CPP: Support builtin offsetof.

geoffw0 · Robert Marsh · commit 313624fd2e3c · 2018-11-07T15:14:39.000-08:00
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
@@ -39,6 +39,9 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {
     ) or exists(AddressOfExpr aoe |
       // `&(c.v)` is taken
       aoe.getAddressable() = v
+    ) or exists(BuiltInOperationOffsetOf oo |
+      // `offsetof(c, v)` using a builtin
+      oo.getAChild().(VariableAccess).getTarget() = v
     )
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,9 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {`
`39`	`39`	`) or exists(AddressOfExpr aoe \|`
`40`	`40`	// `&(c.v)` is taken
`41`	`41`	`aoe.getAddressable() = v`
	`42`	`+ ) or exists(BuiltInOperationOffsetOf oo \|`
	`43`	+ // `offsetof(c, v)` using a builtin
	`44`	`+ oo.getAChild().(VariableAccess).getTarget() = v`
`42`	`45`	`)`
`43`	`46`	`)`
`44`	`47`	`}`