Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1906,33 +1906,16 @@
     return nullptr;
   DefinedOrUnknownSVal Arg1Val = Arg1ValG.castAs<DefinedOrUnknownSVal>();
 
-  // Compare the size argument to 0.
-  DefinedOrUnknownSVal SizeZero =
-    svalBuilder.evalEQ(State, Arg1Val,
-                       svalBuilder.makeIntValWithPtrWidth(0, false));
-
   ProgramStateRef StatePtrIsNull, StatePtrNotNull;
   std::tie(StatePtrIsNull, StatePtrNotNull) = State->assume(PtrEQ);
-  ProgramStateRef StateSizeIsZero, StateSizeNotZero;
-  std::tie(StateSizeIsZero, StateSizeNotZero) = State->assume(SizeZero);
-  // We only assume exceptional states if they are definitely true; if the
-  // state is under-constrained, assume regular realloc behavior.
-  bool PrtIsNull = StatePtrIsNull && !StatePtrNotNull;
-  bool SizeIsZero = StateSizeIsZero && !StateSizeNotZero;
-
-  // If the ptr is NULL and the size is not 0, the call is equivalent to 
-  // malloc(size).
-  if ( PrtIsNull && !SizeIsZero) {
+  // If the ptr is NULL the call is equivalent to malloc(size).
+  if (StatePtrIsNull && !StatePtrNotNull) {
     ProgramStateRef stateMalloc = MallocMemAux(C, CE, CE->getArg(1),
                                                UndefinedVal(), StatePtrIsNull);
     return stateMalloc;
   }
 
-  if (PrtIsNull && SizeIsZero)
-    return nullptr;
-
   // Get the from and to pointer symbols as in toPtr = realloc(fromPtr, size).
-  assert(!PrtIsNull);
   SymbolRef FromPtr = arg0Val.getAsSymbol();
   SVal RetVal = State->getSVal(CE, LCtx);
   SymbolRef ToPtr = RetVal.getAsSymbol();
@@ -1941,17 +1924,6 @@
 
   bool ReleasedAllocated = false;
 
-  // If the size is 0, free the memory.
-  if (SizeIsZero)
-    if (ProgramStateRef stateFree = FreeMemAux(C, CE, StateSizeIsZero, 0,
-                                               false, ReleasedAllocated)){
-      // The semantics of the return value are:
-      // If size was equal to 0, either NULL or a pointer suitable to be passed
-      // to free() is returned. We just free the input pointer and do not add
-      // any constrains on the output pointer.
-      return stateFree;
-    }
-
   // Default behavior.
   if (ProgramStateRef stateFree =
         FreeMemAux(C, CE, State, 0, false, ReleasedAllocated)) {
Index: test/Analysis/malloc-annotations.c
===================================================================
--- test/Analysis/malloc-annotations.c
+++ test/Analysis/malloc-annotations.c
@@ -41,11 +41,6 @@
   realloc(p,0); // expected-warning{{Attempt to free released memory}}
 }
 
-void f2_realloc_1() {
-  int *p = malloc(12);
-  int *q = realloc(p,0); // no-warning
-}
-
 // ownership attributes tests
 void naf1() {
   int *p = my_malloc3(12);
@@ -176,15 +171,6 @@
     free(p);
 }
 
-void f6_realloc() {
-  int *p = malloc(12);
-  if (!p)
-    return; // no-warning
-  else
-    realloc(p,0);
-}
-
-
 char *doit2();
 void pr6069() {
   char *buf = doit2();
Index: test/Analysis/malloc.c
===================================================================
--- test/Analysis/malloc.c
+++ test/Analysis/malloc.c
@@ -37,11 +37,6 @@
   realloc(p,0); // expected-warning{{Attempt to free released memory}}
 }
 
-void f2_realloc_1() {
-  int *p = malloc(12);
-  int *q = realloc(p,0); // no-warning
-}
-
 void reallocNotNullPtr(unsigned sizeIn) {
   unsigned size = 12;
   char *p = (char*)malloc(size);
@@ -79,38 +74,22 @@
 void reallocSizeZero1() {
   char *p = malloc(12);
   char *r = realloc(p, 0);
-  if (!r) {
-    free(p); // expected-warning {{Attempt to free released memory}}
-  } else {
-    free(r);
-  }
+  free(r);
 }
 
 void reallocSizeZero2() {
   char *p = malloc(12);
   char *r = realloc(p, 0);
-  if (!r) {
-    free(p); // expected-warning {{Attempt to free released memory}}
-  } else {
-    free(r);
-  }
-  free(p); // expected-warning {{Attempt to free released memory}}
-}
+} // expected-warning {{Potential leak of memory pointed to by}}
 
 void reallocSizeZero3() {
-  char *p = malloc(12);
-  char *r = realloc(p, 0);
-  free(r);
-}
-
-void reallocSizeZero4() {
   char *r = realloc(0, 0);
   free(r);
 }
 
-void reallocSizeZero5() {
+void reallocSizeZero4() {
   char *r = realloc(0, 0);
-}
+} // expected-warning {{Potential leak of memory pointed to by}}
 
 void reallocPtrZero1() {
   char *r = realloc(0, 12);
@@ -263,21 +242,21 @@
 
 void CheckUseZeroAllocated7() {
   int *p = realloc(0, 0);
-  *p = 1; //TODO: warn about use of zero-allocated memory
+  *p = 1; // expected-warning {{Use of zero-allocated memory}}
   free(p);
 }
 
 void CheckUseZeroAllocated8() {
   int *p = malloc(8);
   int *q = realloc(p, 0);
-  *q = 1; //TODO: warn about use of zero-allocated memory
+  *q = 1; // expected-warning {{Use of zero-allocated memory}}
   free(q);
 }
 
 void CheckUseZeroAllocated9() {
   int *p = realloc(0, 0);
   int *q = realloc(p, 0);
-  *q = 1; //TODO: warn about use of zero-allocated memory
+  *q = 1; // expected-warning {{Use of zero-allocated memory}}
   free(q);
 }
 
@@ -339,15 +318,6 @@
     free(p);
 }
 
-void f6_realloc() {
-  int *p = malloc(12);
-  if (!p)
-    return; // no-warning
-  else
-    realloc(p,0);
-}
-
-
 char *doit2();
 void pr6069() {
   char *buf = doit2();