Merge pull request #21514 from geoffw0/suspicioussizeof

C++: Fix an issue with cpp/suspicious-add-sizeof in BMN databases
2026-04-24 00:05:14 +02:00 · 2026-03-20 09:41:39 +00:00
parent be746b775b 92c9a8e146
commit 208ae7aa01
5 changed files with 24 additions and 1 deletions
--- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -18,7 +18,8 @@ import IncorrectPointerScalingCommon
 private predicate isCharSzPtrExpr(Expr e) {
  exists(PointerType pt | pt = e.getFullyConverted().getUnspecifiedType() |
    pt.getBaseType() instanceof CharType or
-    pt.getBaseType() instanceof VoidType
+    pt.getBaseType() instanceof VoidType or
+    pt.getBaseType() instanceof ErroneousType // this could be char / void type in a successful compilation
  )
 }

--- a/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md
+++ b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases.