Fix flow through pointer types related by aliasing

smowton · smowton · commit a41f3946cacb · 2024-09-02T15:04:55.000+01:00
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
@@ -153,7 +153,8 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
     or
     node1 = base and
     node2.(PostUpdateNode).getPreUpdateNode() = node1.(PointerDereferenceNode).getOperand() and
-    c = any(DataFlow::PointerContent pc | pc.getPointerType() = node2.getType())
+    c =
+      any(DataFlow::PointerContent pc | pc.getPointerType() = node2.getType().getDeepUnaliasedType())
   )
   or
   node1 = node2.(AddressOperationNode).getOperand() and
@@ -172,7 +173,8 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
  */
 predicate readStep(Node node1, ContentSet c, Node node2) {
   node1 = node2.(PointerDereferenceNode).getOperand() and
-  c = any(DataFlow::PointerContent pc | pc.getPointerType() = node1.getType())
+  c =
+    any(DataFlow::PointerContent pc | pc.getPointerType() = node1.getType().getDeepUnaliasedType())
   or
   exists(FieldReadNode read |
     node2 = read and
