diff --git a/cpp/ql/lib/change-notes/2025-08-28-comptr.md b/cpp/ql/lib/change-notes/2025-08-28-comptr.md
new file mode 100644
index 00000000000..9ce6fde50cb
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2025-08-28-comptr.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
\ No newline at end of file
diff --git a/cpp/ql/lib/ext/ComPtr.model.yml b/cpp/ql/lib/ext/ComPtr.model.yml
index e6dbc781f95..49be2c49a4b 100644
--- a/cpp/ql/lib/ext/ComPtr.model.yml
+++ b/cpp/ql/lib/ext/ComPtr.model.yml
@@ -13,9 +13,19 @@ extensions:
       - ["Microsoft::WRL", "ComPtr<T>", True, "CopyTo", "(T **)", "", "Argument[-1].Element[@]", "Argument[**@0]", "value", "manual"]
       - ["Microsoft::WRL", "ComPtr", True, "CopyTo<T>", "(T **)", "", "Argument[-1].Element[@]", "Argument[**@0]", "value", "manual"]
       - ["Microsoft::WRL", "ComPtr", True, "CopyTo", "(REFIID,void **)", "", "Argument[-1].Element[@]", "Argument[**@1]", "value", "manual"]
-      - ["Microsoft::WRL", "ComPtr", True, "Detach", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]
-      - ["Microsoft::WRL", "ComPtr", True, "Get", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]
-      - ["Microsoft::WRL", "ComPtr", True, "GetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[**]", "value", "manual"]
-      - ["Microsoft::WRL", "ComPtr", True, "ReleaseAndGetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[**]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "Detach", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "Get", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "GetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[**@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "ReleaseAndGetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[**@]", "value", "manual"]
       - ["Microsoft::WRL", "ComPtr", True, "Swap", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"]
       - ["Microsoft::WRL", "ComPtr", True, "Swap", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator&", "", "", "Argument[-1]", "ReturnValue.Element", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator->", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr<T>", True, "operator=", "(T *)", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr<T>", True, "operator=", "(T *)", "", "Argument[*@0]", "ReturnValue[*].Element[@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=<U>", "(U *)", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=<U>", "(U *)", "", "Argument[*@0]", "ReturnValue[*].Element[@]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=", "(const ComPtr &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=", "(const ComPtr &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=", "(ComPtr &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["Microsoft::WRL", "ComPtr", True, "operator=", "(ComPtr &&)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
diff --git a/cpp/ql/lib/ext/ComPtrRef.model.yml b/cpp/ql/lib/ext/ComPtrRef.model.yml
new file mode 100644
index 00000000000..710d9e6def3
--- /dev/null
+++ b/cpp/ql/lib/ext/ComPtrRef.model.yml
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
+      - ["Microsoft::WRL::Details", "ComPtrRef", True, "ComPtrRef", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["Microsoft::WRL::Details", "ComPtrRef", True, "GetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      # TODO: We cannot yet model https://learn.microsoft.com/en-us/cpp/cppcx/wrl/comptrref-class?view=msvc-170#operator-interfacetype-star-star
+      - ["Microsoft::WRL::Details", "ComPtrRef", True, "operator*", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      # TODO: We cannot yet model https://learn.microsoft.com/en-us/cpp/cppcx/wrl/comptrref-class?view=msvc-170#operator-t-star
+      - ["Microsoft::WRL::Details", "ComPtrRef", True, "operator void**", "", "", "Argument[-1].Element[@]", "ReturnValue[**@]", "value", "manual"]
+      - ["Microsoft::WRL::Details", "ComPtrRef", True, "ReleaseAndGetAddressOf", "", "", "Argument[-1].Element[@]", "ReturnValue[**@]", "value", "manual"]
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
index e8dc5453df3..1b74b290eb3 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
@@ -6,12 +6,14 @@
 | Dubious member name "operator LPWSTR" in summary model. |
 | Dubious member name "operator PCXSTR" in summary model. |
 | Dubious member name "operator PXSTR" in summary model. |
+| Dubious member name "operator void**" in summary model. |
 | Dubious member name "operator&" in summary model. |
 | Dubious member name "operator*" in summary model. |
 | Dubious member name "operator+" in summary model. |
 | Dubious member name "operator+=" in summary model. |
 | Dubious member name "operator->" in summary model. |
 | Dubious member name "operator=" in summary model. |
+| Dubious member name "operator=<U>" in summary model. |
 | Dubious member name "operator[]" in summary model. |
 | Dubious signature "(..(*)(..))" in summary model. |
 | Dubious signature "(..(*)(..),..(*)(..),..(*)(..),..(*)(..))" in summary model. |
@@ -2497,6 +2499,7 @@
 | Dubious signature "(TS_VERIFY_CTX *,unsigned char *,long)" in summary model. |
 | Dubious signature "(TXT_DB *,OPENSSL_STRING *)" in summary model. |
 | Dubious signature "(TXT_DB *,int,..(*)(..),OPENSSL_LH_HASHFUNC,OPENSSL_LH_COMPFUNC)" in summary model. |
+| Dubious signature "(U *)" in summary model. |
 | Dubious signature "(UI *)" in summary model. |
 | Dubious signature "(UI *,UI_STRING *,const char *)" in summary model. |
 | Dubious signature "(UI *,UI_STRING *,const char *,int)" in summary model. |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
index 5d6b052448a..aff51f62964 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -1258,6 +1258,24 @@ namespace Microsoft {
 
   class WeakRef;
 
+  namespace Details {
+    template <typename T>
+    class ComPtrRef {
+      public:
+      using InterfaceType = T;
+
+      ComPtrRef(T*);
+
+      InterfaceType* const * GetAddressOf() const;
+      InterfaceType** ReleaseAndGetAddressOf();
+
+      operator InterfaceType**();
+      operator T*();
+      operator void**() const;
+      InterfaceType* operator *();
+    };
+  }
+
   template <typename T>
   class ComPtr
   {
@@ -1301,7 +1319,22 @@ namespace Microsoft {
     void Swap(ComPtr &&r);
 
     void Swap(ComPtr &r);
-  };
+
+    Details::ComPtrRef<ComPtr<T>> operator&();
+    const Details::ComPtrRef<const ComPtr<T>> operator&() const;
+
+    InterfaceType* operator->() const; // return type simplified from Microsoft::WRL::Details::RemoveIUnknown<InterfaceType>*
+
+    ComPtr& operator=(T *);
+    template <typename U>
+    ComPtr& operator=(U *);
+    ComPtr& operator=(const ComPtr &);
+    template<class U>
+    ComPtr& operator=(const ComPtr<U>&);
+    ComPtr& operator=(ComPtr &&);
+    template<class U>
+    ComPtr& operator=(ComPtr<U>&&);
+    };
 
   }
 }
@@ -1331,9 +1364,9 @@ void test_As()
 {
   int x = source<int>();
   Microsoft::WRL::ComPtr<int> p1(new int(x));
-  Microsoft::WRL::ComPtr<int> p2;
-  p1.As(&p2);
-  sink(*p2.Get()); // $ ir MISSING: ast
+  Microsoft::WRL::ComPtr<int>* p2;
+  p1.As(p2);
+  sink(*p2->Get()); // $ ir MISSING: ast
 }
 
 void test_CopyTo()
@@ -1377,4 +1410,52 @@ void test_GetAddressOf()
   Microsoft::WRL::ComPtr<int> p3(new int(x));
   int **pp = p3.ReleaseAndGetAddressOf();
   sink(**pp); // $ ir MISSING: ast
+}
+
+struct S {
+  int x;
+};
+
+void test_address_of_deref_operators() {
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  Microsoft::WRL::Details::ComPtrRef<Microsoft::WRL::ComPtr<int>> pp = &p1;
+  Microsoft::WRL::ComPtr<int>* qq = *pp;
+  sink(*qq->Get()); // $ ir MISSING: ast
+  
+  const Microsoft::WRL::ComPtr<int> p2(new int(x));
+  Microsoft::WRL::Details::ComPtrRef<const Microsoft::WRL::ComPtr<int>> pp2 = &p2;
+  const Microsoft::WRL::ComPtr<int>* qq2 = *pp2;
+  sink(*qq2->Get()); // $ ir MISSING: ast
+
+  S s;
+  s.x = source<int>();
+  Microsoft::WRL::ComPtr<S> p3(&s);
+  sink(p3->x); // $ ir MISSING: ast
+}
+
+void test_assignments() {
+  Microsoft::WRL::ComPtr<int> p1;
+  p1 = new int(source<int>());
+  sink(*p1.Get()); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<int> p2;
+  p2 = new long(source<long>());
+  sink(*p2.Get()); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<int> p3;
+  p3 = p1;
+  sink(*p3.Get()); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<long> p4;
+  p4 = p1;
+  sink(*p4.Get()); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<int> p5;
+  p5 = std::move(p1);
+  sink(*p5.Get()); // $ ir MISSING: ast
+
+  Microsoft::WRL::ComPtr<long> p6;
+  p6 = std::move(p1);
+  sink(*p6.Get()); // $ ir MISSING: ast
 }
\ No newline at end of file
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
index f98159676ce..e8f0a8e34b2 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -1278,131 +1278,223 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1241:46:1241:46 | b |  |
 | atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1242:45:1242:45 | b |  |
 | atl.cpp:1241:46:1241:46 | ref arg b | atl.cpp:1242:45:1242:45 | b |  |
-| atl.cpp:1315:31:1315:32 | call to ComPtr | atl.cpp:1316:9:1316:10 | p0 |  |
-| atl.cpp:1315:31:1315:32 | call to ComPtr | atl.cpp:1328:1:1328:1 | p0 |  |
-| atl.cpp:1316:9:1316:10 | ref arg p0 | atl.cpp:1328:1:1328:1 | p0 |  |
-| atl.cpp:1316:12:1316:14 | call to Get | atl.cpp:1316:8:1316:16 | * ... | TAINT |
-| atl.cpp:1318:11:1318:21 | call to source | atl.cpp:1319:42:1319:42 | x |  |
-| atl.cpp:1319:34:1319:43 | new | atl.cpp:1319:34:1319:44 | call to ComPtr | TAINT |
-| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1320:9:1320:10 | p1 |  |
-| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1321:9:1321:10 | p1 |  |
-| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1323:34:1323:35 | p1 |  |
-| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1326:44:1326:45 | p1 |  |
-| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1328:1:1328:1 | p1 |  |
-| atl.cpp:1319:42:1319:42 | x | atl.cpp:1319:34:1319:43 | new |  |
-| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1321:9:1321:10 | p1 |  |
-| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1323:34:1323:35 | p1 |  |
-| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1326:44:1326:45 | p1 |  |
-| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1328:1:1328:1 | p1 |  |
-| atl.cpp:1320:12:1320:14 | call to Get | atl.cpp:1320:8:1320:16 | * ... | TAINT |
-| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1323:34:1323:35 | p1 |  |
-| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1326:44:1326:45 | p1 |  |
-| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1328:1:1328:1 | p1 |  |
-| atl.cpp:1321:12:1321:17 | call to Detach | atl.cpp:1321:8:1321:19 | * ... | TAINT |
-| atl.cpp:1323:34:1323:35 | p1 | atl.cpp:1323:34:1323:36 | call to ComPtr |  |
-| atl.cpp:1323:34:1323:36 | call to ComPtr | atl.cpp:1324:9:1324:10 | p2 |  |
-| atl.cpp:1323:34:1323:36 | call to ComPtr | atl.cpp:1328:1:1328:1 | p2 |  |
-| atl.cpp:1324:9:1324:10 | ref arg p2 | atl.cpp:1328:1:1328:1 | p2 |  |
-| atl.cpp:1324:12:1324:14 | call to Get | atl.cpp:1324:8:1324:16 | * ... | TAINT |
-| atl.cpp:1326:34:1326:42 | call to move | atl.cpp:1326:34:1326:47 | call to ComPtr | TAINT |
-| atl.cpp:1326:34:1326:42 | ref arg call to move | atl.cpp:1326:44:1326:45 | p1 [inner post update] |  |
-| atl.cpp:1326:34:1326:42 | ref arg call to move | atl.cpp:1328:1:1328:1 | p1 |  |
-| atl.cpp:1326:34:1326:47 | call to ComPtr | atl.cpp:1327:9:1327:10 | p3 |  |
-| atl.cpp:1326:34:1326:47 | call to ComPtr | atl.cpp:1328:1:1328:1 | p3 |  |
-| atl.cpp:1326:44:1326:45 | p1 | atl.cpp:1326:34:1326:42 | call to move | TAINT |
-| atl.cpp:1326:44:1326:45 | p1 | atl.cpp:1326:34:1326:47 | call to ComPtr |  |
-| atl.cpp:1327:9:1327:10 | ref arg p3 | atl.cpp:1328:1:1328:1 | p3 |  |
-| atl.cpp:1327:12:1327:14 | call to Get | atl.cpp:1327:8:1327:16 | * ... | TAINT |
-| atl.cpp:1332:11:1332:21 | call to source | atl.cpp:1333:42:1333:42 | x |  |
-| atl.cpp:1333:34:1333:43 | new | atl.cpp:1333:34:1333:44 | call to ComPtr | TAINT |
-| atl.cpp:1333:34:1333:44 | call to ComPtr | atl.cpp:1335:3:1335:4 | p1 |  |
-| atl.cpp:1333:34:1333:44 | call to ComPtr | atl.cpp:1337:1:1337:1 | p1 |  |
-| atl.cpp:1333:42:1333:42 | x | atl.cpp:1333:34:1333:43 | new |  |
-| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1335:10:1335:11 | p2 |  |
-| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1336:9:1336:10 | p2 |  |
-| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1337:1:1337:1 | p2 |  |
-| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1335:10:1335:11 | p2 [inner post update] |  |
-| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1336:9:1336:10 | p2 |  |
-| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1337:1:1337:1 | p2 |  |
-| atl.cpp:1335:10:1335:11 | p2 | atl.cpp:1335:9:1335:11 | & ... |  |
-| atl.cpp:1336:9:1336:10 | ref arg p2 | atl.cpp:1337:1:1337:1 | p2 |  |
-| atl.cpp:1336:12:1336:14 | call to Get | atl.cpp:1336:8:1336:16 | * ... | TAINT |
-| atl.cpp:1341:11:1341:21 | call to source | atl.cpp:1342:42:1342:42 | x |  |
-| atl.cpp:1341:11:1341:21 | call to source | atl.cpp:1351:42:1351:42 | x |  |
-| atl.cpp:1342:34:1342:43 | new | atl.cpp:1342:34:1342:44 | call to ComPtr | TAINT |
-| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1344:3:1344:4 | p1 |  |
-| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1348:3:1348:4 | p1 |  |
-| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1356:1:1356:1 | p1 |  |
-| atl.cpp:1342:42:1342:42 | x | atl.cpp:1342:34:1342:43 | new |  |
-| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1344:14:1344:16 | raw |  |
-| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1345:9:1345:11 | raw |  |
-| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1348:31:1348:33 | raw |  |
-| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1349:9:1349:11 | raw |  |
-| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1348:3:1348:4 | p1 |  |
-| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1356:1:1356:1 | p1 |  |
-| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1344:14:1344:16 | raw [inner post update] |  |
-| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1345:9:1345:11 | raw |  |
-| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw |  |
-| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
-| atl.cpp:1344:14:1344:16 | raw | atl.cpp:1344:13:1344:16 | & ... |  |
-| atl.cpp:1345:9:1345:11 | raw | atl.cpp:1345:8:1345:11 | * ... | TAINT |
-| atl.cpp:1347:31:1347:32 | call to ComPtr | atl.cpp:1356:1:1356:1 | p2 |  |
-| atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw [inner post update] |  |
-| atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
-| atl.cpp:1348:31:1348:33 | raw | atl.cpp:1348:30:1348:33 | & ... |  |
-| atl.cpp:1349:9:1349:11 | raw | atl.cpp:1349:8:1349:11 | * ... | TAINT |
-| atl.cpp:1351:34:1351:43 | new | atl.cpp:1351:34:1351:44 | call to ComPtr | TAINT |
-| atl.cpp:1351:34:1351:44 | call to ComPtr | atl.cpp:1354:3:1354:4 | p3 |  |
-| atl.cpp:1351:34:1351:44 | call to ComPtr | atl.cpp:1356:1:1356:1 | p3 |  |
-| atl.cpp:1351:42:1351:42 | x | atl.cpp:1351:34:1351:43 | new |  |
-| atl.cpp:1353:15:1353:21 | 0 | atl.cpp:1354:19:1354:22 | raw2 |  |
-| atl.cpp:1353:15:1353:21 | 0 | atl.cpp:1355:9:1355:12 | raw2 |  |
-| atl.cpp:1354:18:1354:22 | ref arg & ... | atl.cpp:1354:19:1354:22 | raw2 [inner post update] |  |
-| atl.cpp:1354:18:1354:22 | ref arg & ... | atl.cpp:1355:9:1355:12 | raw2 |  |
-| atl.cpp:1354:19:1354:22 | raw2 | atl.cpp:1354:18:1354:22 | & ... |  |
-| atl.cpp:1355:9:1355:12 | raw2 | atl.cpp:1355:8:1355:12 | * ... | TAINT |
-| atl.cpp:1360:11:1360:21 | call to source | atl.cpp:1361:42:1361:42 | x |  |
-| atl.cpp:1361:34:1361:43 | new | atl.cpp:1361:34:1361:44 | call to ComPtr | TAINT |
-| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1363:3:1363:4 | p1 |  |
-| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1365:9:1365:10 | p1 |  |
-| atl.cpp:1361:34:1361:44 | call to ComPtr | atl.cpp:1366:1:1366:1 | p1 |  |
-| atl.cpp:1361:42:1361:42 | x | atl.cpp:1361:34:1361:43 | new |  |
-| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1363:11:1363:12 | p2 |  |
-| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1364:9:1364:10 | p2 |  |
-| atl.cpp:1362:31:1362:32 | call to ComPtr | atl.cpp:1366:1:1366:1 | p2 |  |
-| atl.cpp:1363:3:1363:4 | ref arg p1 | atl.cpp:1365:9:1365:10 | p1 |  |
-| atl.cpp:1363:3:1363:4 | ref arg p1 | atl.cpp:1366:1:1366:1 | p1 |  |
-| atl.cpp:1363:11:1363:12 | ref arg p2 | atl.cpp:1364:9:1364:10 | p2 |  |
-| atl.cpp:1363:11:1363:12 | ref arg p2 | atl.cpp:1366:1:1366:1 | p2 |  |
-| atl.cpp:1364:9:1364:10 | ref arg p2 | atl.cpp:1366:1:1366:1 | p2 |  |
-| atl.cpp:1364:12:1364:14 | call to Get | atl.cpp:1364:8:1364:16 | * ... | TAINT |
-| atl.cpp:1365:9:1365:10 | ref arg p1 | atl.cpp:1366:1:1366:1 | p1 |  |
-| atl.cpp:1365:12:1365:14 | call to Get | atl.cpp:1365:8:1365:16 | * ... | TAINT |
-| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1371:42:1371:42 | x |  |
-| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1374:48:1374:48 | x |  |
-| atl.cpp:1370:11:1370:21 | call to source | atl.cpp:1377:42:1377:42 | x |  |
-| atl.cpp:1371:34:1371:43 | new | atl.cpp:1371:34:1371:44 | call to ComPtr | TAINT |
-| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1372:10:1372:11 | p1 |  |
-| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1380:1:1380:1 | p1 |  |
-| atl.cpp:1371:42:1371:42 | x | atl.cpp:1371:34:1371:43 | new |  |
-| atl.cpp:1372:9:1372:26 | * ... | atl.cpp:1372:8:1372:26 | * ... | TAINT |
-| atl.cpp:1372:10:1372:11 | ref arg p1 | atl.cpp:1380:1:1380:1 | p1 |  |
-| atl.cpp:1372:13:1372:24 | call to GetAddressOf | atl.cpp:1372:9:1372:26 | * ... | TAINT |
-| atl.cpp:1374:40:1374:49 | new | atl.cpp:1374:40:1374:50 | call to ComPtr | TAINT |
-| atl.cpp:1374:40:1374:50 | call to ComPtr | atl.cpp:1375:10:1375:11 | p2 |  |
-| atl.cpp:1374:40:1374:50 | call to ComPtr | atl.cpp:1380:1:1380:1 | p2 |  |
-| atl.cpp:1374:48:1374:48 | x | atl.cpp:1374:40:1374:49 | new |  |
-| atl.cpp:1375:9:1375:26 | * ... | atl.cpp:1375:8:1375:26 | * ... | TAINT |
-| atl.cpp:1375:10:1375:11 | ref arg p2 | atl.cpp:1380:1:1380:1 | p2 |  |
-| atl.cpp:1375:13:1375:24 | call to GetAddressOf | atl.cpp:1375:9:1375:26 | * ... | TAINT |
-| atl.cpp:1377:34:1377:43 | new | atl.cpp:1377:34:1377:44 | call to ComPtr | TAINT |
-| atl.cpp:1377:34:1377:44 | call to ComPtr | atl.cpp:1378:14:1378:15 | p3 |  |
-| atl.cpp:1377:34:1377:44 | call to ComPtr | atl.cpp:1380:1:1380:1 | p3 |  |
-| atl.cpp:1377:42:1377:42 | x | atl.cpp:1377:34:1377:43 | new |  |
-| atl.cpp:1378:14:1378:15 | ref arg p3 | atl.cpp:1380:1:1380:1 | p3 |  |
-| atl.cpp:1378:17:1378:38 | call to ReleaseAndGetAddressOf | atl.cpp:1379:10:1379:11 | pp |  |
-| atl.cpp:1379:9:1379:11 | * ... | atl.cpp:1379:8:1379:11 | * ... | TAINT |
-| atl.cpp:1379:10:1379:11 | pp | atl.cpp:1379:9:1379:11 | * ... | TAINT |
+| atl.cpp:1348:31:1348:32 | call to ComPtr | atl.cpp:1349:9:1349:10 | p0 |  |
+| atl.cpp:1348:31:1348:32 | call to ComPtr | atl.cpp:1361:1:1361:1 | p0 |  |
+| atl.cpp:1349:9:1349:10 | ref arg p0 | atl.cpp:1361:1:1361:1 | p0 |  |
+| atl.cpp:1349:12:1349:14 | call to Get | atl.cpp:1349:8:1349:16 | * ... | TAINT |
+| atl.cpp:1351:11:1351:21 | call to source | atl.cpp:1352:42:1352:42 | x |  |
+| atl.cpp:1352:34:1352:43 | new | atl.cpp:1352:34:1352:44 | call to ComPtr | TAINT |
+| atl.cpp:1352:34:1352:44 | call to ComPtr | atl.cpp:1353:9:1353:10 | p1 |  |
+| atl.cpp:1352:34:1352:44 | call to ComPtr | atl.cpp:1354:9:1354:10 | p1 |  |
+| atl.cpp:1352:34:1352:44 | call to ComPtr | atl.cpp:1356:34:1356:35 | p1 |  |
+| atl.cpp:1352:34:1352:44 | call to ComPtr | atl.cpp:1359:44:1359:45 | p1 |  |
+| atl.cpp:1352:34:1352:44 | call to ComPtr | atl.cpp:1361:1:1361:1 | p1 |  |
+| atl.cpp:1352:42:1352:42 | x | atl.cpp:1352:34:1352:43 | new |  |
+| atl.cpp:1353:9:1353:10 | ref arg p1 | atl.cpp:1354:9:1354:10 | p1 |  |
+| atl.cpp:1353:9:1353:10 | ref arg p1 | atl.cpp:1356:34:1356:35 | p1 |  |
+| atl.cpp:1353:9:1353:10 | ref arg p1 | atl.cpp:1359:44:1359:45 | p1 |  |
+| atl.cpp:1353:9:1353:10 | ref arg p1 | atl.cpp:1361:1:1361:1 | p1 |  |
+| atl.cpp:1353:12:1353:14 | call to Get | atl.cpp:1353:8:1353:16 | * ... | TAINT |
+| atl.cpp:1354:9:1354:10 | ref arg p1 | atl.cpp:1356:34:1356:35 | p1 |  |
+| atl.cpp:1354:9:1354:10 | ref arg p1 | atl.cpp:1359:44:1359:45 | p1 |  |
+| atl.cpp:1354:9:1354:10 | ref arg p1 | atl.cpp:1361:1:1361:1 | p1 |  |
+| atl.cpp:1354:12:1354:17 | call to Detach | atl.cpp:1354:8:1354:19 | * ... | TAINT |
+| atl.cpp:1356:34:1356:35 | p1 | atl.cpp:1356:34:1356:36 | call to ComPtr |  |
+| atl.cpp:1356:34:1356:36 | call to ComPtr | atl.cpp:1357:9:1357:10 | p2 |  |
+| atl.cpp:1356:34:1356:36 | call to ComPtr | atl.cpp:1361:1:1361:1 | p2 |  |
+| atl.cpp:1357:9:1357:10 | ref arg p2 | atl.cpp:1361:1:1361:1 | p2 |  |
+| atl.cpp:1357:12:1357:14 | call to Get | atl.cpp:1357:8:1357:16 | * ... | TAINT |
+| atl.cpp:1359:34:1359:42 | call to move | atl.cpp:1359:34:1359:47 | call to ComPtr | TAINT |
+| atl.cpp:1359:34:1359:42 | ref arg call to move | atl.cpp:1359:44:1359:45 | p1 [inner post update] |  |
+| atl.cpp:1359:34:1359:42 | ref arg call to move | atl.cpp:1361:1:1361:1 | p1 |  |
+| atl.cpp:1359:34:1359:47 | call to ComPtr | atl.cpp:1360:9:1360:10 | p3 |  |
+| atl.cpp:1359:34:1359:47 | call to ComPtr | atl.cpp:1361:1:1361:1 | p3 |  |
+| atl.cpp:1359:44:1359:45 | p1 | atl.cpp:1359:34:1359:42 | call to move | TAINT |
+| atl.cpp:1359:44:1359:45 | p1 | atl.cpp:1359:34:1359:47 | call to ComPtr |  |
+| atl.cpp:1360:9:1360:10 | ref arg p3 | atl.cpp:1361:1:1361:1 | p3 |  |
+| atl.cpp:1360:12:1360:14 | call to Get | atl.cpp:1360:8:1360:16 | * ... | TAINT |
+| atl.cpp:1365:11:1365:21 | call to source | atl.cpp:1366:42:1366:42 | x |  |
+| atl.cpp:1366:34:1366:43 | new | atl.cpp:1366:34:1366:44 | call to ComPtr | TAINT |
+| atl.cpp:1366:34:1366:44 | call to ComPtr | atl.cpp:1368:3:1368:4 | p1 |  |
+| atl.cpp:1366:34:1366:44 | call to ComPtr | atl.cpp:1370:1:1370:1 | p1 |  |
+| atl.cpp:1366:42:1366:42 | x | atl.cpp:1366:34:1366:43 | new |  |
+| atl.cpp:1367:32:1367:33 | p2 | atl.cpp:1368:9:1368:10 | p2 |  |
+| atl.cpp:1367:32:1367:33 | p2 | atl.cpp:1369:9:1369:10 | p2 |  |
+| atl.cpp:1368:9:1368:10 | ref arg p2 | atl.cpp:1369:9:1369:10 | p2 |  |
+| atl.cpp:1369:13:1369:15 | call to Get | atl.cpp:1369:8:1369:17 | * ... | TAINT |
+| atl.cpp:1374:11:1374:21 | call to source | atl.cpp:1375:42:1375:42 | x |  |
+| atl.cpp:1374:11:1374:21 | call to source | atl.cpp:1384:42:1384:42 | x |  |
+| atl.cpp:1375:34:1375:43 | new | atl.cpp:1375:34:1375:44 | call to ComPtr | TAINT |
+| atl.cpp:1375:34:1375:44 | call to ComPtr | atl.cpp:1377:3:1377:4 | p1 |  |
+| atl.cpp:1375:34:1375:44 | call to ComPtr | atl.cpp:1381:3:1381:4 | p1 |  |
+| atl.cpp:1375:34:1375:44 | call to ComPtr | atl.cpp:1389:1:1389:1 | p1 |  |
+| atl.cpp:1375:42:1375:42 | x | atl.cpp:1375:34:1375:43 | new |  |
+| atl.cpp:1376:14:1376:20 | 0 | atl.cpp:1377:14:1377:16 | raw |  |
+| atl.cpp:1376:14:1376:20 | 0 | atl.cpp:1378:9:1378:11 | raw |  |
+| atl.cpp:1376:14:1376:20 | 0 | atl.cpp:1381:31:1381:33 | raw |  |
+| atl.cpp:1376:14:1376:20 | 0 | atl.cpp:1382:9:1382:11 | raw |  |
+| atl.cpp:1377:3:1377:4 | ref arg p1 | atl.cpp:1381:3:1381:4 | p1 |  |
+| atl.cpp:1377:3:1377:4 | ref arg p1 | atl.cpp:1389:1:1389:1 | p1 |  |
+| atl.cpp:1377:13:1377:16 | ref arg & ... | atl.cpp:1377:14:1377:16 | raw [inner post update] |  |
+| atl.cpp:1377:13:1377:16 | ref arg & ... | atl.cpp:1378:9:1378:11 | raw |  |
+| atl.cpp:1377:13:1377:16 | ref arg & ... | atl.cpp:1381:31:1381:33 | raw |  |
+| atl.cpp:1377:13:1377:16 | ref arg & ... | atl.cpp:1382:9:1382:11 | raw |  |
+| atl.cpp:1377:14:1377:16 | raw | atl.cpp:1377:13:1377:16 | & ... |  |
+| atl.cpp:1378:9:1378:11 | raw | atl.cpp:1378:8:1378:11 | * ... | TAINT |
+| atl.cpp:1380:31:1380:32 | call to ComPtr | atl.cpp:1389:1:1389:1 | p2 |  |
+| atl.cpp:1381:30:1381:33 | ref arg & ... | atl.cpp:1381:31:1381:33 | raw [inner post update] |  |
+| atl.cpp:1381:30:1381:33 | ref arg & ... | atl.cpp:1382:9:1382:11 | raw |  |
+| atl.cpp:1381:31:1381:33 | raw | atl.cpp:1381:30:1381:33 | & ... |  |
+| atl.cpp:1382:9:1382:11 | raw | atl.cpp:1382:8:1382:11 | * ... | TAINT |
+| atl.cpp:1384:34:1384:43 | new | atl.cpp:1384:34:1384:44 | call to ComPtr | TAINT |
+| atl.cpp:1384:34:1384:44 | call to ComPtr | atl.cpp:1387:3:1387:4 | p3 |  |
+| atl.cpp:1384:34:1384:44 | call to ComPtr | atl.cpp:1389:1:1389:1 | p3 |  |
+| atl.cpp:1384:42:1384:42 | x | atl.cpp:1384:34:1384:43 | new |  |
+| atl.cpp:1386:15:1386:21 | 0 | atl.cpp:1387:19:1387:22 | raw2 |  |
+| atl.cpp:1386:15:1386:21 | 0 | atl.cpp:1388:9:1388:12 | raw2 |  |
+| atl.cpp:1387:18:1387:22 | ref arg & ... | atl.cpp:1387:19:1387:22 | raw2 [inner post update] |  |
+| atl.cpp:1387:18:1387:22 | ref arg & ... | atl.cpp:1388:9:1388:12 | raw2 |  |
+| atl.cpp:1387:19:1387:22 | raw2 | atl.cpp:1387:18:1387:22 | & ... |  |
+| atl.cpp:1388:9:1388:12 | raw2 | atl.cpp:1388:8:1388:12 | * ... | TAINT |
+| atl.cpp:1393:11:1393:21 | call to source | atl.cpp:1394:42:1394:42 | x |  |
+| atl.cpp:1394:34:1394:43 | new | atl.cpp:1394:34:1394:44 | call to ComPtr | TAINT |
+| atl.cpp:1394:34:1394:44 | call to ComPtr | atl.cpp:1396:3:1396:4 | p1 |  |
+| atl.cpp:1394:34:1394:44 | call to ComPtr | atl.cpp:1398:9:1398:10 | p1 |  |
+| atl.cpp:1394:34:1394:44 | call to ComPtr | atl.cpp:1399:1:1399:1 | p1 |  |
+| atl.cpp:1394:42:1394:42 | x | atl.cpp:1394:34:1394:43 | new |  |
+| atl.cpp:1395:31:1395:32 | call to ComPtr | atl.cpp:1396:11:1396:12 | p2 |  |
+| atl.cpp:1395:31:1395:32 | call to ComPtr | atl.cpp:1397:9:1397:10 | p2 |  |
+| atl.cpp:1395:31:1395:32 | call to ComPtr | atl.cpp:1399:1:1399:1 | p2 |  |
+| atl.cpp:1396:3:1396:4 | ref arg p1 | atl.cpp:1398:9:1398:10 | p1 |  |
+| atl.cpp:1396:3:1396:4 | ref arg p1 | atl.cpp:1399:1:1399:1 | p1 |  |
+| atl.cpp:1396:11:1396:12 | ref arg p2 | atl.cpp:1397:9:1397:10 | p2 |  |
+| atl.cpp:1396:11:1396:12 | ref arg p2 | atl.cpp:1399:1:1399:1 | p2 |  |
+| atl.cpp:1397:9:1397:10 | ref arg p2 | atl.cpp:1399:1:1399:1 | p2 |  |
+| atl.cpp:1397:12:1397:14 | call to Get | atl.cpp:1397:8:1397:16 | * ... | TAINT |
+| atl.cpp:1398:9:1398:10 | ref arg p1 | atl.cpp:1399:1:1399:1 | p1 |  |
+| atl.cpp:1398:12:1398:14 | call to Get | atl.cpp:1398:8:1398:16 | * ... | TAINT |
+| atl.cpp:1403:11:1403:21 | call to source | atl.cpp:1404:42:1404:42 | x |  |
+| atl.cpp:1403:11:1403:21 | call to source | atl.cpp:1407:48:1407:48 | x |  |
+| atl.cpp:1403:11:1403:21 | call to source | atl.cpp:1410:42:1410:42 | x |  |
+| atl.cpp:1404:34:1404:43 | new | atl.cpp:1404:34:1404:44 | call to ComPtr | TAINT |
+| atl.cpp:1404:34:1404:44 | call to ComPtr | atl.cpp:1405:10:1405:11 | p1 |  |
+| atl.cpp:1404:34:1404:44 | call to ComPtr | atl.cpp:1413:1:1413:1 | p1 |  |
+| atl.cpp:1404:42:1404:42 | x | atl.cpp:1404:34:1404:43 | new |  |
+| atl.cpp:1405:9:1405:26 | * ... | atl.cpp:1405:8:1405:26 | * ... | TAINT |
+| atl.cpp:1405:10:1405:11 | ref arg p1 | atl.cpp:1413:1:1413:1 | p1 |  |
+| atl.cpp:1405:13:1405:24 | call to GetAddressOf | atl.cpp:1405:9:1405:26 | * ... | TAINT |
+| atl.cpp:1407:40:1407:49 | new | atl.cpp:1407:40:1407:50 | call to ComPtr | TAINT |
+| atl.cpp:1407:40:1407:50 | call to ComPtr | atl.cpp:1408:10:1408:11 | p2 |  |
+| atl.cpp:1407:40:1407:50 | call to ComPtr | atl.cpp:1413:1:1413:1 | p2 |  |
+| atl.cpp:1407:48:1407:48 | x | atl.cpp:1407:40:1407:49 | new |  |
+| atl.cpp:1408:9:1408:26 | * ... | atl.cpp:1408:8:1408:26 | * ... | TAINT |
+| atl.cpp:1408:10:1408:11 | ref arg p2 | atl.cpp:1413:1:1413:1 | p2 |  |
+| atl.cpp:1408:13:1408:24 | call to GetAddressOf | atl.cpp:1408:9:1408:26 | * ... | TAINT |
+| atl.cpp:1410:34:1410:43 | new | atl.cpp:1410:34:1410:44 | call to ComPtr | TAINT |
+| atl.cpp:1410:34:1410:44 | call to ComPtr | atl.cpp:1411:14:1411:15 | p3 |  |
+| atl.cpp:1410:34:1410:44 | call to ComPtr | atl.cpp:1413:1:1413:1 | p3 |  |
+| atl.cpp:1410:42:1410:42 | x | atl.cpp:1410:34:1410:43 | new |  |
+| atl.cpp:1411:14:1411:15 | ref arg p3 | atl.cpp:1413:1:1413:1 | p3 |  |
+| atl.cpp:1411:17:1411:38 | call to ReleaseAndGetAddressOf | atl.cpp:1412:10:1412:11 | pp |  |
+| atl.cpp:1412:9:1412:11 | * ... | atl.cpp:1412:8:1412:11 | * ... | TAINT |
+| atl.cpp:1412:10:1412:11 | pp | atl.cpp:1412:9:1412:11 | * ... | TAINT |
+| atl.cpp:1420:11:1420:21 | call to source | atl.cpp:1421:42:1421:42 | x |  |
+| atl.cpp:1420:11:1420:21 | call to source | atl.cpp:1426:48:1426:48 | x |  |
+| atl.cpp:1421:34:1421:43 | new | atl.cpp:1421:34:1421:44 | call to ComPtr | TAINT |
+| atl.cpp:1421:34:1421:44 | call to ComPtr | atl.cpp:1422:73:1422:74 | p1 |  |
+| atl.cpp:1421:34:1421:44 | call to ComPtr | atl.cpp:1435:1:1435:1 | p1 |  |
+| atl.cpp:1421:42:1421:42 | x | atl.cpp:1421:34:1421:43 | new |  |
+| atl.cpp:1422:72:1422:72 | call to operator& | atl.cpp:1423:38:1423:39 | pp |  |
+| atl.cpp:1422:73:1422:74 | ref arg p1 | atl.cpp:1435:1:1435:1 | p1 |  |
+| atl.cpp:1423:37:1423:37 | call to operator* | atl.cpp:1424:9:1424:10 | qq |  |
+| atl.cpp:1424:13:1424:15 | call to Get | atl.cpp:1424:8:1424:17 | * ... | TAINT |
+| atl.cpp:1426:40:1426:49 | new | atl.cpp:1426:40:1426:50 | call to ComPtr | TAINT |
+| atl.cpp:1426:40:1426:50 | call to ComPtr | atl.cpp:1427:80:1427:81 | p2 |  |
+| atl.cpp:1426:40:1426:50 | call to ComPtr | atl.cpp:1435:1:1435:1 | p2 |  |
+| atl.cpp:1426:48:1426:48 | x | atl.cpp:1426:40:1426:49 | new |  |
+| atl.cpp:1427:79:1427:79 | call to operator& | atl.cpp:1428:45:1428:47 | pp2 |  |
+| atl.cpp:1428:44:1428:44 | call to operator* | atl.cpp:1429:9:1429:11 | qq2 |  |
+| atl.cpp:1429:14:1429:16 | call to Get | atl.cpp:1429:8:1429:18 | * ... | TAINT |
+| atl.cpp:1431:5:1431:5 | s | atl.cpp:1432:3:1432:3 | s |  |
+| atl.cpp:1431:5:1431:5 | s | atl.cpp:1433:33:1433:33 | s |  |
+| atl.cpp:1432:3:1432:3 | s [post update] | atl.cpp:1433:33:1433:33 | s |  |
+| atl.cpp:1432:3:1432:21 | ... = ... | atl.cpp:1432:5:1432:5 | x [post update] |  |
+| atl.cpp:1432:9:1432:19 | call to source | atl.cpp:1432:3:1432:21 | ... = ... |  |
+| atl.cpp:1433:32:1433:33 | & ... | atl.cpp:1433:32:1433:34 | call to ComPtr | TAINT |
+| atl.cpp:1433:32:1433:33 | ref arg & ... | atl.cpp:1433:33:1433:33 | s [inner post update] |  |
+| atl.cpp:1433:32:1433:34 | call to ComPtr | atl.cpp:1434:8:1434:9 | p3 |  |
+| atl.cpp:1433:32:1433:34 | call to ComPtr | atl.cpp:1435:1:1435:1 | p3 |  |
+| atl.cpp:1433:33:1433:33 | s | atl.cpp:1433:32:1433:33 | & ... |  |
+| atl.cpp:1434:8:1434:9 | ref arg p3 | atl.cpp:1435:1:1435:1 | p3 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1439:3:1439:4 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1440:9:1440:10 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1447:8:1447:9 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1451:8:1451:9 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1455:18:1455:19 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1459:18:1459:19 | p1 |  |
+| atl.cpp:1438:31:1438:32 | call to ComPtr | atl.cpp:1461:1:1461:1 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1440:9:1440:10 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1447:8:1447:9 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1451:8:1451:9 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1455:18:1455:19 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1459:18:1459:19 | p1 |  |
+| atl.cpp:1439:3:1439:4 | ref arg p1 | atl.cpp:1461:1:1461:1 | p1 |  |
+| atl.cpp:1439:16:1439:26 | call to source | atl.cpp:1439:8:1439:29 | new |  |
+| atl.cpp:1440:9:1440:10 | ref arg p1 | atl.cpp:1447:8:1447:9 | p1 |  |
+| atl.cpp:1440:9:1440:10 | ref arg p1 | atl.cpp:1451:8:1451:9 | p1 |  |
+| atl.cpp:1440:9:1440:10 | ref arg p1 | atl.cpp:1455:18:1455:19 | p1 |  |
+| atl.cpp:1440:9:1440:10 | ref arg p1 | atl.cpp:1459:18:1459:19 | p1 |  |
+| atl.cpp:1440:9:1440:10 | ref arg p1 | atl.cpp:1461:1:1461:1 | p1 |  |
+| atl.cpp:1440:12:1440:14 | call to Get | atl.cpp:1440:8:1440:16 | * ... | TAINT |
+| atl.cpp:1442:31:1442:32 | call to ComPtr | atl.cpp:1443:3:1443:4 | p2 |  |
+| atl.cpp:1442:31:1442:32 | call to ComPtr | atl.cpp:1444:9:1444:10 | p2 |  |
+| atl.cpp:1442:31:1442:32 | call to ComPtr | atl.cpp:1461:1:1461:1 | p2 |  |
+| atl.cpp:1443:3:1443:4 | ref arg p2 | atl.cpp:1444:9:1444:10 | p2 |  |
+| atl.cpp:1443:3:1443:4 | ref arg p2 | atl.cpp:1461:1:1461:1 | p2 |  |
+| atl.cpp:1443:17:1443:28 | call to source | atl.cpp:1443:8:1443:31 | new |  |
+| atl.cpp:1444:9:1444:10 | ref arg p2 | atl.cpp:1461:1:1461:1 | p2 |  |
+| atl.cpp:1444:12:1444:14 | call to Get | atl.cpp:1444:8:1444:16 | * ... | TAINT |
+| atl.cpp:1446:31:1446:32 | call to ComPtr | atl.cpp:1447:3:1447:4 | p3 |  |
+| atl.cpp:1446:31:1446:32 | call to ComPtr | atl.cpp:1448:9:1448:10 | p3 |  |
+| atl.cpp:1446:31:1446:32 | call to ComPtr | atl.cpp:1461:1:1461:1 | p3 |  |
+| atl.cpp:1447:3:1447:4 | ref arg p3 | atl.cpp:1448:9:1448:10 | p3 |  |
+| atl.cpp:1447:3:1447:4 | ref arg p3 | atl.cpp:1461:1:1461:1 | p3 |  |
+| atl.cpp:1447:8:1447:9 | p1 | atl.cpp:1447:3:1447:4 | ref arg p3 | TAINT |
+| atl.cpp:1447:8:1447:9 | p1 | atl.cpp:1447:6:1447:6 | call to operator= | TAINT |
+| atl.cpp:1448:9:1448:10 | ref arg p3 | atl.cpp:1461:1:1461:1 | p3 |  |
+| atl.cpp:1448:12:1448:14 | call to Get | atl.cpp:1448:8:1448:16 | * ... | TAINT |
+| atl.cpp:1450:32:1450:33 | call to ComPtr | atl.cpp:1451:3:1451:4 | p4 |  |
+| atl.cpp:1450:32:1450:33 | call to ComPtr | atl.cpp:1452:9:1452:10 | p4 |  |
+| atl.cpp:1450:32:1450:33 | call to ComPtr | atl.cpp:1461:1:1461:1 | p4 |  |
+| atl.cpp:1451:3:1451:4 | ref arg p4 | atl.cpp:1452:9:1452:10 | p4 |  |
+| atl.cpp:1451:3:1451:4 | ref arg p4 | atl.cpp:1461:1:1461:1 | p4 |  |
+| atl.cpp:1452:9:1452:10 | ref arg p4 | atl.cpp:1461:1:1461:1 | p4 |  |
+| atl.cpp:1452:12:1452:14 | call to Get | atl.cpp:1452:8:1452:16 | * ... | TAINT |
+| atl.cpp:1454:31:1454:32 | call to ComPtr | atl.cpp:1455:3:1455:4 | p5 |  |
+| atl.cpp:1454:31:1454:32 | call to ComPtr | atl.cpp:1456:9:1456:10 | p5 |  |
+| atl.cpp:1454:31:1454:32 | call to ComPtr | atl.cpp:1461:1:1461:1 | p5 |  |
+| atl.cpp:1455:3:1455:4 | ref arg p5 | atl.cpp:1456:9:1456:10 | p5 |  |
+| atl.cpp:1455:3:1455:4 | ref arg p5 | atl.cpp:1461:1:1461:1 | p5 |  |
+| atl.cpp:1455:8:1455:16 | call to move | atl.cpp:1455:3:1455:4 | ref arg p5 | TAINT |
+| atl.cpp:1455:8:1455:16 | call to move | atl.cpp:1455:6:1455:6 | call to operator= | TAINT |
+| atl.cpp:1455:8:1455:16 | ref arg call to move | atl.cpp:1455:18:1455:19 | p1 [inner post update] |  |
+| atl.cpp:1455:8:1455:16 | ref arg call to move | atl.cpp:1459:18:1459:19 | p1 |  |
+| atl.cpp:1455:8:1455:16 | ref arg call to move | atl.cpp:1461:1:1461:1 | p1 |  |
+| atl.cpp:1455:18:1455:19 | p1 | atl.cpp:1455:3:1455:4 | ref arg p5 | TAINT |
+| atl.cpp:1455:18:1455:19 | p1 | atl.cpp:1455:6:1455:6 | call to operator= | TAINT |
+| atl.cpp:1455:18:1455:19 | p1 | atl.cpp:1455:8:1455:16 | call to move | TAINT |
+| atl.cpp:1456:9:1456:10 | ref arg p5 | atl.cpp:1461:1:1461:1 | p5 |  |
+| atl.cpp:1456:12:1456:14 | call to Get | atl.cpp:1456:8:1456:16 | * ... | TAINT |
+| atl.cpp:1458:32:1458:33 | call to ComPtr | atl.cpp:1459:3:1459:4 | p6 |  |
+| atl.cpp:1458:32:1458:33 | call to ComPtr | atl.cpp:1460:9:1460:10 | p6 |  |
+| atl.cpp:1458:32:1458:33 | call to ComPtr | atl.cpp:1461:1:1461:1 | p6 |  |
+| atl.cpp:1459:3:1459:4 | ref arg p6 | atl.cpp:1460:9:1460:10 | p6 |  |
+| atl.cpp:1459:3:1459:4 | ref arg p6 | atl.cpp:1461:1:1461:1 | p6 |  |
+| atl.cpp:1459:8:1459:16 | ref arg call to move | atl.cpp:1459:18:1459:19 | p1 [inner post update] |  |
+| atl.cpp:1459:8:1459:16 | ref arg call to move | atl.cpp:1461:1:1461:1 | p1 |  |
+| atl.cpp:1459:18:1459:19 | p1 | atl.cpp:1459:8:1459:16 | call to move | TAINT |
+| atl.cpp:1460:9:1460:10 | ref arg p6 | atl.cpp:1461:1:1461:1 | p6 |  |
+| atl.cpp:1460:12:1460:14 | call to Get | atl.cpp:1460:8:1460:16 | * ... | TAINT |
 | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
index 361ead80703..846359fd6b2 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -5567,15 +5567,31 @@ signatureMatches
 | atl.cpp:1231:5:1231:12 | CStrBufT | (const char *,const char *,unsigned long) |  | __ngettext | 2 |
 | atl.cpp:1231:5:1231:12 | CStrBufT | (unsigned char *,int,unsigned long) |  | UTF8_putc | 1 |
 | atl.cpp:1231:5:1231:12 | CStrBufT | (unsigned char *,int,unsigned long) |  | UTF8_putc | 2 |
-| atl.cpp:1268:5:1268:10 | ComPtr | (const ComPtr &) | ComPtr | ComPtr | 0 |
-| atl.cpp:1269:5:1269:10 | ComPtr | (ComPtr &&) | ComPtr | ComPtr | 0 |
-| atl.cpp:1272:5:1272:10 | ComPtr | (T *) | ComPtr | ComPtr<T> | 0 |
-| atl.cpp:1283:13:1283:18 | CopyTo | (T **) | ComPtr<T> | CopyTo | 0 |
-| atl.cpp:1285:13:1285:18 | CopyTo | (Curl_easy *,void **) |  | Curl_resolver_init | 1 |
-| atl.cpp:1285:13:1285:18 | CopyTo | (REFIID,void **) | ComPtr | CopyTo | 0 |
-| atl.cpp:1285:13:1285:18 | CopyTo | (REFIID,void **) | ComPtr | CopyTo | 1 |
-| atl.cpp:1285:13:1285:18 | CopyTo | (size_t,void **) |  | __libc_alloc_buffer_allocate | 1 |
-| atl.cpp:1288:13:1288:18 | CopyTo | (T **) | ComPtr | CopyTo<T> | 0 |
+| atl.cpp:1286:5:1286:10 | ComPtr | (const ComPtr &) | ComPtr | ComPtr | 0 |
+| atl.cpp:1286:5:1286:10 | ComPtr | (const ComPtr &) | ComPtr | operator= | 0 |
+| atl.cpp:1287:5:1287:10 | ComPtr | (ComPtr &&) | ComPtr | ComPtr | 0 |
+| atl.cpp:1287:5:1287:10 | ComPtr | (ComPtr &&) | ComPtr | operator= | 0 |
+| atl.cpp:1290:5:1290:10 | ComPtr | (T *) | ComPtr | ComPtr<T> | 0 |
+| atl.cpp:1290:5:1290:10 | ComPtr | (T *) | ComPtr | ComPtr<T> | 0 |
+| atl.cpp:1290:5:1290:10 | ComPtr | (U *) | ComPtr | operator=<U> | 0 |
+| atl.cpp:1290:5:1290:10 | ComPtr | (U *) | ComPtr | operator=<U> | 0 |
+| atl.cpp:1301:13:1301:18 | CopyTo | (T **) | ComPtr<T> | CopyTo | 0 |
+| atl.cpp:1303:13:1303:18 | CopyTo | (Curl_easy *,void **) |  | Curl_resolver_init | 1 |
+| atl.cpp:1303:13:1303:18 | CopyTo | (REFIID,void **) | ComPtr | CopyTo | 0 |
+| atl.cpp:1303:13:1303:18 | CopyTo | (REFIID,void **) | ComPtr | CopyTo | 1 |
+| atl.cpp:1303:13:1303:18 | CopyTo | (size_t,void **) |  | __libc_alloc_buffer_allocate | 1 |
+| atl.cpp:1306:13:1306:18 | CopyTo | (T **) | ComPtr | CopyTo<T> | 0 |
+| atl.cpp:1328:13:1328:21 | operator= | (T *) | ComPtr<T> | operator= | 0 |
+| atl.cpp:1330:13:1330:21 | operator= | (T *) | ComPtr | ComPtr<T> | 0 |
+| atl.cpp:1330:13:1330:21 | operator= | (U *) | ComPtr | operator=<U> | 0 |
+| atl.cpp:1331:13:1331:21 | operator= | (const ComPtr &) | ComPtr | ComPtr | 0 |
+| atl.cpp:1331:13:1331:21 | operator= | (const ComPtr &) | ComPtr | operator= | 0 |
+| atl.cpp:1333:13:1333:21 | operator= | (const ComPtr &) | ComPtr | ComPtr | 0 |
+| atl.cpp:1333:13:1333:21 | operator= | (const ComPtr &) | ComPtr | operator= | 0 |
+| atl.cpp:1334:13:1334:21 | operator= | (ComPtr &&) | ComPtr | ComPtr | 0 |
+| atl.cpp:1334:13:1334:21 | operator= | (ComPtr &&) | ComPtr | operator= | 0 |
+| atl.cpp:1336:13:1336:21 | operator= | (ComPtr &&) | ComPtr | ComPtr | 0 |
+| atl.cpp:1336:13:1336:21 | operator= | (ComPtr &&) | ComPtr | operator= | 0 |
 | bsd.cpp:12:5:12:10 | accept | (CURLM *,curl_socket_t,int *) |  | curl_multi_socket | 2 |
 | bsd.cpp:12:5:12:10 | accept | (Curl_easy *,ssize_t *,int *) |  | Curl_GetFTPResponse | 2 |
 | bsd.cpp:12:5:12:10 | accept | (EVP_CIPHER_CTX *,unsigned char *,int *) |  | EVP_CipherFinal | 2 |
@@ -9395,6 +9411,8 @@ signatureMatches
 | stl.h:333:42:333:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert<InputIt> | 2 |
 | stl.h:333:42:333:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert<InputIt> | 2 |
 | stl.h:335:37:335:43 | emplace | (format_string,Args &&) |  | format<Args> | 1 |
+| stl.h:351:12:351:21 | shared_ptr | (T *) | ComPtr<T> | operator= | 0 |
+| stl.h:369:12:369:21 | unique_ptr | (T *) | ComPtr<T> | operator= | 0 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
 | stl.h:396:3:396:3 | pair | (const deque &,const Allocator &) | deque<T,Allocator> | deque | 1 |
@@ -21760,6 +21778,7 @@ getSignatureParameterName
 | (CURLU *,const char *,char **,OperationConfig *) |  | ipfs_url_rewrite | 2 | char ** |
 | (CURLU *,const char *,char **,OperationConfig *) |  | ipfs_url_rewrite | 3 | OperationConfig * |
 | (ComPtr &&) | ComPtr | ComPtr | 0 | ComPtr && |
+| (ComPtr &&) | ComPtr | operator= | 0 | ComPtr && |
 | (CompoundDictionary *,const PreparedDictionary *) |  | AttachPreparedDictionary | 0 | CompoundDictionary * |
 | (CompoundDictionary *,const PreparedDictionary *) |  | AttachPreparedDictionary | 1 | const PreparedDictionary * |
 | (Curl_cfilter *) |  | Curl_conn_cf_is_ssl | 0 | Curl_cfilter * |
@@ -30176,6 +30195,7 @@ getSignatureParameterName
 | (Strtab *,size_t *) |  | strtabfinalize | 0 | Strtab * |
 | (Strtab *,size_t *) |  | strtabfinalize | 1 | size_t * |
 | (T *) | ComPtr | ComPtr<T> | 0 | func:0 * |
+| (T *) | ComPtr<T> | operator= | 0 | class:0 * |
 | (T **) | ComPtr | CopyTo<T> | 0 | func:0 ** |
 | (T **) | ComPtr<T> | CopyTo | 0 | class:0 ** |
 | (TLS_FEATURE *) |  | TLS_FEATURE_free | 0 | TLS_FEATURE * |
@@ -30370,6 +30390,7 @@ getSignatureParameterName
 | (TXT_DB *,int,..(*)(..),OPENSSL_LH_HASHFUNC,OPENSSL_LH_COMPFUNC) |  | TXT_DB_create_index | 2 | ..(*)(..) |
 | (TXT_DB *,int,..(*)(..),OPENSSL_LH_HASHFUNC,OPENSSL_LH_COMPFUNC) |  | TXT_DB_create_index | 3 | OPENSSL_LH_HASHFUNC |
 | (TXT_DB *,int,..(*)(..),OPENSSL_LH_HASHFUNC,OPENSSL_LH_COMPFUNC) |  | TXT_DB_create_index | 4 | OPENSSL_LH_COMPFUNC |
+| (U *) | ComPtr | operator=<U> | 0 | func:0 * |
 | (UI *) |  | UI_get0_user_data | 0 | UI * |
 | (UI *) |  | UI_get_method | 0 | UI * |
 | (UI *,UI_STRING *,const char *) |  | UI_set_result | 0 | UI * |
@@ -33321,6 +33342,7 @@ getSignatureParameterName
 | (const CURLU *,CURLUPart,char **,unsigned int) |  | curl_url_get | 2 | char ** |
 | (const CURLU *,CURLUPart,char **,unsigned int) |  | curl_url_get | 3 | unsigned int |
 | (const ComPtr &) | ComPtr | ComPtr | 0 | const ComPtr & |
+| (const ComPtr &) | ComPtr | operator= | 0 | const ComPtr & |
 | (const Command *,const size_t,const BlockSplit *,const BlockSplit *,const BlockSplit *,const uint8_t *,size_t,size_t,uint8_t,uint8_t,const ContextType *,HistogramLiteral *,HistogramCommand *,HistogramDistance *) |  | BrotliBuildHistogramsWithContext | 0 | const Command * |
 | (const Command *,const size_t,const BlockSplit *,const BlockSplit *,const BlockSplit *,const uint8_t *,size_t,size_t,uint8_t,uint8_t,const ContextType *,HistogramLiteral *,HistogramCommand *,HistogramDistance *) |  | BrotliBuildHistogramsWithContext | 1 | const size_t |
 | (const Command *,const size_t,const BlockSplit *,const BlockSplit *,const BlockSplit *,const uint8_t *,size_t,size_t,uint8_t,uint8_t,const ContextType *,HistogramLiteral *,HistogramCommand *,HistogramDistance *) |  | BrotliBuildHistogramsWithContext | 2 | const BlockSplit * |
@@ -46420,18 +46442,27 @@ getParameterTypeName
 | atl.cpp:1231:5:1231:12 | CStrBufT | 1 | int |
 | atl.cpp:1231:5:1231:12 | CStrBufT | 2 | DWORD |
 | atl.cpp:1231:5:1231:12 | CStrBufT | 2 | unsigned long |
-| atl.cpp:1268:5:1268:10 | ComPtr | 0 | const ComPtr & |
-| atl.cpp:1269:5:1269:10 | ComPtr | 0 | ComPtr && |
-| atl.cpp:1272:5:1272:10 | ComPtr | 0 | func:0 * |
-| atl.cpp:1277:13:1277:14 | As | 0 | ComPtr * |
-| atl.cpp:1283:13:1283:18 | CopyTo | 0 | Interfaceclass:0ype ** |
-| atl.cpp:1283:13:1283:18 | CopyTo | 0 | class:0 ** |
-| atl.cpp:1285:13:1285:18 | CopyTo | 0 | GUID * |
-| atl.cpp:1285:13:1285:18 | CopyTo | 0 | REFIID |
-| atl.cpp:1285:13:1285:18 | CopyTo | 1 | void ** |
-| atl.cpp:1288:13:1288:18 | CopyTo | 0 | func:0 ** |
-| atl.cpp:1303:10:1303:13 | Swap | 0 | ComPtr & |
-| atl.cpp:1310:25:1310:28 | move | 0 | func:0 & |
+| atl.cpp:1286:5:1286:10 | ComPtr | 0 | const ComPtr & |
+| atl.cpp:1287:5:1287:10 | ComPtr | 0 | ComPtr && |
+| atl.cpp:1290:5:1290:10 | ComPtr | 0 | func:0 * |
+| atl.cpp:1290:5:1290:10 | ComPtr | 0 | func:0 * |
+| atl.cpp:1295:13:1295:14 | As | 0 | ComPtr * |
+| atl.cpp:1301:13:1301:18 | CopyTo | 0 | Interfaceclass:0ype ** |
+| atl.cpp:1301:13:1301:18 | CopyTo | 0 | class:0 ** |
+| atl.cpp:1303:13:1303:18 | CopyTo | 0 | GUID * |
+| atl.cpp:1303:13:1303:18 | CopyTo | 0 | REFIID |
+| atl.cpp:1303:13:1303:18 | CopyTo | 1 | void ** |
+| atl.cpp:1306:13:1306:18 | CopyTo | 0 | func:0 ** |
+| atl.cpp:1321:10:1321:13 | Swap | 0 | ComPtr & |
+| atl.cpp:1328:13:1328:21 | operator= | 0 | class:0 * |
+| atl.cpp:1330:13:1330:21 | operator= | 0 | func:0 * |
+| atl.cpp:1331:13:1331:21 | operator= | 0 | const ComPtr & |
+| atl.cpp:1333:13:1333:21 | operator= | 0 | const ComPtr & |
+| atl.cpp:1334:13:1334:21 | operator= | 0 | ComPtr && |
+| atl.cpp:1336:13:1336:21 | operator= | 0 | ComPtr && |
+| atl.cpp:1343:25:1343:28 | move | 0 | func:0 & |
+| atl.cpp:1415:8:1415:8 | operator= | 0 | S && |
+| atl.cpp:1415:8:1415:8 | operator= | 0 | const S & |
 | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & |
 | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && |
 | bsd.cpp:12:5:12:10 | accept | 0 | int |