Merge pull request #682 from geoffw0/suspiciousaddsizeof · github/codeql@169bbcd · GitHub
Skip to content

Commit 169bbcd

Browse files
authored
Merge pull request #682 from geoffw0/suspiciousaddsizeof
CPP: Fix false positive in SuspiciousAddWithSizeof.ql
2 parents 0432b01 + bff23f5 commit 169bbcd

4 files changed

Lines changed: 34 additions & 3 deletions

File tree

change-notes/1.20/analysis-cpp.md

Lines changed: 1 addition & 0 deletions

cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,9 @@ import IncorrectPointerScalingCommon
1515

1616
private predicate isCharSzPtrExpr(Expr e) {
1717
exists (PointerType pt
18-
| pt = e.getFullyConverted().getUnderlyingType()
19-
| pt.getBaseType().getUnspecifiedType() instanceof CharType
20-
or pt.getBaseType().getUnspecifiedType() instanceof VoidType)
18+
| pt = e.getFullyConverted().getType().getUnspecifiedType()
19+
| pt.getBaseType() instanceof CharType
20+
or pt.getBaseType() instanceof VoidType)
2121
}
2222

2323
from Expr sizeofExpr, Expr e

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,4 @@
44
| test.cpp:30:25:30:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
55
| test.cpp:38:30:38:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
66
| test.cpp:61:27:61:37 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
7+
| test.cpp:89:43:89:55 | sizeof(MyABC) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is myInt *const. |

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp

Lines changed: 29 additions & 0 deletions

0 commit comments

Comments
 (0)