C++: Consider ArrayExpr with non-constant size expressions as BufferAccesses

Author: Gulshan Singh

cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll

@@ -314,9 +314,8 @@ class FreadBA extends BufferAccess {
  * but not:
  *  &buffer[ix]
  */
-class ArrayExprBA extends BufferAccess {
+class ArrayExprBA extends BufferAccess, ArrayExpr {
   ArrayExprBA() {
-    exists(this.(ArrayExpr).getArrayOffset().getValue().toInt()) and
     not exists(AddressOfExpr aoe | aoe.getAChild() = this) and
     // exclude accesses in macro implementation of `strcmp`,
     // which are carefully controlled but can look dangerous.