Merge pull request #18222 from github/calumgrant/bmn/badly-bounded-write

C++: Fix FPs in cpp/badly-bounded-write caused by extraction errors
2026-04-26 09:15:12 +02:00 · 2024-12-06 19:50:06 +01:00
parent fa123a7215 e98129c402
commit ee8ce1c84d
3 changed files with 17 additions and 1 deletions
--- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -25,7 +25,8 @@ from BufferWrite bw, int destSize
 where
  bw.hasExplicitLimit() and // has an explicit size limit
  destSize = max(getBufferSize(bw.getDest(), _)) and
-  bw.getExplicitLimit() > destSize // but it's larger than the destination
+  bw.getExplicitLimit() > destSize and // but it's larger than the destination
+  not bw.getDest().getType().stripType() instanceof ErroneousType // destSize may be incorrect
 select bw,
  "This '" + bw.getBWDesc() + "' operation is limited to " + bw.getExplicitLimit() +
    " bytes but the destination is only " + destSize + " bytes."
--- a/cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md
+++ b/cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer.