From 50862d1ace9f616548fbaacb684ef155612d98c6 Mon Sep 17 00:00:00 2001
From: Paul Fultz II <pfultz2@yahoo.com>
Date: Sun, 2 Jan 2022 01:09:23 -0600
Subject: [PATCH] Fix 10665: Crash in ExpressionAnalyzer (#3661)

---
 lib/valueflow.cpp      | 4 ++++
 test/testvalueflow.cpp | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index 61cc5d331..12c56d669 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -5100,6 +5100,10 @@ static void valueFlowAfterSwap(TokenList* tokenlist,
             std::vector<Token*> args = astFlatten(tok->next()->astOperand2(), ",");
             if (args.size() != 2)
                 continue;
+            if (args[0]->exprId() == 0)
+                continue;
+            if (args[1]->exprId() == 0)
+                continue;
             for (int i = 0; i < 2; i++) {
                 std::vector<const Variable*> vars = getVariables(args[0]);
                 std::list<ValueFlow::Value> values = args[0]->values();
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index e46050ab3..f7153a86a 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -6330,6 +6330,14 @@ private:
                "            && ch != '\\\'' && ch != '\\\"');\n"
                "}\n";
         valueOfTok(code, "return");
+
+        code = "void heapSort() {\n"
+               "    int n = m_size;\n"
+               "    while (n >= 1) {\n"
+               "        swap(0, n - 1);\n"
+               "    }\n"
+               "}\n";
+        valueOfTok(code, "swap");
     }
 
     void valueFlowCrashConstructorInitialization() { // #9577