Fix reccomendation for LargeParameter (C++)

The previous reccomentation changed the behaviour of the code. A user following the advice might have broken her/his code: With call-by-value, the original parameter is not changed. With a call-by-reference, however, it may be changed. To be sure, nothing breaks by blindly following the advice, suggest to pass a const reference.
2026-04-26 17:25:19 +02:00 · 2019-02-03 15:44:13 +01:00
parent 6243c722c6
commit ac249cdbbe
2 changed files with 3 additions and 3 deletions
--- a/cpp/ql/src/Critical/LargeParameter.cpp
+++ b/cpp/ql/src/Critical/LargeParameter.cpp
@@ -8,6 +8,6 @@ int doFoo(Names n) { //wrong: n is passed by value (meaning the entire structure
    ...
 }

-int doBar(Names &n) { //better, only a reference is passed
+int doBar(const Names &n) { //better, only a reference is passed
    ...
 }
--- a/cpp/ql/src/Critical/LargeParameter.ql
+++ b/cpp/ql/src/Critical/LargeParameter.ql
@@ -1,6 +1,6 @@
 /**
 * @name Large object passed by value
- * @description An object larger than 64 bytes is passed by value to a function. Passing large objects by value unnecessarily use up scarce stack space, increase the cost of calling a function and can be a security risk. Use a pointer to the object instead.
+ * @description An object larger than 64 bytes is passed by value to a function. Passing large objects by value unnecessarily use up scarce stack space, increase the cost of calling a function and can be a security risk. Use a const pointer to the object instead.
 * @kind problem
 * @problem.severity warning
 * @precision high
@@ -20,5 +20,5 @@ where f.getAParameter() = p
  and not t.getUnderlyingType() instanceof ArrayType
  and not f instanceof CopyAssignmentOperator
 select
-  p, "This parameter of type $@ is " + size.toString() + " bytes - consider passing a pointer/reference instead.",
+  p, "This parameter of type $@ is " + size.toString() + " bytes - consider passing a const pointer/reference instead.",
  t, t.toString()