Index: lib/StaticAnalyzer/Core/ExprEngineC.cpp
===================================================================
--- lib/StaticAnalyzer/Core/ExprEngineC.cpp
+++ lib/StaticAnalyzer/Core/ExprEngineC.cpp
@@ -602,8 +602,7 @@
       if (StTrue) {
         if (StFalse) {
           // We can't constrain the value to 0 or 1.
-          // The best we can do is a cast.
-          X = getSValBuilder().evalCast(RHSVal, B->getType(), RHS->getType());
+          X = UnknownVal();
         } else {
           // The value is known to be true.
           X = getSValBuilder().makeIntVal(1, B->getType());
Index: test/Analysis/misc-ps-region-store.m
===================================================================
--- test/Analysis/misc-ps-region-store.m
+++ test/Analysis/misc-ps-region-store.m
@@ -323,14 +323,15 @@
 void rdar_7275774(void *data, unsigned n) {
   if (!(data || n == 0))
     return;
-  
+
+  // 'data' == null, n > 0
   unsigned short *p = (unsigned short*) data;
   unsigned short *q = p + (n / 2);
 
   if (p < q) {
     // If we reach here, 'p' cannot be null.  If 'p' is null, then 'n' must
     // be '0', meaning that this branch is not feasible.
-    *p = *q; // no-warning
+    *p = *q; // expected-warning{{Dereference of null pointer (loaded from variable 'p')}}
   }
 }
 
Index: test/Analysis/unwanted-programstate-data-propagation.c
===================================================================
--- test/Analysis/unwanted-programstate-data-propagation.c
+++ test/Analysis/unwanted-programstate-data-propagation.c
@@ -0,0 +1,23 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -verify %s
+// expected-no-diagnostics
+
+// test for PR15623
+#include "Inputs/system-header-simulator.h"
+
+typedef __typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+void free(void *);
+
+_Bool test1(void) {
+   char *param = malloc(10);
+   char *value = malloc(10);
+   _Bool ok = (param && value);
+   free(param);
+   free(value);
+   // Previously we ended up with 'Use of memory after it is freed' on return.
+   // This happened due to incorrect processing of logical AND at line
+   // '_Bool ok = (param && value);'. The ProgramState data attached to the
+   // pointers memory region by the unix.Malloc checker was propogated to the
+   // 'ok' variable by mistake.
+   return ok; // no warning
+}