diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
index 8b521239978..3d6c4d190af 100644
--- a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
@@ -24,27 +24,27 @@
 | lifetime.rs:808:23:808:25 | ptr | lifetime.rs:798:9:798:12 | &val | lifetime.rs:808:23:808:25 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:796:6:796:8 | val | val |
 | main.rs:64:23:64:24 | p2 | main.rs:44:26:44:28 | &b2 | main.rs:64:23:64:24 | p2 | Access of a pointer to $@ after its lifetime has ended. | main.rs:43:13:43:14 | b2 | b2 |
 edges
-| deallocation.rs:220:6:220:7 | p1 | deallocation.rs:223:14:223:15 | p1 | provenance |  |
-| deallocation.rs:220:6:220:7 | p1 | deallocation.rs:230:14:230:15 | p1 | provenance |  |
-| deallocation.rs:220:30:220:38 | &raw const my_buffer | deallocation.rs:220:6:220:7 | p1 | provenance |  |
-| deallocation.rs:300:28:300:43 | ...: ... | deallocation.rs:302:18:302:20 | ptr | provenance |  |
-| deallocation.rs:312:27:312:42 | ...: ... | deallocation.rs:320:18:320:20 | ptr | provenance |  |
-| deallocation.rs:329:7:329:10 | ptr1 | deallocation.rs:332:4:332:7 | ptr1 | provenance |  |
-| deallocation.rs:329:7:329:10 | ptr1 | deallocation.rs:332:4:332:7 | ptr1 | provenance |  |
-| deallocation.rs:329:14:329:33 | &raw mut ... | deallocation.rs:329:7:329:10 | ptr1 | provenance |  |
-| deallocation.rs:330:7:330:10 | ptr2 | deallocation.rs:333:4:333:7 | ptr2 | provenance |  |
-| deallocation.rs:330:7:330:10 | ptr2 | deallocation.rs:333:4:333:7 | ptr2 | provenance |  |
-| deallocation.rs:330:14:330:33 | &raw mut ... | deallocation.rs:330:7:330:10 | ptr2 | provenance |  |
-| deallocation.rs:332:4:332:7 | ptr1 | deallocation.rs:335:27:335:30 | ptr1 | provenance |  |
-| deallocation.rs:333:4:333:7 | ptr2 | deallocation.rs:337:26:337:29 | ptr2 | provenance |  |
-| deallocation.rs:335:27:335:30 | ptr1 | deallocation.rs:300:28:300:43 | ...: ... | provenance |  |
-| deallocation.rs:337:26:337:29 | ptr2 | deallocation.rs:312:27:312:42 | ...: ... | provenance |  |
-| deallocation.rs:348:6:348:9 | ptr1 | deallocation.rs:351:13:351:16 | ptr1 | provenance |  |
-| deallocation.rs:348:6:348:9 | ptr1 | deallocation.rs:359:13:359:16 | ptr1 | provenance |  |
-| deallocation.rs:348:13:348:28 | &raw mut ... | deallocation.rs:348:6:348:9 | ptr1 | provenance |  |
-| deallocation.rs:367:6:367:9 | ptr2 | deallocation.rs:370:13:370:16 | ptr2 | provenance |  |
-| deallocation.rs:367:6:367:9 | ptr2 | deallocation.rs:380:13:380:16 | ptr2 | provenance |  |
-| deallocation.rs:367:13:367:28 | &raw mut ... | deallocation.rs:367:6:367:9 | ptr2 | provenance |  |
+| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance |  |
+| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:252:14:252:15 | p1 | provenance |  |
+| deallocation.rs:242:30:242:38 | &raw const my_buffer | deallocation.rs:242:6:242:7 | p1 | provenance |  |
+| deallocation.rs:322:28:322:43 | ...: ... | deallocation.rs:324:18:324:20 | ptr | provenance |  |
+| deallocation.rs:334:27:334:42 | ...: ... | deallocation.rs:342:18:342:20 | ptr | provenance |  |
+| deallocation.rs:351:7:351:10 | ptr1 | deallocation.rs:354:4:354:7 | ptr1 | provenance |  |
+| deallocation.rs:351:7:351:10 | ptr1 | deallocation.rs:354:4:354:7 | ptr1 | provenance |  |
+| deallocation.rs:351:14:351:33 | &raw mut ... | deallocation.rs:351:7:351:10 | ptr1 | provenance |  |
+| deallocation.rs:352:7:352:10 | ptr2 | deallocation.rs:355:4:355:7 | ptr2 | provenance |  |
+| deallocation.rs:352:7:352:10 | ptr2 | deallocation.rs:355:4:355:7 | ptr2 | provenance |  |
+| deallocation.rs:352:14:352:33 | &raw mut ... | deallocation.rs:352:7:352:10 | ptr2 | provenance |  |
+| deallocation.rs:354:4:354:7 | ptr1 | deallocation.rs:357:27:357:30 | ptr1 | provenance |  |
+| deallocation.rs:355:4:355:7 | ptr2 | deallocation.rs:359:26:359:29 | ptr2 | provenance |  |
+| deallocation.rs:357:27:357:30 | ptr1 | deallocation.rs:322:28:322:43 | ...: ... | provenance |  |
+| deallocation.rs:359:26:359:29 | ptr2 | deallocation.rs:334:27:334:42 | ...: ... | provenance |  |
+| deallocation.rs:370:6:370:9 | ptr1 | deallocation.rs:373:13:373:16 | ptr1 | provenance |  |
+| deallocation.rs:370:6:370:9 | ptr1 | deallocation.rs:381:13:381:16 | ptr1 | provenance |  |
+| deallocation.rs:370:13:370:28 | &raw mut ... | deallocation.rs:370:6:370:9 | ptr1 | provenance |  |
+| deallocation.rs:389:6:389:9 | ptr2 | deallocation.rs:392:13:392:16 | ptr2 | provenance |  |
+| deallocation.rs:389:6:389:9 | ptr2 | deallocation.rs:402:13:402:16 | ptr2 | provenance |  |
+| deallocation.rs:389:13:389:28 | &raw mut ... | deallocation.rs:389:6:389:9 | ptr2 | provenance |  |
 | lifetime.rs:21:2:21:18 | return ... | lifetime.rs:54:11:54:30 | get_local_dangling(...) | provenance |  |
 | lifetime.rs:21:9:21:18 | &my_local1 | lifetime.rs:21:2:21:18 | return ... | provenance |  |
 | lifetime.rs:27:2:27:22 | return ... | lifetime.rs:55:11:55:34 | get_local_dangling_mut(...) | provenance |  |
@@ -234,32 +234,32 @@ models
 | 4 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
 | 5 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value |
 nodes
-| deallocation.rs:220:6:220:7 | p1 | semmle.label | p1 |
-| deallocation.rs:220:30:220:38 | &raw const my_buffer | semmle.label | &raw const my_buffer |
-| deallocation.rs:223:14:223:15 | p1 | semmle.label | p1 |
-| deallocation.rs:230:14:230:15 | p1 | semmle.label | p1 |
-| deallocation.rs:300:28:300:43 | ...: ... | semmle.label | ...: ... |
-| deallocation.rs:302:18:302:20 | ptr | semmle.label | ptr |
-| deallocation.rs:312:27:312:42 | ...: ... | semmle.label | ...: ... |
-| deallocation.rs:320:18:320:20 | ptr | semmle.label | ptr |
-| deallocation.rs:329:7:329:10 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:329:14:329:33 | &raw mut ... | semmle.label | &raw mut ... |
-| deallocation.rs:330:7:330:10 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:330:14:330:33 | &raw mut ... | semmle.label | &raw mut ... |
-| deallocation.rs:332:4:332:7 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:332:4:332:7 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:333:4:333:7 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:333:4:333:7 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:335:27:335:30 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:337:26:337:29 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:348:6:348:9 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:348:13:348:28 | &raw mut ... | semmle.label | &raw mut ... |
-| deallocation.rs:351:13:351:16 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:359:13:359:16 | ptr1 | semmle.label | ptr1 |
-| deallocation.rs:367:6:367:9 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:367:13:367:28 | &raw mut ... | semmle.label | &raw mut ... |
-| deallocation.rs:370:13:370:16 | ptr2 | semmle.label | ptr2 |
-| deallocation.rs:380:13:380:16 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:242:6:242:7 | p1 | semmle.label | p1 |
+| deallocation.rs:242:30:242:38 | &raw const my_buffer | semmle.label | &raw const my_buffer |
+| deallocation.rs:245:14:245:15 | p1 | semmle.label | p1 |
+| deallocation.rs:252:14:252:15 | p1 | semmle.label | p1 |
+| deallocation.rs:322:28:322:43 | ...: ... | semmle.label | ...: ... |
+| deallocation.rs:324:18:324:20 | ptr | semmle.label | ptr |
+| deallocation.rs:334:27:334:42 | ...: ... | semmle.label | ...: ... |
+| deallocation.rs:342:18:342:20 | ptr | semmle.label | ptr |
+| deallocation.rs:351:7:351:10 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:351:14:351:33 | &raw mut ... | semmle.label | &raw mut ... |
+| deallocation.rs:352:7:352:10 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:352:14:352:33 | &raw mut ... | semmle.label | &raw mut ... |
+| deallocation.rs:354:4:354:7 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:354:4:354:7 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:355:4:355:7 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:355:4:355:7 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:357:27:357:30 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:359:26:359:29 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:370:6:370:9 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:370:13:370:28 | &raw mut ... | semmle.label | &raw mut ... |
+| deallocation.rs:373:13:373:16 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:381:13:381:16 | ptr1 | semmle.label | ptr1 |
+| deallocation.rs:389:6:389:9 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:389:13:389:28 | &raw mut ... | semmle.label | &raw mut ... |
+| deallocation.rs:392:13:392:16 | ptr2 | semmle.label | ptr2 |
+| deallocation.rs:402:13:402:16 | ptr2 | semmle.label | ptr2 |
 | lifetime.rs:21:2:21:18 | return ... | semmle.label | return ... |
 | lifetime.rs:21:9:21:18 | &my_local1 | semmle.label | &my_local1 |
 | lifetime.rs:27:2:27:22 | return ... | semmle.label | return ... |
diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
index 2ee4afddf2e..b9d308b0572 100644
--- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
+++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected
@@ -13,10 +13,10 @@
 | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid |
 | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid |
 | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid |
-| deallocation.rs:252:15:252:16 | p1 | deallocation.rs:248:3:248:25 | ...::drop_in_place | deallocation.rs:252:15:252:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:248:3:248:25 | ...::drop_in_place | invalid |
-| deallocation.rs:252:15:252:16 | p1 | deallocation.rs:248:3:248:25 | ...::drop_in_place | deallocation.rs:252:15:252:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:248:3:248:25 | ...::drop_in_place | invalid |
-| deallocation.rs:320:18:320:20 | ptr | deallocation.rs:314:3:314:25 | ...::drop_in_place | deallocation.rs:320:18:320:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:314:3:314:25 | ...::drop_in_place | invalid |
-| deallocation.rs:320:18:320:20 | ptr | deallocation.rs:314:3:314:25 | ...::drop_in_place | deallocation.rs:320:18:320:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:314:3:314:25 | ...::drop_in_place | invalid |
+| deallocation.rs:274:15:274:16 | p1 | deallocation.rs:270:3:270:25 | ...::drop_in_place | deallocation.rs:274:15:274:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:270:3:270:25 | ...::drop_in_place | invalid |
+| deallocation.rs:274:15:274:16 | p1 | deallocation.rs:270:3:270:25 | ...::drop_in_place | deallocation.rs:274:15:274:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:270:3:270:25 | ...::drop_in_place | invalid |
+| deallocation.rs:342:18:342:20 | ptr | deallocation.rs:336:3:336:25 | ...::drop_in_place | deallocation.rs:342:18:342:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:336:3:336:25 | ...::drop_in_place | invalid |
+| deallocation.rs:342:18:342:20 | ptr | deallocation.rs:336:3:336:25 | ...::drop_in_place | deallocation.rs:342:18:342:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:336:3:336:25 | ...::drop_in_place | invalid |
 edges
 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 |
 | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance |  |
@@ -44,12 +44,12 @@ edges
 | deallocation.rs:125:6:125:7 | p3 | deallocation.rs:132:14:132:15 | p3 | provenance |  |
 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:7 MaD:7 |
 | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance |  |
-| deallocation.rs:248:3:248:25 | ...::drop_in_place | deallocation.rs:248:27:248:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 |
-| deallocation.rs:248:3:248:25 | ...::drop_in_place | deallocation.rs:248:27:248:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 |
-| deallocation.rs:248:27:248:28 | [post] p1 | deallocation.rs:252:15:252:16 | p1 | provenance |  |
-| deallocation.rs:314:3:314:25 | ...::drop_in_place | deallocation.rs:314:27:314:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 |
-| deallocation.rs:314:3:314:25 | ...::drop_in_place | deallocation.rs:314:27:314:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 |
-| deallocation.rs:314:27:314:29 | [post] ptr | deallocation.rs:320:18:320:20 | ptr | provenance |  |
+| deallocation.rs:270:3:270:25 | ...::drop_in_place | deallocation.rs:270:27:270:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 |
+| deallocation.rs:270:3:270:25 | ...::drop_in_place | deallocation.rs:270:27:270:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 |
+| deallocation.rs:270:27:270:28 | [post] p1 | deallocation.rs:274:15:274:16 | p1 | provenance |  |
+| deallocation.rs:336:3:336:25 | ...::drop_in_place | deallocation.rs:336:27:336:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 |
+| deallocation.rs:336:3:336:25 | ...::drop_in_place | deallocation.rs:336:27:336:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 |
+| deallocation.rs:336:27:336:29 | [post] ptr | deallocation.rs:342:18:342:20 | ptr | provenance |  |
 models
 | 1 | Sink: core::ptr::read; Argument[0]; pointer-access |
 | 2 | Sink: core::ptr::write; Argument[0]; pointer-access |
@@ -92,12 +92,12 @@ nodes
 | deallocation.rs:130:14:130:15 | p1 | semmle.label | p1 |
 | deallocation.rs:131:14:131:15 | p2 | semmle.label | p2 |
 | deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 |
-| deallocation.rs:248:3:248:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
-| deallocation.rs:248:3:248:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
-| deallocation.rs:248:27:248:28 | [post] p1 | semmle.label | [post] p1 |
-| deallocation.rs:252:15:252:16 | p1 | semmle.label | p1 |
-| deallocation.rs:314:3:314:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
-| deallocation.rs:314:3:314:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
-| deallocation.rs:314:27:314:29 | [post] ptr | semmle.label | [post] ptr |
-| deallocation.rs:320:18:320:20 | ptr | semmle.label | ptr |
+| deallocation.rs:270:3:270:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
+| deallocation.rs:270:3:270:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
+| deallocation.rs:270:27:270:28 | [post] p1 | semmle.label | [post] p1 |
+| deallocation.rs:274:15:274:16 | p1 | semmle.label | p1 |
+| deallocation.rs:336:3:336:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
+| deallocation.rs:336:3:336:25 | ...::drop_in_place | semmle.label | ...::drop_in_place |
+| deallocation.rs:336:27:336:29 | [post] ptr | semmle.label | [post] ptr |
+| deallocation.rs:342:18:342:20 | ptr | semmle.label | ptr |
 subpaths
diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
index ab4b1e73a2b..bca375f2429 100644
--- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
+++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs
@@ -149,6 +149,9 @@ impl MyObject {
 
 pub unsafe fn test_ptr_invalid_conditions(mode: i32) {
 	let layout = std::alloc::Layout::new::<MyObject>();
+
+	// --- mutable pointer ---
+
 	let mut ptr = std::alloc::alloc(layout) as *mut MyObject;
 	(*ptr).value = 0; // good
 
@@ -207,6 +210,25 @@ pub unsafe fn test_ptr_invalid_conditions(mode: i32) {
 	if (*ptr).is_zero() || ptr.is_null() { // $ MISSING: Alert[rust/access-invalid-pointer]
 		println!("	cond9");
 	}
+
+	// --- immutable pointer ---
+
+	let const_ptr;
+
+	if mode == 126 { // (causes a panic below)
+		const_ptr = std::ptr::null_mut();
+	} else {
+		const_ptr = std::alloc::alloc(layout) as *mut MyObject;
+		(*const_ptr).value = 0; // good
+	}
+
+	if const_ptr.is_null() {
+		let v = (*const_ptr).value; // $ MISSING: Alert[rust/access-invalid-pointer]
+		println!("	cond10 v = {v}");
+	} else {
+		let v = (*const_ptr).value; // good - unreachable with null pointer
+		println!("	cond11 v = {v}");
+	}
 }
 
 // --- drop ---