CPP: Don't require alloc in memberMayBeVarSize.

2026-04-28 02:05:14 +02:00 · 2018-10-25 14:54:12 +01:00
parent 035823cff0
commit 2dcec4dce3
1 changed files with 4 additions and 5 deletions
--- a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
+++ b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
@@ -34,13 +34,12 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {
      // `sizeof(c)` is taken
      so.(SizeofTypeOperator).getTypeOperand().getUnspecifiedType() = c or
      so.(SizeofExprOperator).getExprOperand().getType().getUnspecifiedType() = c |
-      // Check all ancestor nodes except the immediate parent for
-      // allocations.
-      isStdLibAllocationExpr(so.getParent().(Expr).getParent+())
+
+      // arithmetic is performed on the result
+      so.getParent*() instanceof BinaryArithmeticOperation
    ) or exists(AddressOfExpr aoe |
      // `&(c.v)` is taken
-      aoe.getAddressable() = v and
-      isStdLibAllocationExpr(aoe.getParent().(Expr).getParent+())
+      aoe.getAddressable() = v
    )
  )
 }