From acebc635b598f99caeff2055ef318894f316a269 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Tue, 30 Aug 2011 23:42:11 -0400
Subject: [PATCH] add support for deallocating memory with realloc

---
 lib/checkmemoryleak.cpp |  6 ++++--
 test/testmemleak.cpp    | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/lib/checkmemoryleak.cpp b/lib/checkmemoryleak.cpp
index 813f1c61b..b67526d3f 100644
--- a/lib/checkmemoryleak.cpp
+++ b/lib/checkmemoryleak.cpp
@@ -247,7 +247,8 @@ CheckMemoryLeak::AllocType CheckMemoryLeak::getDeallocationType(const Token *tok
         return NewArray;
 
     if (Token::Match(tok, "free|kfree ( %varid% ) ;", varid) ||
-        Token::Match(tok, "free|kfree ( %varid% -", varid))
+        Token::Match(tok, "free|kfree ( %varid% -", varid) ||
+        Token::Match(tok, "realloc ( %varid% , 0 ) ;", varid))
         return Malloc;
 
     if (Token::Match(tok, "g_free ( %varid% ) ;", varid) ||
@@ -285,7 +286,8 @@ CheckMemoryLeak::AllocType CheckMemoryLeak::getDeallocationType(const Token *tok
         return NewArray;
 
     if (Token::simpleMatch(tok, std::string("free ( " + varname + " ) ;").c_str()) ||
-        Token::simpleMatch(tok, std::string("kfree ( " + varname + " ) ;").c_str()))
+        Token::simpleMatch(tok, std::string("kfree ( " + varname + " ) ;").c_str()) ||
+        Token::simpleMatch(tok, std::string("realloc ( " + varname + " , 0 ) ;").c_str()))
         return Malloc;
 
     if (Token::simpleMatch(tok, std::string("g_free ( " + varname + " ) ;").c_str()))
diff --git a/test/testmemleak.cpp b/test/testmemleak.cpp
index 868f1e678..d62d4f849 100644
--- a/test/testmemleak.cpp
+++ b/test/testmemleak.cpp
@@ -277,6 +277,7 @@ private:
         // * It is not ok to dereference a pointer to deallocated memory
         TEST_CASE(dealloc_use);
         TEST_CASE(dealloc_use_2);
+        TEST_CASE(dealloc_use_3);
 
         // free a free'd pointer
         TEST_CASE(freefree1);
@@ -2975,6 +2976,25 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void dealloc_use_3()
+    {
+        check("void foo()\n"
+              "{\n"
+              "    char *str = malloc(10);\n"
+              "    realloc(str, 0);\n"
+              "    str[10] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Dereferencing 'str' after it is deallocated / released\n", errout.str());
+
+        check("void foo()\n"
+              "{\n"
+              "    char *str = realloc(0, 10);\n"
+              "    realloc(str, 0);\n"
+              "    str[10] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Dereferencing 'str' after it is deallocated / released\n", errout.str());
+    }
+
     void freefree1()
     {
         check("void foo()\n"