From fdab63fd5fb92b5f56a3da4b206eeb8c68c2a499 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 1 Sep 2025 16:10:32 +0200
Subject: [PATCH] C++: Handle `ArrayExpr`s in `sizeof` VLAs

---
 .../code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
index 463f13f1aee..91377495307 100644
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -4099,6 +4099,8 @@ private VlaDeclStmt getVlaDeclStmt(Expr expr, int pointerDerefCount) {
   pointerDerefCount = 0
   or
   result = getVlaDeclStmt(expr.(PointerDereferenceExpr).getOperand(), pointerDerefCount - 1)
+  or
+  result = getVlaDeclStmt(expr.(ArrayExpr).getArrayBase(), pointerDerefCount - 1)
 }
 
 class TranslatedSizeofExpr extends TranslatedNonConstantExpr {