mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
1b1095ee75
Flow from a definition by reference of a field into its object was working inconsistently and in a very syntax-dependent way. For a function `f` receiving a reference, `f(a->x)` could propagate data back to `a` via the _reverse read_ mechanism in the shared data-flow library, but for a function `g` receiving a pointer, `g(&a->x)` would not work. And `f((*a).x)` would not work either. In all cases, the issue was that the shared data-flow library propagates data backwards between `PostUpdateNode`s only, but there is no `PostUpdateNode` for `a->x` in `g(&a->x)`. This pull request inserts such post-update nodes where appropriate and links them to their neighbors. In this exapmle, flow back from the output parameter of `g` passes first to the `PostUpdateNode` of `&`, then to the (new) `PostUpdateNode` of `a->x`, and finally, as a _reverse read_ with the appropriate field projection, to `a`.
6 lines
191 B
Plaintext
6 lines
191 B
Plaintext
import semmle.code.cpp.dataflow.internal.FlowVar
|
|
|
|
from PartialDefinition def
|
|
select def.getActualLocation().toString(), "partial def of " + def.toString(), def,
|
|
def.getSubBasicBlockStart()
|