From 5da923cc45f6d679958c7f50289a6e3d0b819b8f Mon Sep 17 00:00:00 2001
From: Paul <pfultz2@yahoo.com>
Date: Sat, 22 Apr 2023 16:14:14 -0500
Subject: [PATCH 1/2] Fix 11636: FP nullPointer with uninstantiated template

---
 lib/programmemory.cpp    |  2 +-
 test/testnullpointer.cpp | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/programmemory.cpp b/lib/programmemory.cpp
index 1cddaee0f68..aafa2c862a2 100644
--- a/lib/programmemory.cpp
+++ b/lib/programmemory.cpp
@@ -1416,7 +1416,7 @@ static ValueFlow::Value execute(const Token* expr, ProgramMemory& pm, const Sett
         return v;
     if (!expr)
         return v;
-    if (pm.hasValue(expr->exprId()))
+    if (expr->exprId() > 0 && pm.hasValue(expr->exprId()))
         return pm.at(expr->exprId());
     if (const ValueFlow::Value* value = getImpossibleValue(expr))
         return *value;
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
index 8172e0857f5..326a11bbe07 100644
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@@ -143,6 +143,7 @@ class TestNullPointer : public TestFixture {
         TEST_CASE(nullpointer97); // #11229
         TEST_CASE(nullpointer98); // #11458
         TEST_CASE(nullpointer99); // #10602
+        TEST_CASE(nullpointer100); // #11636
         TEST_CASE(nullpointer_addressOf); // address of
         TEST_CASE(nullpointerSwitch); // #2626
         TEST_CASE(nullpointer_cast); // #4692
@@ -2830,6 +2831,17 @@ class TestNullPointer : public TestFixture {
         ASSERT_EQUALS("[test.cpp:14]: (error) Null pointer dereference: buf\n", errout.str());
     }
 
+    void nullpointer100() // #11636
+    {
+        check("const char* type_of(double) { return \"unknown\"; }\n"
+              "void f() {\n"
+              "    double tmp = 0.0;\n"
+              "    const char* t = type_of(tmp);\n"
+              "    std::cout << t;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void nullpointer_addressOf() { // address of
         check("void f() {\n"
               "  struct X *x = 0;\n"

From 3a5f57d9a46c23ff946e1169996edb50f6fef487 Mon Sep 17 00:00:00 2001
From: Paul <pfultz2@yahoo.com>
Date: Sat, 22 Apr 2023 16:15:20 -0500
Subject: [PATCH 2/2] Format

---
 test/testnullpointer.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
index 326a11bbe07..2452ecefbe3 100644
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@@ -143,7 +143,7 @@ class TestNullPointer : public TestFixture {
         TEST_CASE(nullpointer97); // #11229
         TEST_CASE(nullpointer98); // #11458
         TEST_CASE(nullpointer99); // #10602
-        TEST_CASE(nullpointer100); // #11636
+        TEST_CASE(nullpointer100);        // #11636
         TEST_CASE(nullpointer_addressOf); // address of
         TEST_CASE(nullpointerSwitch); // #2626
         TEST_CASE(nullpointer_cast); // #4692