C++: Another attempt to make the fix more solid. I believe it can't produce negative numbers now.

2026-04-25 16:55:19 +02:00 · 2025-02-28 14:17:43 +00:00
parent 998bec1efb
commit 7169c4be48
1 changed files with 1 additions and 6 deletions
--- a/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
@@ -92,12 +92,7 @@ private int getSize(VariableAccess va) {
      // buffer is `12 - 4 = 8`.
      c = getRootType(va) and
      // we calculate the size based on the last field, to avoid including any padding after it
-      trueSize =
-        max(Field f |
-          f.getDeclaringType*() = c
-        |
-          f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()
-        ) and
+      trueSize = max(Field f | | f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()) and
      result = trueSize - v.(Field).getOffsetInClass(c)
    )
  )