From f99a9721092cf325ab67162592cbad81353e31a2 Mon Sep 17 00:00:00 2001
From: chrchr <christian.riesch@live.com>
Date: Wed, 20 Mar 2024 17:12:48 +0100
Subject: [PATCH 1/2] Fix #12511 fuzzing crash (stack overflow) in
 getLibraryContainer()

---
 lib/valueflow.cpp                                              | 2 +-
 .../fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd  | 1 +
 test/testvalueflow.cpp                                         | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index 5a3833419b0..c2d1784cd0f 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -4971,7 +4971,7 @@ static void valueFlowLifetime(TokenList &tokenlist, ErrorLogger *errorLogger, co
                 valueFlowForwardLifetime(tok, tokenlist, errorLogger, settings);
         }
         // address of
-        else if (tok->isUnaryOp("&")) {
+        else if (tok->isUnaryOp("&") && !Token::simpleMatch(tok->astParent(), "*")) {
             for (const ValueFlow::LifetimeToken& lt : ValueFlow::getLifetimeTokens(tok->astOperand1())) {
                 if (!settings.certainty.isEnabled(Certainty::inconclusive) && lt.inconclusive)
                     continue;
diff --git a/test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd b/test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd
new file mode 100644
index 00000000000..ac43489b2c0
--- /dev/null
+++ b/test/cli/fuzz-crash/crash-43fe82a87d6a7f34f000cbbc90b63ad1a58e3dcd
@@ -0,0 +1 @@
+d o(){t&a=*&a}
\ No newline at end of file
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index 3d6b6feb2a4..02dc155dfd5 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -7432,6 +7432,9 @@ class TestValueFlow : public TestFixture {
                "    if (*q > 0 && *q < 100) {}\n"
                "}\n";
         valueOfTok(code, "&&");
+
+        code = "void f() { int& a = *&a; }\n"; // #12511
+        valueOfTok(code, "=");
     }
 
     void valueFlowHang() {

From a2b8a8a451e09618556f031303b3ad0c09a89228 Mon Sep 17 00:00:00 2001
From: chrchr-github <christian.riesch@live.com>
Date: Thu, 21 Mar 2024 21:20:06 +0100
Subject: [PATCH 2/2] Move check

---
 lib/valueflow.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index c2d1784cd0f..ab861b58298 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -4971,7 +4971,9 @@ static void valueFlowLifetime(TokenList &tokenlist, ErrorLogger *errorLogger, co
                 valueFlowForwardLifetime(tok, tokenlist, errorLogger, settings);
         }
         // address of
-        else if (tok->isUnaryOp("&") && !Token::simpleMatch(tok->astParent(), "*")) {
+        else if (tok->isUnaryOp("&")) {
+            if (Token::simpleMatch(tok->astParent(), "*"))
+                continue;
             for (const ValueFlow::LifetimeToken& lt : ValueFlow::getLifetimeTokens(tok->astOperand1())) {
                 if (!settings.certainty.isEnabled(Certainty::inconclusive) && lt.inconclusive)
                     continue;