From 8465d901c8fbf6fb1ef3233ca4a9a2eb62e34f3e Mon Sep 17 00:00:00 2001
From: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Date: Sat, 26 Nov 2022 15:45:27 +0100
Subject: [PATCH] Fix 11396, doublefree on munmap in if-statement (#4594)

---
 lib/checkleakautovar.cpp |  3 ++-
 test/cfg/posix.c         | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/lib/checkleakautovar.cpp b/lib/checkleakautovar.cpp
index 46e0d0f2a..eb600c197 100644
--- a/lib/checkleakautovar.cpp
+++ b/lib/checkleakautovar.cpp
@@ -477,9 +477,10 @@ bool CheckLeakAutoVar::checkScope(const Token * const startToken,
                 // check for function call
                 const Token * const openingPar = isFunctionCall(innerTok);
                 if (openingPar) {
+                    const Library::AllocFunc* allocFunc = mSettings->library.getDeallocFuncInfo(innerTok);
                     // innerTok is a function name
                     const VarInfo::AllocInfo allocation(0, VarInfo::NOALLOC);
-                    functionCall(innerTok, openingPar, varInfo, allocation, nullptr);
+                    functionCall(innerTok, openingPar, varInfo, allocation, allocFunc);
                     innerTok = openingPar->link();
                 }
             }
diff --git a/test/cfg/posix.c b/test/cfg/posix.c
index 4c368931e..e6d0f8f65 100644
--- a/test/cfg/posix.c
+++ b/test/cfg/posix.c
@@ -892,6 +892,36 @@ void * identicalCondition_mmap(int fd, size_t size) // #9940
     return buffer;
 }
 
+int munmap_no_double_free(int tofd, // #11396
+                          int fromfd,
+                          size_t len)
+{
+    int rc;
+    void* fptr = mmap(NULL,len,PROT_READ|PROT_WRITE,MAP_SHARED,fromfd,(off_t)0);
+    if (fptr == MAP_FAILED) {
+        return -1;
+    }
+
+    void* tptr = mmap(NULL,len,PROT_READ|PROT_WRITE,MAP_SHARED,tofd,(off_t)0);
+    if (tptr == MAP_FAILED) {
+        // cppcheck-suppress memleak
+        return -1;
+    }
+
+    memcpy(tptr,fptr,len);
+
+    if ((rc = munmap(fptr,len)) != 0) {
+        // cppcheck-suppress memleak
+        return -1;
+    }
+
+    if ((rc = munmap(tptr,len)) != 0) {
+        return -1;
+    }
+
+    return rc;
+}
+
 void resourceLeak_fdopen(int fd)
 {
     // cppcheck-suppress unreadVariable