From ab3847d69d6043495d3df5afad456d5453299bb0 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Thu, 21 May 2026 14:35:21 +0200
Subject: [PATCH 1/3] Update vf_common.cpp

---
 lib/vf_common.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/vf_common.cpp b/lib/vf_common.cpp
index 261972cba63..282e0b9fddb 100644
--- a/lib/vf_common.cpp
+++ b/lib/vf_common.cpp
@@ -160,11 +160,13 @@ namespace ValueFlow
                 value.setKnown();
             setTokenValue(tok, std::move(value), settings);
         } else if (Token::simpleMatch(tok, "sizeof (")) {
-            if (tok->next()->astOperand2() && !tok->next()->astOperand2()->isLiteral() && tok->next()->astOperand2()->valueType() &&
-                (tok->next()->astOperand2()->valueType()->pointer == 0 || // <- TODO this is a bailout, abort when there are array->pointer conversions
-                 (tok->next()->astOperand2()->variable() && !tok->next()->astOperand2()->variable()->isArray())) &&
-                !tok->next()->astOperand2()->valueType()->isEnum()) { // <- TODO this is a bailout, handle enum with non-int types
-                const size_t sz = tok->next()->astOperand2()->valueType()->getSizeOf(settings, ValueType::Accuracy::ExactOrZero, ValueType::SizeOf::Pointer);
+            const Token* const obj = tok->next()->astOperand2();
+            if (obj && !obj->isLiteral() && obj->valueType() &&
+                (obj->valueType()->pointer == 0 || // <- TODO this is a bailout, abort when there are array->pointer conversions
+                 (obj->variable() && !obj->variable()->isArray())) &&
+                !obj->valueType()->isEnum()) { // <- TODO this is a bailout, handle enum with non-int types
+                const auto ptrPointee = obj->valueType()->pointer > 0 ? ValueType::SizeOf::Pointer : ValueType::SizeOf::Pointee;
+                const size_t sz = obj->valueType()->getSizeOf(settings, ValueType::Accuracy::ExactOrZero, ptrPointee);
                 if (sz) {
                     Value value(sz);
                     value.setKnown();

From 26d4b31ea8df65cdf2fe62136b2f1bb8573435c3 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Thu, 21 May 2026 14:40:11 +0200
Subject: [PATCH 2/3] Update testvalueflow.cpp

---
 test/testvalueflow.cpp | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index dc5345ab3e3..fd7a37ab6ce 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -1396,6 +1396,30 @@ class TestValueFlow : public TestFixture {
         ASSERT_EQUALS(1U, values.size());
         ASSERT_EQUALS(4, values.back().intvalue);
 
+        code = "char& r = i;\n"
+               "sizeof(r);";
+        values = tokenValues(code, "( r");
+        ASSERT_EQUALS(1U, values.size());
+        ASSERT_EQUALS(1, values.back().intvalue);
+
+        code = "char* p;\n"
+               "sizeof(p);";
+        values = tokenValues(code, "( p");
+        ASSERT_EQUALS(1U, values.size());
+        ASSERT_EQUALS(settings.platform.sizeof_pointer, values.back().intvalue);
+        
+        code = "char*& pr = p;\n"
+               "sizeof(pr);";
+        values = tokenValues(code, "( pr");
+        ASSERT_EQUALS(1U, values.size());
+        ASSERT_EQUALS(settings.platform.sizeof_pointer, values.back().intvalue);
+
+        code = "struct { char& r; char* p; } s{ x, y};\n"
+               "sizeof(s);\n";
+        values = tokenValues(code, "( s");
+        ASSERT_EQUALS(1U, values.size());
+        ASSERT_EQUALS(2 * settings.platform.sizeof_pointer, values.back().intvalue);
+
 #define CHECK3(A, B, C)                          \
     do {                                     \
         code = "void f() {\n"                    \

From 003409f8b4224d89034325b69532945c4ab6996c Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Thu, 21 May 2026 15:36:58 +0200
Subject: [PATCH 3/3] Update testvalueflow.cpp

---
 test/testvalueflow.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index fd7a37ab6ce..60c1d8033f2 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -1407,14 +1407,14 @@ class TestValueFlow : public TestFixture {
         values = tokenValues(code, "( p");
         ASSERT_EQUALS(1U, values.size());
         ASSERT_EQUALS(settings.platform.sizeof_pointer, values.back().intvalue);
-        
+
         code = "char*& pr = p;\n"
                "sizeof(pr);";
         values = tokenValues(code, "( pr");
         ASSERT_EQUALS(1U, values.size());
         ASSERT_EQUALS(settings.platform.sizeof_pointer, values.back().intvalue);
 
-        code = "struct { char& r; char* p; } s{ x, y};\n"
+        code = "struct { char& r; char* p; } s{ x, y };\n"
                "sizeof(s);\n";
         values = tokenValues(code, "( s");
         ASSERT_EQUALS(1U, values.size());