From 09597bc7e8e1597b98bbd19d6bdacabef6b5d30a Mon Sep 17 00:00:00 2001
From: Paul Fultz II <pfultz2@yahoo.com>
Date: Thu, 14 Apr 2022 00:35:07 -0500
Subject: [PATCH] Fix 10956: ValueFlow: Incorrect value when assigned to two
 variables (#4019)

* Fix 10956: ValueFlow: Incorrect value when assigned to two variables

* Format
---
 lib/programmemory.cpp  | 14 --------------
 lib/valueflow.cpp      |  3 ++-
 test/testvalueflow.cpp | 11 +++++++++++
 3 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/lib/programmemory.cpp b/lib/programmemory.cpp
index 82f6c72d9..6b57b738b 100644
--- a/lib/programmemory.cpp
+++ b/lib/programmemory.cpp
@@ -786,20 +786,6 @@ static ValueFlow::Value execute(const Token* expr, ProgramMemory& pm, const Sett
         return v;
     if (pm.hasValue(expr->exprId()))
         return pm.at(expr->exprId());
-    // Find symbolic values
-    for (const ValueFlow::Value& value : expr->values()) {
-        if (!value.isSymbolicValue())
-            continue;
-        // TODO: Handle possible symbolic values
-        if (!value.isKnown())
-            continue;
-        if (!pm.hasValue(value.tokvalue->exprId()))
-            continue;
-        ValueFlow::Value v2 = pm.at(value.tokvalue->exprId());
-        v2.intvalue += value.intvalue;
-        v2.valueKind = value.valueKind;
-        return v2;
-    }
     return v;
 }
 
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index 5c4b08090..276154b36 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -2286,6 +2286,7 @@ struct ValueFlowAnalyzer : Analyzer {
             return v.isSymbolicValue() && currValue->equalValue(v);
         }))
             return false;
+        const bool isPoint = currValue->bound == ValueFlow::Value::Bound::Point && currValue->isIntValue();
         const bool exact = !currValue->isIntValue() || currValue->isImpossible();
         for (const ValueFlow::Value& v : tok->values()) {
             if (!v.isSymbolicValue())
@@ -2295,7 +2296,7 @@ struct ValueFlowAnalyzer : Analyzer {
             const bool toImpossible = v.isImpossible() && currValue->isKnown();
             if (!v.isKnown() && !toImpossible)
                 continue;
-            if (exact && v.intvalue != 0)
+            if (exact && v.intvalue != 0 && !isPoint)
                 continue;
             std::vector<MathLib::bigint> r;
             ValueFlow::Value::Bound bound = currValue->bound;
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index 1d910a880..2578569e1 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -7143,6 +7143,17 @@ private:
                "  return 1 / x;\n"
                "}\n";
         ASSERT_EQUALS(false, testValueOfX(code, 4U, 0));
+
+        code = "void f(int k) {\n"
+               "  int x = k;\n"
+               "  int j = k;\n"
+               "  x--;\n"
+               "  if (k != 0) {\n"
+               "    x;\n"
+               "  }\n"
+               "}\n";
+        ASSERT_EQUALS(false, testValueOfX(code, 6U, -1));
+        ASSERT_EQUALS(true, testValueOfXImpossible(code, 6U, -1));
     }
 
     void valueFlowSymbolicIdentity()