C++: Fix an issue with cpp/suspicious-add-sizeof in BMN databases#21514
Open
geoffw0 wants to merge 4 commits intogithub:mainfrom
Open
C++: Fix an issue with cpp/suspicious-add-sizeof in BMN databases#21514geoffw0 wants to merge 4 commits intogithub:mainfrom
geoffw0 wants to merge 4 commits intogithub:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the cpp/suspicious-add-sizeof query to avoid spurious alerts in build-mode: none (BMN) databases when pointer base types are extracted as erroneous, and adds regression coverage plus a change note.
Changes:
- Treat
ErroneousTypepointer bases as “char/void-sized” for the purposes of suppressing suspicious+ sizeof(...)pointer arithmetic results. - Add a buildless test case that exercises extraction-with-errors scenarios and updates expected results accordingly.
- Add a C++ pack change note documenting the analysis behavior change for BMN databases.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | Expands the query’s “char/void pointer” exemption to include erroneous base types. |
| cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp | New buildless test TU (expects extractor errors) to cover erroneous-type pointer arithmetic cases. |
| cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp | Adds typedefs/prototype to support the buildless test scenario. |
| cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected | Updates expected results to include findings from the new buildless test file. |
| cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md | Records the BMN false-positive fix as a minor analysis change. |
You can also share your feedback on Copilot code review. Take the survey.
cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp
Outdated
Show resolved
Hide resolved
…AddWithSizeof/buildless.cpp
jketema
approved these changes
Mar 19, 2026
Contributor
jketema
left a comment
jketema
left a comment
There was a problem hiding this comment.
LGTM if both "regular" and BMN DCA are happy.
This comment was marked as spam.
This comment was marked as spam.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix an issue with the
cpp/suspicious-add-sizeofquery in BMN databases. It's possible to have pointer arithmetic on a pointer tochar(oruint8_t) type extracted as pointer arithmetic on a pointer to error type. To avoid spurious results we should assume that this could be a char type and permit arithmetic withsizeof.