C++: Suppress IntMultToLong alert on char

Author: jbj

cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql

@@ -21,13 +21,15 @@ import semmle.code.cpp.controlflow.SSA
 /**
  * Holds if `e` is either:
  *  - a constant
+ *  - a char-typed expression, meaning it's a small number
  *  - an array access to an array of constants
  *  - flows from one of the above
  * In these cases the value of `e` is likely to be small and
  * controlled, so we consider it less likely to cause an overflow.
  */
 predicate effectivelyConstant(Expr e) {
   e.isConstant() or
+  e.getType().getSize() <= 1 or
   e.(ArrayExpr).getArrayBase().getType().(ArrayType).getBaseType().isConst() or
   exists(SsaDefinition def, Variable v |
     def.getAUse(v) = e and

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/IntMultToLong/IntMultToLong.c

@@ -90,5 +90,5 @@ void use_printf(float f, double d)
 }
 
 size_t three_chars(unsigned char a, unsigned char b, unsigned char c) {
-    return a * b * c; // at most 16581375 [FALSE POSITIVE]
+    return a * b * c; // at most 16581375
 }

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/IntMultToLong/IntMultToLong.expected

@@ -7,4 +7,3 @@
 | IntMultToLong.c:61:23:61:33 | ... * ... | Multiplication result may overflow 'int' before it is converted to 'long long'. |
 | IntMultToLong.c:63:23:63:40 | ... * ... | Multiplication result may overflow 'int' before it is converted to 'long long'. |
 | IntMultToLong.c:75:9:75:13 | ... * ... | Multiplication result may overflow 'int' before it is converted to 'size_t'. |
-| IntMultToLong.c:93:12:93:20 | ... * ... | Multiplication result may overflow 'int' before it is converted to 'size_t'. |