diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
index d49a3bc4132..bfedb09df9c 100644
--- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
+++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@@ -39,7 +39,7 @@ predicate allocCallOrIndirect(Expr e) {
       allocCallOrIndirect(rtn.getExpr())
       or
       // return variable assigned with alloc
-      exists(Variable v |
+      exists(StackVariable v |
         v = rtn.getExpr().(VariableAccess).getTarget() and
         allocCallOrIndirect(v.getAnAssignedValue()) and
         not assignedToFieldOrGlobal(v, _)
diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected
index 89b406ab3b9..91bb79e6852 100644
--- a/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected
+++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryMayNotBeFreed.expected
@@ -1,4 +1,2 @@
 | test_free.cpp:36:22:36:35 | ... = ... | This memory allocation may not be released at $@. | test_free.cpp:38:1:38:1 | return ... | this exit point |
 | test_free.cpp:267:12:267:17 | call to malloc | This memory allocation may not be released at $@. | test_free.cpp:270:1:270:1 | return ... | this exit point |
-| test_free.cpp:420:23:420:31 | call to getBuffer | This memory allocation may not be released at $@. | test_free.cpp:428:1:428:1 | return ... | this exit point |
-| test_free.cpp:427:25:427:33 | call to getBuffer | This memory allocation may not be released at $@. | test_free.cpp:428:1:428:1 | return ... | this exit point |
diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp
index 73b6f83fef9..0a6532015a7 100644
--- a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp
+++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp
@@ -417,12 +417,12 @@ public:
 
 void testHasGetter() {
     HasGetterAndFree hg;
-    void *buffer = hg.getBuffer(); // GOOD (freed in destructor) [FALSE POSITIVE]
+    void *buffer = hg.getBuffer(); // GOOD (freed in destructor)
 
     HasGetterNoFree hg2;
     void *buffer2 = hg2.getBuffer(); // GOOD (freed below)
     free(buffer2);
 
     HasGetterNoFree hg3;
-    void *buffer3 = hg3.getBuffer(); // BAD (not freed)
+    void *buffer3 = hg3.getBuffer(); // BAD (not freed) [NOT DETECTED]
 }