diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
index fb664a0c364..684b93c231b 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
@@ -78,7 +78,7 @@ predicate isInvalidPointerDerefSink2(DataFlow::Node sink, Instruction i, string
   )
 }
 
-predicate pointerArithOverflow(
+predicate pointerArithOverflow0(
   PointerArithmeticInstruction pai, Field f, int size, int bound, int delta
 ) {
   pai.getElementSize() = f.getUnspecifiedType().(ArrayType).getBaseType().getSize() and
@@ -89,7 +89,7 @@ predicate pointerArithOverflow(
 
 module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
-    pointerArithOverflow(source.asInstruction(), _, _, _, _)
+    pointerArithOverflow0(source.asInstruction(), _, _, _, _)
   }
 
   predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink1(sink, _, _) }
@@ -97,6 +97,13 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig {
 
 module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefConfig>;
 
+predicate pointerArithOverflow(
+  PointerArithmeticInstruction pai, Field f, int size, int bound, int delta
+) {
+  pointerArithOverflow0(pai, f, size, bound, delta) and
+  PointerArithmeticToDerefFlow::flow(DataFlow::instructionNode(pai), _)
+}
+
 module FieldAddressToDerefConfig implements DataFlow::StateConfigSig {
   newtype FlowState =
     additional TArray(Field f) { pointerArithOverflow(_, f, _, _, _) } or