Merge pull request github#13515 from MathiasVP/dataflow-fix-for-self-iterators

C++: Dataflow fix for the self-iterators issue

Author: rdmarsh2

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll

@@ -117,6 +117,16 @@ private int countIndirections(Type t) {
   else (
     result = any(Indirection ind | ind.getType() = t).getNumberOfIndirections()
     or
+    // If there is an indirection for the type, but we cannot count the number of indirections
+    // it means we couldn't reach a non-indirection type by stripping off indirections. This
+    // can occur if an iterator specifies itself as the value type. In this case we default to
+    // 1 indirection fore the type.
+    exists(Indirection ind |
+      ind.getType() = t and
+      not exists(ind.getNumberOfIndirections()) and
+      result = 1
+    )
+    or
     not exists(Indirection ind | ind.getType() = t) and
     result = 0
   )

cpp/ql/test/library-tests/dataflow/dataflow-tests/self-Iterator.cpp

@@ -0,0 +1,21 @@
+#include "../../../include/iterator.h"
+int source();
+
+template<typename T>
+void sink(T);
+
+template<> struct std::iterator_traits<unsigned long>
+{   // get traits from integer type
+    typedef std::input_iterator_tag iterator_category;
+    typedef unsigned long value_type;
+    typedef unsigned long difference_type;
+    typedef unsigned long distance_type;
+    typedef unsigned long * pointer;
+    typedef unsigned long& reference;
+};
+
+
+int test() {
+    unsigned long x = source();
+    sink(x); // $ ast ir
+}