Mathias Vorreiter Pedersen
Mathias Vorreiter Pedersen
I'll split this into more meaningful commit chunks when I pull the PR out of draft (and also write an actual description of the whats and whys of this PR).
This PR copy/pastes almost all the tests we had for `SimpleRangeAnalysis` into a testfile that's exercised by the new range-analysis library, and then moves the file over to use InlineExpectationsTest....
This PR does two things: - It adds a couple of new interface classes, `HeuristicAllocationExpr` and `HeuristicAllocationFunction`, that complement the already existing `AllocationExpr` and `HeuristicAllocation` classes with functions that we...
This PR adds a class that's defined as the union of `ClassDecl and `StructDecl`. This is motivated by us having used the wrong one of these on several occasions. Hopefully,...
When we call `ZeroBound::getExpr` to get an expression that matches a given bound we eventually reach https://github.com/github/codeql/blob/8b8e74cc9a11f3cb5bedd0aed42ec26de179dc61/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/Bound.qll#L57 which will match _any_ instruction with a constant value of `0`. As @rdmarsh2...
This PR adds a new medium precision query `cpp/type-confusion` to detect issues such as: ```cpp struct Animal { virtual ~Animal(); }; struct Cat : public Animal { Cat(); ~Cat(); };...
This PR fixes a subtle problem in the C++ SSA. Consider an example such as: ```cpp void test() { int x; sink(&x); } ``` a basic requirement for SSA is...
This PR pulls out the shareable parts of Java's type-flow library into a new shared qlpack. In a subsequent PR, I plan to make use of this library for C/C++...
### Affected rules - `MEM53-CPP` ### Description In https://github.com/github/codeql/pull/14637 we added taint-flow through the indirection of the pointer passed to `realloc` to the indirection of the result. That is, flow...