From 56dc2a4d4e81d6a2ab267c3a99a05c14c7ac8c0f Mon Sep 17 00:00:00 2001 From: Gulshan Singh Date: Mon, 3 Apr 2023 23:11:05 -0700 Subject: [PATCH] C++: Consider ArrayExpr with non-constant size expressions as BufferAccesses --- cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll b/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll index b8c5d67dc05..ad7a72262f5 100644 --- a/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll +++ b/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll @@ -314,9 +314,8 @@ class FreadBA extends BufferAccess { * but not: * &buffer[ix] */ -class ArrayExprBA extends BufferAccess { +class ArrayExprBA extends BufferAccess, ArrayExpr { ArrayExprBA() { - exists(this.(ArrayExpr).getArrayOffset().getValue().toInt()) and not exists(AddressOfExpr aoe | aoe.getAChild() = this) and // exclude accesses in macro implementation of `strcmp`, // which are carefully controlled but can look dangerous.