From b641a10e35dbfa8f6320931ecb667240568f2d8e Mon Sep 17 00:00:00 2001
From: PKEuS <philipp.kloke@web.de>
Date: Mon, 20 Aug 2012 10:08:18 -0700
Subject: [PATCH] Fixed false negative: memset(foo, 0, sizeof(&foo)); is as
 suspicious as memset(foo, 0, sizeof(foo));

---
 lib/checkother.cpp | 11 +++++------
 test/testother.cpp |  5 +++++
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/checkother.cpp b/lib/checkother.cpp
index f414ea713..e5f7bd946 100644
--- a/lib/checkother.cpp
+++ b/lib/checkother.cpp
@@ -553,15 +553,14 @@ void CheckOther::checkSizeofForPointerSize()
         // This is to allow generic operations with sizeof
         for (; tokVar && tokVar->str() != ")" && tokVar->str() != "," && tokVar->str() != "sizeof"; tokVar = tokVar->next()) {}
 
-        // Now check for the sizeof usage. Once here, everything using sizeof(varid)
+        // Now check for the sizeof usage. Once here, everything using sizeof(varid) or sizeof(&varid)
         // looks suspicious
         // Do it for first variable
-        if (variable && (Token::Match(tokVar, "sizeof ( %varid% )", variable->varId()) ||
-                         Token::Match(tokVar, "sizeof %varid%", variable->varId()))) {
+        if (variable && (Token::Match(tokVar, "sizeof ( &| %varid% )", variable->varId()) ||
+                         Token::Match(tokVar, "sizeof &| %varid%", variable->varId()))) {
             sizeofForPointerError(variable, variable->str());
-            // Then do it for second - TODO: Perhaps we should invert?
-        } else if (variable2 && (Token::Match(tokVar, "sizeof ( %varid% )", variable2->varId()) ||
-                                 Token::Match(tokVar, "sizeof %varid%", variable2->varId()))) {
+        } else if (variable2 && (Token::Match(tokVar, "sizeof ( &| %varid% )", variable2->varId()) ||
+                                 Token::Match(tokVar, "sizeof &| %varid%", variable2->varId()))) {
             sizeofForPointerError(variable2, variable2->str());
         }
     }
diff --git a/test/testother.cpp b/test/testother.cpp
index 62ff12f84..292914b26 100644
--- a/test/testother.cpp
+++ b/test/testother.cpp
@@ -4435,6 +4435,11 @@ private:
             "free(x);");
         ASSERT_EQUALS("[test.cpp:1]: (warning, inconclusive) Using size of pointer x instead of size of its data.\n", errout.str());
 
+        check(
+            "int *x = malloc(sizeof(&x));\n"
+            "free(x);");
+        ASSERT_EQUALS("[test.cpp:1]: (warning, inconclusive) Using size of pointer x instead of size of its data.\n", errout.str());
+
         check(
             "int *x = malloc(100 * sizeof(x));\n"
             "free(x);");