.isUninitValue() && p.second.tokvalue->varId() == tok->varId();
-               });
+            return p.second.isUninitValue() && p.second.tokvalue->varId() == tok->varId();
+        });
     }
 
     ProgramState getProgramState() const override {