File tree Expand file tree Collapse file tree
cpp/ql/src/Likely Bugs/Memory Management Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -104,9 +104,13 @@ where
104104 // Some of the functions operate on a larger char type, like `wchar_t`, so we
105105 // need to take this into account in the fixed size case.
106106 charSize = f .getParameter ( argDest ) .getType ( ) .getUnspecifiedType ( ) .( PointerType ) .getBaseType ( ) .getSize ( ) and
107- if exists ( fc .getArgument ( argLimit ) .getValue ( ) .toInt ( ) ) then (
107+ if exists ( fc .getArgument ( argLimit ) .getValue ( ) .toInt ( ) ) then (
108108 // Fixed sized case
109- arrayExprFixedSize ( copyDest ) < charSize * fc .getArgument ( argLimit ) .getValue ( ) .toInt ( )
109+ exists ( int size |
110+ size = arrayExprFixedSize ( copyDest ) and
111+ size < charSize * fc .getArgument ( argLimit ) .getValue ( ) .toInt ( ) and
112+ size != 0 // if the array has zero size, something special is going on
113+ )
110114 ) else exists ( Access takenSizeOf , BufferSizeExpr sizeExpr , int plus |
111115 // Variable sized case
112116 sizeExpr = fc .getArgument ( argLimit ) .getAChild * ( ) and
You can’t perform that action at this time.
0 commit comments