False Positive: cpp/use-after-free on chained assignment after delete

[cpriyakant]

Description of the false positive

I have encountered a false positive with the rule cpp/use-after-free.
CodeQL incorrectly flags a variable as being "used after free" when it is assigned via a chained assignment immediately following a delete[].
The analyzer seems to propagate the "freed" state of the dereferenced pointer to the local variable, failing to recognize that the new operator in the right-hand side of the assignment refreshes the pointer before the local variable reads it.

Code samples or links to source code

#include <new>

void reallocateBuffer(char** sharedPtr, int size) {
    // 1. Memory is freed
    delete[] *sharedPtr;

    char* localPtr;

    // 2. Chained assignment:
    // C++ guarantees right-to-left associativity.
    // 'new' happens first, updates '*sharedPtr', and THEN 'localPtr' takes that value.
    localPtr = *sharedPtr = new char[size];

    // 3. CodeQL flags 'localPtr' as Use-After-Free here
    if (localPtr) {
        localPtr[0] = 'A'; 
    }
}

int main() {
    char* data = new char[10];
    reallocateBuffer(&data, 50);
    delete[] data;
    return 0;
}

Expected Behavior

CodeQL should recognize that localPtr is assigned the result of the new allocation (via *sharedPtr) and is therefore safe to use.

Actual Behavior

CodeQL reports cpp/use-after-free on the line localPtr[0] = 'A';, claiming localPtr points to memory that was freed by delete[] *sharedPtr.

Query / Rule ID
cpp/use-after-free