File tree 1 file changed +13
-0
lines changed
cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference
1 file changed +13
-0
lines changed Original file line number Diff line number Diff line change @@ -291,6 +291,19 @@ private module Config implements ProductFlow::StateConfigSig {
291291 }
292292
293293 predicate isBarrier2 ( DataFlow:: Node node ) {
294+ // Block flow from `*p` to `*(p + n)` when `n` is not `0`. This removes
295+ // false positives
296+ // when tracking the size of the allocation as an element of an array such
297+ // as:
298+ // ```
299+ // size_t* p = new size_t[n];
300+ // ...
301+ // p[0] = n;
302+ // int i = p[1];
303+ // p[i] = ...
304+ // ```
305+ // In the above case, this barrier blocks flow from the indirect node
306+ // for `p` to `p[1]`.
294307 exists ( Operand operand , PointerAddInstruction add |
295308 node .( IndirectOperand ) .hasOperandAndIndirectionIndex ( operand , _) and
296309 add .getLeftOperand ( ) = operand and
You can’t perform that action at this time.
0 commit comments