From aed3ef4cde3fe706c8040a5a545926c7091dbda8 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Mon, 24 Aug 2020 16:13:06 +0100
Subject: [PATCH] Improve performance of new barrier guard

Some projects on lgtm were taking >1 hour, and with this commit they take
<10 minutes
---
 .../semmle/go/security/AllocationSizeOverflowCustomizations.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
index 1b7bd4bfdb9..f99851a3504 100644
--- a/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
+++ b/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
@@ -75,7 +75,7 @@ module AllocationSizeOverflow {
   /** A check of the allocation size, acting as a guard to prevent allocation-size overflow. */
   class AllocationSizeCheck extends DataFlow::BarrierGuard, DataFlow::RelationalComparisonNode {
     override predicate checks(Expr e, boolean branch) {
-      exists(DataFlow::Node lesser | this.leq(branch, lesser, _, _) |
+      exists(DataFlow::Node lesser | this.leq(branch, lesser, _, _) and not lesser.isConst() |
         globalValueNumber(DataFlow::exprNode(e)) = globalValueNumber(lesser)
       )
     }