CPP: Support builtin offsetof.

geoffw0 · geoffw0 · commit c9ed0396c566 · 2018-10-25T16:41:37.000+01:00
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
@@ -40,6 +40,9 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {
     ) or exists(AddressOfExpr aoe |
       // `&(c.v)` is taken
       aoe.getAddressable() = v
+    ) or exists(BuiltInOperationOffsetOf oo |
+      // `offsetof(c, v)` using a builtin
+      oo.getAChild().(VariableAccess).getTarget() = v
     )
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,9 @@ predicate memberMayBeVarSize(Class c, MemberVariable v) {`
`40`	`40`	`) or exists(AddressOfExpr aoe \|`
`41`	`41`	// `&(c.v)` is taken
`42`	`42`	`aoe.getAddressable() = v`
	`43`	`+ ) or exists(BuiltInOperationOffsetOf oo \|`
	`44`	+ // `offsetof(c, v)` using a builtin
	`45`	`+ oo.getAChild().(VariableAccess).getTarget() = v`
`43`	`46`	`)`
`44`	`47`	`)`
`45`	`48`	`}`