Missed sink after second class instantiation

[draftyfrog]

Please consider the following code:

 MyClass myVar = new MyClass();
 myVar.myString = source();
 MyClass mySecondVar = new MyClass(); // If this statement is removed, the leak in the next statement is reported correctly
 sink(myVar.myString); // NOT reported by FlowDroid

where public String source() and public void sink(String param) are defined as source and sink respectively in the FlowDroid config and the custom class MyClass looks like this:

class MyClass{
  String myString;
}

As annotated, FlowDroid doesn't report the leak, as long as the second instantiation is present. This is probably linked to #767 as for example adding System.out.println(mySecondVar); between the instantiation of mySecondVar ans the sink call also leads to the leak being correctly reported.

I'm using one of the newest version of FlowDroid: Commit a137b4d and the issue seems to be rather new as well: FlowDroid 2.14.1 correctly detects the leak.

SourcesAndSinks.xml

<sinkSources>
    <category id="NO_CATEGORY" description="no_category">
        <method signature="com.example.testapp.MainActivity: java.lang.String source()">
            <return type="java.lang.String">
                <accessPath isSource="true" isSink="false">

                </accessPath>
            </return>
        </method>
        <method signature="com.example.testapp.MainActivity: void sink(java.lang.String)">
            <param index="0" type="java.lang.String">
                <accessPath isSource="false" isSink="true"/>
            </param>
        </method>
    </category>
</sinkSources>

I call FlowDroid via the command line

java -jar ./soot-infoflow-cmd-a137b4d-jar-with-dependencies.jar \
 -a {path-to-apk} \
 -s ./SourcesAndSinks.xml \
 -o ./out.xml \
 -p {path-to-android-platforms-folder} \
 --mergedexfiles