Merge pull request #5496 from MathiasVP/accept-model-getParameterSizeIndex-should-be-none

C++: Don't override getParameterSizeIndex in Accept

cpp/ql/src/semmle/code/cpp/models/implementations/Accept.qll

@@ -15,9 +15,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
 private class Accept extends ArrayFunction, AliasFunction, TaintFunction, SideEffectFunction {
   Accept() { this.hasGlobalName(["accept", "accept4", "WSAAccept"]) }
 
-  override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
-    bufParam = 1 and countParam = 2
-  }
+  override predicate hasArrayWithUnknownSize(int bufParam) { bufParam = 1 }
 
   override predicate hasArrayInput(int bufParam) { bufParam = 1 }
 
@@ -46,8 +44,8 @@ private class Accept extends ArrayFunction, AliasFunction, TaintFunction, SideEf
     i = 1 and buffer = false
   }
 
-  override ParameterIndex getParameterSizeIndex(ParameterIndex i) { i = 1 and result = 2 }
-
+  // NOTE: The size parameter is a pointer to the size. So we can't implement `getParameterSizeIndex` for
+  // this model.
   // NOTE: We implement thse two predicates as none because we can't model the low-level changes made to
   // the structure pointed to by the file-descriptor argument.
   override predicate hasOnlySpecificReadSideEffects() { none() }

cpp/ql/test/library-tests/dataflow/taint-tests/bsd.cpp

@@ -19,6 +19,6 @@ void test_accept() {
   int size = sizeof(sockaddr);
   int a = accept(s, &addr, &size);
 
-  sink(a); // $ ast=17:11 SPURIOUS: ast=18:12 MISSING: ir
-  sink(addr); // $ ast MISSING: ir
+  sink(a); // $ ast=17:11 ir SPURIOUS: ast=18:12
+  sink(addr); // $ ast,ir
 }

cpp/ql/test/library-tests/syntax-zoo/modeled-functions.cpp

@@ -0,0 +1,7 @@
+void accept(int arg, char *buf, unsigned long* bufSize);
+
+void testAccept(int socket1, int socket2)
+{
+  char buffer[1024];
+  accept(socket2, 0, 0);
+}