C++: Fix Code Scanning errors.

MathiasVP · MathiasVP · commit 3b4f2b22d65d · 2023-06-26T11:36:56.000+01:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
@@ -94,18 +94,21 @@ predicate constantUpperBounded(PointerArithmeticInstruction pai, int delta) {
 }
 
 bindingset[pai, size]
-predicate pointerArithOverflow0Impl(PointerArithmeticInstruction pai, int size, int bound, int delta) {
-  constantUpperBounded(pai, bound) and
-  delta = bound - size and
-  delta >= 0 and
-  size != 0 and
-  size != 1
+predicate pointerArithOverflow0Impl(PointerArithmeticInstruction pai, int size, int delta) {
+  exists(int bound |
+    constantUpperBounded(pai, bound) and
+    delta = bound - size and
+    delta >= 0 and
+    size != 0 and
+    size != 1
+  )
 }
 
+pragma[nomagic]
 predicate pointerArithOverflow0(PointerArithmeticInstruction pai, int delta) {
-  exists(int size, int bound |
+  exists(int size |
     arrayTypeHasSizes(_, pai.getElementSize(), size) and
-    pointerArithOverflow0Impl(pai, size, bound, delta)
+    pointerArithOverflow0Impl(pai, size, delta)
   )
 }
 
@@ -130,7 +133,7 @@ bindingset[v]
 predicate finalPointerArithOverflow(Variable v, PointerArithmeticInstruction pai, int delta) {
   exists(int size |
     arrayTypeHasSizes(pragma[only_bind_out](v.getUnspecifiedType()), pai.getElementSize(), size) and
-    pointerArithOverflow0Impl(pai, size, _, delta)
+    pointerArithOverflow0Impl(pai, size, delta)
   )
 }
 

Original file line number	Diff line number	Diff line change
`@@ -94,18 +94,21 @@ predicate constantUpperBounded(PointerArithmeticInstruction pai, int delta) {`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`bindingset[pai, size]`
`97`		`-predicate pointerArithOverflow0Impl(PointerArithmeticInstruction pai, int size, int bound, int delta) {`
`98`		`- constantUpperBounded(pai, bound) and`
`99`		`- delta = bound - size and`
`100`		`- delta >= 0 and`
`101`		`- size != 0 and`
`102`		`- size != 1`
	`97`	`+predicate pointerArithOverflow0Impl(PointerArithmeticInstruction pai, int size, int delta) {`
	`98`	`+ exists(int bound \|`
	`99`	`+ constantUpperBounded(pai, bound) and`
	`100`	`+ delta = bound - size and`
	`101`	`+ delta >= 0 and`
	`102`	`+ size != 0 and`
	`103`	`+ size != 1`
	`104`	`+ )`
`103`	`105`	`}`
`104`	`106`
	`107`	`+pragma[nomagic]`
`105`	`108`	`predicate pointerArithOverflow0(PointerArithmeticInstruction pai, int delta) {`
`106`		`- exists(int size, int bound \|`
	`109`	`+ exists(int size \|`
`107`	`110`	`arrayTypeHasSizes(_, pai.getElementSize(), size) and`
`108`		`- pointerArithOverflow0Impl(pai, size, bound, delta)`
	`111`	`+ pointerArithOverflow0Impl(pai, size, delta)`
`109`	`112`	`)`
`110`	`113`	`}`
`111`	`114`
`@@ -130,7 +133,7 @@ bindingset[v]`
`130`	`133`	`predicate finalPointerArithOverflow(Variable v, PointerArithmeticInstruction pai, int delta) {`
`131`	`134`	`exists(int size \|`
`132`	`135`	`arrayTypeHasSizes(pragma[only_bind_out](v.getUnspecifiedType()), pai.getElementSize(), size) and`
`133`		`- pointerArithOverflow0Impl(pai, size, _, delta)`
	`136`	`+ pointerArithOverflow0Impl(pai, size, delta)`
`134`	`137`	`)`
`135`	`138`	`}`
`136`	`139`