From 59ff9071fa9ff7b65683004d869c8758f4269e20 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Sat, 9 Mar 2024 20:54:24 +0100
Subject: [PATCH 1/2] Fix #12498 FP memleak with getline() and array

---
 cfg/posix.cfg            | 2 +-
 lib/checkleakautovar.cpp | 2 +-
 test/cfg/posix.c         | 9 +++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/cfg/posix.cfg b/cfg/posix.cfg
index 1a90eea0963..24dc3656af4 100644
--- a/cfg/posix.cfg
+++ b/cfg/posix.cfg
@@ -5237,7 +5237,7 @@ The function 'mktemp' is considered to be dangerous due to race conditions and s
     <arg nr="2" direction="inout">
       <not-null/>
     </arg>
-    <arg nr="3" direction="in">
+    <arg nr="3" direction="inout">
       <not-null/>
       <not-uninit/>
     </arg>
diff --git a/lib/checkleakautovar.cpp b/lib/checkleakautovar.cpp
index 267a4c313b3..e03c0f8ccea 100644
--- a/lib/checkleakautovar.cpp
+++ b/lib/checkleakautovar.cpp
@@ -985,7 +985,7 @@ void CheckLeakAutoVar::functionCall(const Token *tokName, const Token *tokOpenin
         while (Token::Match(arg, "%name% .|:: %name%"))
             arg = arg->tokAt(2);
 
-        if (Token::Match(arg, "%var% [-,)] !!.") || Token::Match(arg, "& %var% !!.")) {
+        if (Token::Match(arg, "%var% [-,)] !!.") || (Token::Match(arg, "& %var% %any%") && !Token::Match(arg->tokAt(2), "[.[]"))) {
             // goto variable
             const bool isAddressOf = arg->str() == "&";
             if (isAddressOf)
diff --git a/test/cfg/posix.c b/test/cfg/posix.c
index 869e9c4a996..0420cf5e131 100644
--- a/test/cfg/posix.c
+++ b/test/cfg/posix.c
@@ -1070,6 +1070,15 @@ void memleak_getline() { // #11043
     line = NULL;
 }
 
+void memleak_getline_array(FILE* stream) { // #12498
+    char* a[2] = { 0 };
+    size_t n;
+    getline(&a[0], &n, stream);
+    getline(&a[1], &n, stream);
+    free(a[0]);
+    free(a[1]);
+}
+
 void * identicalCondition_mmap(int fd, size_t size) // #9940
 {
     void* buffer = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);

From e0591c876427ef3daea47854981d4368443dcb72 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Sat, 9 Mar 2024 21:15:00 +0100
Subject: [PATCH 2/2] Handle C simplification

---
 lib/checkleakautovar.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/checkleakautovar.cpp b/lib/checkleakautovar.cpp
index e03c0f8ccea..d8dc628d2de 100644
--- a/lib/checkleakautovar.cpp
+++ b/lib/checkleakautovar.cpp
@@ -985,7 +985,8 @@ void CheckLeakAutoVar::functionCall(const Token *tokName, const Token *tokOpenin
         while (Token::Match(arg, "%name% .|:: %name%"))
             arg = arg->tokAt(2);
 
-        if (Token::Match(arg, "%var% [-,)] !!.") || (Token::Match(arg, "& %var% %any%") && !Token::Match(arg->tokAt(2), "[.[]"))) {
+        if ((Token::Match(arg, "%var% [-,)] !!.") && !(arg->variable() && arg->variable()->isArray())) ||
+            (Token::Match(arg, "& %var% !!.") && !(arg->next()->variable() && arg->next()->variable()->isArray()))) {
             // goto variable
             const bool isAddressOf = arg->str() == "&";
             if (isAddressOf)