Merge pull request #12752 from gsingh93/buffer-access-array-expr

C++: Consider ArrayExpr with non-constant size expressions as a BufferAccess
2025-12-24 12:46:34 +01:00 · 2023-04-14 15:31:20 +01:00
parent 4bca9511cd 56dc2a4d4e
commit ba982e2f85
1 changed files with 1 additions and 2 deletions
--- a/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll
@@ -314,9 +314,8 @@ class FreadBA extends BufferAccess {
 * but not:
 *  &buffer[ix]
 */
-class ArrayExprBA extends BufferAccess {
+class ArrayExprBA extends BufferAccess, ArrayExpr {
  ArrayExprBA() {
-    exists(this.(ArrayExpr).getArrayOffset().getValue().toInt()) and
    not exists(AddressOfExpr aoe | aoe.getAChild() = this) and
    // exclude accesses in macro implementation of `strcmp`,
    // which are carefully controlled but can look dangerous.