From c1f0940b6afc701ece24985129fffd937eaf6b42 Mon Sep 17 00:00:00 2001
From: ihsinme <ihsinme@gmail.com>
Date: Thu, 23 Jun 2022 12:50:59 +0300
Subject: [PATCH] Update
 cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
---
 .../CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql b/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
index fa3a9a1a3fe..9eea998c15a 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
@@ -64,8 +64,8 @@ from FunctionCall fc
 where
   exists(ArrayType array, int bufArgPos, int sizeArgPos |
     numberArgument(fc.getTarget(), bufArgPos, sizeArgPos) and
-    fc.getArgument(sizeArgPos).getValue().toInt() > array.getByteSize() and
-    fc.getArgument(bufArgPos).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
+    fc.getArgument(pragma[only_bind_into](sizeArgPos)).getValue().toInt() > array.getByteSize() and
+    fc.getArgument(pragma[only_bind_into](bufArgPos)).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
   )
 select fc,
   "Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer."