This is an obvious hack because realloc isn't any more affected than other functions modeled by MallocChecker (or any user of CallDescription really), but the nice solution will take some time to implement.
Thanks! Yeah, that's a lot of annoying code to write that doesn't need to be imperative at all.
While modeling of all functions is probably incorrect, the crash can be bisected down to D68165. I think other functions don't crash because they already have similar type checks in them, just more spread out around the code rather than concentrated in one place. It might still be worth it to try to figure out why exactly did D68165 cause it in order to double-check for more regressions.
Indeed. CallDescrtiption could be improved to do precise type checking. Also it could be matching FunctionDecls instead of names of functions (strings), we see how error prone this can be.
I think, the mechanisms in StdCLibraryFunctionChecker could be integrated into CallDescription, so all other checkers could benefit.
See also the discussion we had on this with @xazax.hun :