BufferAccess must be reachable. False positives observed where accesses occur in dead code.

bdrodes · bdrodes · commit f0eeaaf44e25 · 2024-09-04T11:16:23.000-04:00
diff --git a/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll b/cpp/ql/lib/semmle/code/cpp/security/BufferAccess.qll
@@ -14,7 +14,11 @@ int getPointedSize(Type t) {
  * BufferWrite differ.
  */
 abstract class BufferAccess extends Expr {
-  BufferAccess() { not this.isUnevaluated() }
+  BufferAccess() { 
+    not this.isUnevaluated() and 
+    //A buffer access must be reachable (not in dead code)
+    reachable(this)
+  }
 
   abstract string getName();
 
