From 3e6ac74d734428fe5782ded38050b51db164460c Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Tue, 2 Nov 2021 13:02:46 +0000
Subject: [PATCH] C++: Add 'InheritanceConversionInstruction' to the list of
 instructions that set 'certain = false' in 'explicitWrite'.

---
 .../semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
index db2204fa9b9..d6db1e8b5fe 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
@@ -315,11 +315,14 @@ predicate explicitWrite(boolean certain, Instruction instr, Instruction address)
   exists(StoreInstruction store |
     store = instr and addressFlowTC(address, store.getDestinationAddress())
   |
+    // Set `certain = false` if the address is derived from any instructions that prevents us from
+    // concluding that the entire variable is overridden.
     if
       addressFlowTC(any(Instruction i |
           i instanceof FieldAddressInstruction or
           i instanceof PointerArithmeticInstruction or
-          i instanceof LoadInstruction
+          i instanceof LoadInstruction or
+          i instanceof InheritanceConversionInstruction
         ), store.getDestinationAddress())
     then certain = false
     else certain = true