hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix join in 'cpp/upcast-array-pointer-arithmetic'.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2022-11-18 10:19:55 +00:00
parent f1b85d7ebf
commit 1e14af6e64
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
View File

@@ -64,10 +64,15 @@ predicate introducesNewField(Class derived, Class base) {
)
}
from DataFlow::PathNode source, DataFlow::PathNode sink, CastToPointerArithFlow cfg
pragma[nomagic]
predicate hasFullyConvertedType(DataFlow::PathNode node, Type t) {
t = node.getNode().asExpr().getFullyConverted().getUnspecifiedType()
}
from DataFlow::PathNode source, DataFlow::PathNode sink, CastToPointerArithFlow cfg, Type t
where
cfg.hasFlowPath(source, sink) and
source.getNode().asExpr().getFullyConverted().getUnspecifiedType() =
sink.getNode().asExpr().getFullyConverted().getUnspecifiedType()
cfg.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
hasFullyConvertedType(source, t) and
hasFullyConvertedType(sink, t)
select sink, source, sink, "This pointer arithmetic may be done with the wrong type because of $@.",
source, "this cast"