Recognise that a less-than test is as good as a non-equal test for mitigating off-by-one array access

2026-04-25 16:55:19 +02:00 · 2025-09-12 11:46:35 +01:00
parent e8ddac08b7
commit 4fb133a43d
2 changed files with 23 additions and 2 deletions
--- a/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js
+++ b/javascript/ql/test/query-tests/LanguageFeatures/LengthComparisonOffByOne/tst.js
@@ -55,3 +55,11 @@ function badContains(a, elt) {
      return true;
  return false;
 }
+
+// OK - incorrect upper bound, but extra check
+function badContains2(a, elt) {
+  for (let i = 0; i <= a.length; ++i)
+    if (i < a.length && a[i] === elt)
+      return true;
+  return false;
+}