From e39229d59ee46e5b5d636388316f31cf7fa0404d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Thu, 25 Aug 2022 14:38:58 +0200
Subject: [PATCH] C++: Remove unique-Instruction kludge in ScanfOutput

Passes tests.
---
 cpp/ql/src/Critical/MissingCheckScanf.ql | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/cpp/ql/src/Critical/MissingCheckScanf.ql b/cpp/ql/src/Critical/MissingCheckScanf.ql
index 150ba21e468..4a43340db68 100644
--- a/cpp/ql/src/Critical/MissingCheckScanf.ql
+++ b/cpp/ql/src/Critical/MissingCheckScanf.ql
@@ -25,12 +25,9 @@ class ScanfOutput extends Expr {
   ValueNumber valNum;
 
   ScanfOutput() {
-    this = call.getOutputArgument(varargIndex) and
-    instr.getUnconvertedResultExpression() = this and
-    valueNumber(instr) = valNum and
-    // The following line is a kludge to prohibit more than one associated `instr` field,
-    // as would occur, for example, when `this` is an access to an array variable.
-    not instr instanceof ConvertInstruction
+    this = call.getOutputArgument(varargIndex).getFullyConverted() and
+    instr.getConvertedResultExpression() = this and
+    valueNumber(instr) = valNum
   }
 
   ScanfFunctionCall getCall() { result = call }