C++: only use upperbound if there are no overflows in the guard

andersfugmann · andersfugmann · commit 3437cf290950 · 2021-09-24T11:46:58.000+02:00
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
@@ -1549,7 +1549,8 @@ private float getGuardedUpperBound(VariableAccess guardedAccess) {
     // that there is one predecessor, albeit somewhat conservative.
     exists(unique(BasicBlock b | b = def.(BasicBlock).getAPredecessor())) and
     guardedAccess = def.getAUse(v) and
-    result = max(float ub | upperBoundFromGuard(guard, guardVa, ub, branch))
+    result = max(float ub | upperBoundFromGuard(guard, guardVa, ub, branch)) and
+    not exists(Expr e | e = guard.getAChild+() | convertedExprMightOverflow(e))
   )
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1549,7 +1549,8 @@ private float getGuardedUpperBound(VariableAccess guardedAccess) {`
`1549`	`1549`	`// that there is one predecessor, albeit somewhat conservative.`
`1550`	`1550`	`exists(unique(BasicBlock b \| b = def.(BasicBlock).getAPredecessor())) and`
`1551`	`1551`	`guardedAccess = def.getAUse(v) and`
`1552`		`- result = max(float ub \| upperBoundFromGuard(guard, guardVa, ub, branch))`
	`1552`	`+ result = max(float ub \| upperBoundFromGuard(guard, guardVa, ub, branch)) and`
	`1553`	`+ not exists(Expr e \| e = guard.getAChild+() \| convertedExprMightOverflow(e))`
`1553`	`1554`	`)`
`1554`	`1555`	`}`
`1555`	`1556`