From 369cee9ed9ebc2c4f8a74a14874b43a93ed82e46 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 21 Jul 2023 09:32:14 +0100 Subject: [PATCH] Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- .../InvalidPointerDereference/InvalidPointerToDereference.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll index a3420026971..67695f73e81 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll @@ -21,7 +21,7 @@ * actually being dereferenced. We do this using a regular dataflow configuration (see `InvalidPointerToDerefConfig`). * * This dataflow traversal defines the set of sources as any dataflow node that is non-strictly upper-bounded by the - * pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. (TOOD: I'm pretty sure this is incorrect, + * pointer-arithmetic instruction identified by `AllocationToInvalidPointer.qll`. (TODO: I'm pretty sure this is incorrect, * and we should define the set of sources as anything that is non-strictly _lower_ bounded by the pointer-arithmetic * instruction). That is, the set of sources is any dataflow node `source` such that `source.asInstruction <= pai + delta1` * for some `delta1 >= 0`.