diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql b/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
index fa3a9a1a3fe..9eea998c15a 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
@@ -64,8 +64,8 @@ from FunctionCall fc
 where
   exists(ArrayType array, int bufArgPos, int sizeArgPos |
     numberArgument(fc.getTarget(), bufArgPos, sizeArgPos) and
-    fc.getArgument(sizeArgPos).getValue().toInt() > array.getByteSize() and
-    fc.getArgument(bufArgPos).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
+    fc.getArgument(pragma[only_bind_into](sizeArgPos)).getValue().toInt() > array.getByteSize() and
+    fc.getArgument(pragma[only_bind_into](bufArgPos)).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
   )
 select fc,
   "Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer."