CPP: Fix the issue.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql

@@ -34,7 +34,6 @@ private Type baseType(Type t) {
   )
   // Make sure that the type has a size and that it isn't ambiguous.  
   and strictcount(result.getSize()) = 1
-    
 }
 
 /**
@@ -98,6 +97,7 @@ predicate defSourceType(SsaDefinition def, LocalScopeVariable v,
   | p = v and
     def.definedByParameter(p) and
     sourceType = p.getType().getUnspecifiedType() and
+    strictcount(p.getType()) = 1 and
     isPointerType(sourceType) and
     sourceLoc = p.getLocation())
 }

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/IncorrectPointerScaling.expected

@@ -1,7 +1,3 @@
 | test.cpp:50:19:50:19 | p | This pointer might have type $@ (size 8), but the pointer arithmetic here is done with type int * (size 4). | test.cpp:45:11:45:11 | test.cpp:45:11:45:11 | double |
 | test.cpp:94:18:94:18 | x | This pointer might have type $@ (size 4), but the pointer arithmetic here is done with type short * (size 2). | test.cpp:88:21:88:21 | test.cpp:88:21:88:21 | int |
 | test.cpp:130:27:130:29 | arr | This pointer might have type $@ (size 4), but the pointer arithmetic here is done with type short * (size 2). | test.cpp:128:16:128:18 | test.cpp:128:16:128:18 | int |
-| test_large.cpp:9:22:9:24 | ptr | This pointer might have type $@ (size 8), but the pointer arithmetic here is done with type MyStruct * (size 16). | test_large.cpp:7:21:7:23 | test_large.cpp:7:21:7:23 | MyStruct |
-| test_large.cpp:9:22:9:24 | ptr | This pointer might have type $@ (size 8), but the pointer arithmetic here is done with type MyStruct * (size 16). | test_small.cpp:10:21:10:23 | test_small.cpp:10:21:10:23 | MyStruct |
-| test_small.cpp:12:22:12:24 | ptr | This pointer might have type $@ (size 16), but the pointer arithmetic here is done with type MyStruct * (size 8). | test_large.cpp:7:21:7:23 | test_large.cpp:7:21:7:23 | MyStruct |
-| test_small.cpp:12:22:12:24 | ptr | This pointer might have type $@ (size 16), but the pointer arithmetic here is done with type MyStruct * (size 8). | test_small.cpp:10:21:10:23 | test_small.cpp:10:21:10:23 | MyStruct |

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/test_large.cpp

@@ -6,5 +6,5 @@ struct MyStruct
 
 void test(MyStruct *ptr)
 {
-	MyStruct *new_ptr = ptr + 1; // GOOD [FALSE POSITIVE]
+	MyStruct *new_ptr = ptr + 1; // GOOD
 }

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/test_small.cpp

@@ -9,5 +9,5 @@ struct MyStruct
 
 void test(MyStruct *ptr)
 {
-	MyStruct *new_ptr = ptr + 1; // GOOD [FALSE POSITIVE]
+	MyStruct *new_ptr = ptr + 1; // GOOD
 }