Merge branch 'main' into post-release-prep/codeql-cli-2.14.2

2026-04-28 18:25:24 +02:00 · 2023-08-11 13:54:55 +01:00
parent 432c21d4fb 5161cd1a3c
commit 1213eba630
264 changed files with 8332 additions and 5797 deletions
--- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -24,7 +24,7 @@ import semmle.code.cpp.security.BufferWrite
 from BufferWrite bw, int destSize
 where
  bw.hasExplicitLimit() and // has an explicit size limit
-  destSize = getBufferSize(bw.getDest(), _) and
+  destSize = max(getBufferSize(bw.getDest(), _)) and
  bw.getExplicitLimit() > destSize // but it's larger than the destination
 select bw,
  "This '" + bw.getBWDesc() + "' operation is limited to " + bw.getExplicitLimit() +
--- a/cpp/ql/src/change-notes/2023-08-09-badly-bounded-write.md
+++ b/cpp/ql/src/change-notes/2023-08-09-badly-bounded-write.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.