Merge pull request #15463 from microsoft/42-false-positive-cpp-uninitializedlocal

False positive fix for cpp/uninitialized-local
2026-04-26 09:15:12 +02:00 · 2024-01-31 09:31:31 +00:00
parent a298a395e6 1a044fbbde
commit 4b5a203b46
3 changed files with 19 additions and 0 deletions
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@@ -56,6 +56,8 @@ VariableAccess commonException() {
  // Finally, exclude functions that contain assembly blocks. It's
  // anyone's guess what happens in those.
  containsInlineAssembly(result.getEnclosingFunction())
+  or
+  exists(Call c | c.getQualifier() = result | c.getTarget().isStatic())
 }

 predicate isSinkImpl(Instruction sink, VariableAccess va) {
--- a/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md
+++ b/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
+* ```
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
@@ -532,4 +532,16 @@ int non_exhaustive_switch_2(State s) {
 		return y; // GOOD (y is not initialized when s = StateC, but if s = StateC we won't reach this point)
 	}
 	return 0;
+}
+
+class StaticMethodClass{
+    public:
+    static int get(){
+        return 1;
+    }
+};
+
+int static_method_false_positive(){
+    StaticMethodClass *t;
+	int i = t->get(); // GOOD: the `get` method is static and this is equivalent to StaticMethodClass::get()
 }