Skip to content

Commit 9324d8f

Browse files
committed
C++: Fix case where implicit downcasts were not detected when using reference
1 parent 8939a9b commit 9324d8f

File tree

3 files changed

+12
-5
lines changed

3 files changed

+12
-5
lines changed

cpp/ql/src/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,16 @@
1313

1414
import cpp
1515

16-
from BitField fi, VariableAccess va
16+
from BitField fi, VariableAccess va, Type fct
1717
where
18-
fi.getNumBits() > va.getFullyConverted().getType().getSize() * 8 and
19-
va.getExplicitlyConverted().getType().getSize() > va.getFullyConverted().getType().getSize() and
18+
(
19+
if va.getFullyConverted().getType() instanceof ReferenceType
20+
then fct = va.getFullyConverted().getType().(ReferenceType).getBaseType()
21+
else fct = va.getFullyConverted().getType()
22+
) and
23+
fi.getNumBits() > fct.getSize() * 8 and
24+
va.getExplicitlyConverted().getType().getSize() > fct.getSize() and
2025
va.getTarget() = fi and
21-
not va.getActualType() instanceof BoolType
26+
not fct.getUnspecifiedType() instanceof BoolType and
27+
any()
2228
select va, "Implicit downcast of bitfield $@", fi, fi.toString()
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
| test.cpp:10:11:10:11 | x | Implicit downcast of bitfield $@ | test.cpp:2:6:2:6 | x | x |
2+
| test.cpp:26:25:26:25 | x | Implicit downcast of bitfield $@ | test.cpp:2:6:2:6 | x | x |

cpp/ql/test/query-tests/Likely Bugs/Conversion/ImplicitDowncastFromBitfield/test.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ short getX5(my_struct m) {
2323
}
2424

2525
const char& getx6(my_struct& m) {
26-
const char& result = m.x; // BAD [NOT DETECTED]
26+
const char& result = m.x; // BAD
2727
return result;
2828
}
2929

0 commit comments

Comments
 (0)