C++: Remove unique-Instruction kludge in ScanfOutput

Passes tests.
2025-12-24 04:36:35 +01:00 · 2022-08-25 14:38:58 +02:00
parent d8800c03b6
commit e39229d59e
1 changed files with 3 additions and 6 deletions
--- a/cpp/ql/src/Critical/MissingCheckScanf.ql
+++ b/cpp/ql/src/Critical/MissingCheckScanf.ql
@@ -25,12 +25,9 @@ class ScanfOutput extends Expr {
  ValueNumber valNum;

  ScanfOutput() {
-    this = call.getOutputArgument(varargIndex) and
-    instr.getUnconvertedResultExpression() = this and
-    valueNumber(instr) = valNum and
-    // The following line is a kludge to prohibit more than one associated `instr` field,
-    // as would occur, for example, when `this` is an access to an array variable.
-    not instr instanceof ConvertInstruction
+    this = call.getOutputArgument(varargIndex).getFullyConverted() and
+    instr.getConvertedResultExpression() = this and
+    valueNumber(instr) = valNum
  }

  ScanfFunctionCall getCall() { result = call }