CPP: Fix over-enthusiastic dataflow in allocExprOrIndirect.

2026-04-29 18:55:14 +02:00 · 2019-03-19 17:57:30 +00:00
parent ea7e8927fe
commit 7d8886e30c
3 changed files with 7 additions and 5 deletions
--- a/cpp/ql/src/Critical/NewDelete.qll
+++ b/cpp/ql/src/Critical/NewDelete.qll
@@ -46,7 +46,11 @@ predicate allocExprOrIndirect(Expr alloc, string kind) {
    alloc.(FunctionCall).getTarget() = rtn.getEnclosingFunction() and
    (
      allocExprOrIndirect(rtn.getExpr(), kind) or
-      allocReaches0(rtn.getExpr(), _, kind)
+      exists(SsaDefinition def, LocalScopeVariable v |
+        // alloc via SSA
+        allocExprOrIndirect(def.getAnUltimateDefiningValue(v), kind) and
+        rtn.getExpr() = def.getAUse(v)
+      )
    )
  )
 }