diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll index e026c4dbe4b..093d03ee002 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll @@ -412,7 +412,7 @@ private predicate boundFlowStepPhi( or exists(IRGuardCondition guard, boolean testIsTrue | guard = boundFlowCond(valueNumberOfOperand(op2), op1, delta, upper, testIsTrue) and - guard.controlsEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and + guard.controlsBranchEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll index 224f968ce69..242c023118f 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll @@ -259,7 +259,7 @@ module SemanticExprConfig { } predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) { - guard.controlsEdge(bb1, bb2, branch) + guard.controlsBranchEdge(bb1, bb2, branch) } Guard comparisonGuard(Expr e) { getSemanticExpr(result) = e } diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 17c1b09c3e6..36f4522b56c 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -26,13 +26,13 @@ predicate isFlowSource(FS::FlowSource source, string sourceType) { predicate guardChecks(IRGuardCondition g, Expr e, boolean branch) { exists(Operand op | op.getDef().getConvertedResultExpression() = e | // `op < k` is true and `k > 0` - g.comparesLt(op, any(int k | k > 0), true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesLt(op, any(int k | k > 0), true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // `op < _ + k` is true and `k > 0`. g.comparesLt(op, _, any(int k | k > 0), true, branch) or // op == k - g.comparesEq(op, _, true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesEq(op, _, true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // op == _ + k g.comparesEq(op, _, _, true, branch)