Skip to content

C++: Fix FP in cpp/overflow-buffer #20193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 11, 2025
Merged

C++: Fix FP in cpp/overflow-buffer #20193

merged 4 commits into from
Aug 11, 2025
+45 −19

Conversation

MathiasVP
Copy link
Contributor

@MathiasVP MathiasVP commented Aug 8, 2025
edited
Loading

We "handled" reference types in one disjunct of getSize, but not in the other (where by "handle" I mean "excluded"). This caused some FPs when capturing the destination variable by reference in a lambda.
This PR fixes that by properly excluding reference types as sources in both disjuncts.

Commit-by-commit review recommended.

DCA looks uneventful.

@MathiasVP MathiasVP requested a review from a team as a code owner August 8, 2025 14:17
@Copilot Copilot AI review requested due to automatic review settings August 8, 2025 14:17
@github-actions github-actions bot added the C++ label Aug 8, 2025
Copilot
Copilot AI reviewed Aug 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a false positive in the cpp/overflow-buffer query by properly handling reference types. The issue was that reference types were excluded from size calculations in one part of the getSize predicate but not in another, causing false positives when capturing destination variables by reference in lambdas.

  • Extracts reference type handling into a shared helper predicate getVariableSize
  • Updates both disjuncts of getSize to consistently exclude reference types from size calculations
  • Adds a test case demonstrating the fixed scenario with lambda capture by reference

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
Buffer.qll Adds getVariableSize helper and updates getSize to consistently exclude reference types
tests.cpp Adds test case test31 demonstrating lambda capture scenario that should not trigger false positive
UnboundedWrite.expected Updates expected test results with corrected line numbers after adding new test case

jketema
jketema approved these changes Aug 11, 2025
View reviewed changes
Copy link
Contributor

@jketema jketema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MathiasVP MathiasVP merged commit 851cb04 into github:main Aug 11, 2025
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@jketema jketema jketema approved these changes

Assignees
No one assigned
Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MathiasVP @jketema