hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix flow from this by ref.

Browse Source
This commit is contained in:
Jonas Jensen
2019-09-09 09:54:35 +02:00
parent 08b63d4342
commit 10b69358ae
3 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
View File

@@ -19,6 +19,12 @@ private newtype TNode =
TInstanceParameterNode(MemberFunction f) { exists(f.getBlock()) and not f.isStatic() } or
TPreConstructorInitThis(ConstructorFieldInit cfi) or
TPostConstructorInitThis(ConstructorFieldInit cfi) or
TThisArgumentPostUpdate(ThisExpr ta) {
exists(Call c, int i |
ta = c.getArgument(i) and
not c.getTarget().getParameter(i).getUnderlyingType().(PointerType).getBaseType().isConst()
)
} or
TUninitializedNode(LocalVariable v) { not v.hasInitializer() }
/**
@@ -282,6 +288,16 @@ private class PartialDefinitionNode extends PostUpdateNode, TPartialDefinitionNo
override string toString() { result = getPreUpdateNode().toString() + " [post update]" }
}
private class ThisArgumentPostUpdateNode extends PostUpdateNode, TThisArgumentPostUpdate {
ThisExpr thisExpr;
ThisArgumentPostUpdateNode() { this = TThisArgumentPostUpdate(thisExpr) }
override Node getPreUpdateNode() { result.asExpr() = thisExpr }
override string toString() { result = "ref arg this" }
}
/**
* A node representing the temporary value of an object that was just
* constructed by a constructor call or an aggregate initializer. This is only