False positive "Comparison result is always the same" because of incorrect sizeof evaluation

Open andyhhp opened this issue 1 year ago • 3 comments

Description of the false positive

CodeQL complains "Comparison is always true because i <= 1. "

However, it is really a loop over 4 elements.

I suspect the problem is that

struct foo
{
   ...
    unsigned long (*fnptr_array[4])(void);
    ...
};

describes an array of 4 function pointers, but that CodeQL isn't evaluating sizeof correctly on the type.

Code samples or links to source code

https://github.com/andyhhp/xtf/blob/f503efe8e5cf8858ec0704f1aaa82d0bf50891a5/tests/swint-emulation/main.c#L162-L162

but I've done a simpler example in https://godbolt.org/z/9fGr51r68 if that helps

URL to the alert on GitHub code scanning (optional)

https://github.com/andyhhp/xtf/security/code-scanning/55

Aug 30 '24 18:08 andyhhp