hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Use variableAccessedAsValue in LargeParameter

Browse Source 
Using `variableAccessedAsValue` fixes a FP because we can now
distinguish modifications to the parameter from modifications to data
_reachable from_ the parameter.
This commit is contained in:
Jonas Jensen
2019-04-25 10:29:56 +02:00
committed by Geoffrey White
parent 60494fd6d5
commit 9d15e67f3c
3 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/Critical/LargeParameter.ql
View File

@@ -22,12 +22,12 @@ where f.getAParameter() = p
and not f instanceof CopyAssignmentOperator
// exception: p is written to, which may mean the copy is intended
and not p.getAnAccess().isAddressOfAccessNonConst()
and not exists(Access a |
a.getTarget() = p and
and not exists(Expr e |
variableAccessedAsValue(p.getAnAccess(), e.getFullyConverted()) and
(
exists(Assignment an | an.getLValue().getAChild*() = a) or
exists(CrementOperation co | co.getOperand().getAChild*() = a) or
exists(FunctionCall fc | fc.getQualifier().getAChild*() = a and not fc.getTarget().hasSpecifier("const"))
exists(Assignment an | an.getLValue() = e) or
exists(CrementOperation co | co.getOperand() = e) or
exists(FunctionCall fc | fc.getQualifier() = e and not fc.getTarget().hasSpecifier("const"))
)
)
// if there's no block, we can't tell how the parameter is used