mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
39911af56b
Flow through partial chi-instruction operands was introduced to make definition-by-reference work, but its implementation also allowed all other partial writes to propagate. In particular, tainting a field would taint the whole struct, which in turn led to taint propagating across unrelated fields of a struct. The security test `CWE-134/semmle/argv/argvLocal.c` shows that we also want to propagate taint from an array element to the whole array, and it also seems right to propagate taint from a union member to the whole union.