From 59f2c7518653a813f7fab3c992533ba047633933 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 22 Mar 2023 14:53:37 +0000
Subject: [PATCH] C++: bool -> int conversions are safe conversions.

---
 .../semmle/code/cpp/semantic/SemanticType.qll        | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll
index ce3f4ed90b4..b86db02702c 100644
--- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll
@@ -250,16 +250,26 @@ SemType getSemanticType(Specific::Type type) {
   Specific::unknownType(type) and result = TSemUnknownType()
 }
 
+private class SemNumericOrBooleanType extends SemSizedType {
+  SemNumericOrBooleanType() {
+    this instanceof SemNumericType
+    or
+    this instanceof SemBooleanType
+  }
+}
+
 /**
  * Holds if the conversion from `fromType` to `toType` can never overflow or underflow.
  */
-predicate conversionCannotOverflow(SemNumericType fromType, SemNumericType toType) {
+predicate conversionCannotOverflow(SemNumericOrBooleanType fromType, SemNumericOrBooleanType toType) {
   // Identity cast
   fromType = toType
   or
   // Treat any cast to an FP type as safe. It can lose precision, but not overflow.
   toType instanceof SemFloatingPointType and fromType = any(SemNumericType n)
   or
+  fromType instanceof SemBooleanType and toType instanceof SemIntegerType
+  or
   exists(SemIntegerType fromInteger, SemIntegerType toInteger, int fromSize, int toSize |
     fromInteger = fromType and
     toInteger = toType and