mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
503cbf13bb
Because `ConstructorFieldInit` (member initializer lists) are not part of the control flow graph, there was no data flow from the initial value of parameters to their uses in member initializers. This commit adds the necessary flow under the assumption that parameters are not overwritten in member initializers.
52 lines
741 B
C++
52 lines
741 B
C++
namespace Constructors
|
|
{
|
|
int user_input()
|
|
{
|
|
return 42;
|
|
}
|
|
|
|
void sink(int x)
|
|
{
|
|
}
|
|
|
|
class Foo
|
|
{
|
|
int a_;
|
|
int b_;
|
|
|
|
public:
|
|
int a() { return a_; }
|
|
int b() { return b_; }
|
|
void setA(int a) { a_ = a; }
|
|
void setB(int b) { b_ = b; }
|
|
|
|
Foo(int a, int b) : a_(a), b_(b){};
|
|
};
|
|
|
|
void bar(Foo &f)
|
|
{
|
|
sink(f.a()); // flow (through `f` and `h`)
|
|
sink(f.b()); // flow (through `g` and `h`)
|
|
}
|
|
|
|
void foo()
|
|
{
|
|
Foo f(user_input(), 0);
|
|
Foo g(0, user_input());
|
|
Foo h(user_input(), user_input());
|
|
Foo i(0, 0);
|
|
|
|
// Only a() should alert
|
|
bar(f);
|
|
|
|
// Only b() should alert
|
|
bar(g);
|
|
|
|
// Both a() and b() should alert
|
|
bar(h);
|
|
|
|
// Nothing should alert
|
|
bar(i);
|
|
}
|
|
}; // namespace Constructors
|