You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Assigning to a local variable though a pointer appears to defeat the taint tracking. In the following example I would have expected to see a taint flow from line 16 to 17 but only the one from line 19 to 20 is reported. The taint seems to not propagate through the pointer correctly.
intsource()
{
return2;
}
inttarget(int source)
{
return source;
}
intmain(int argv, char **argc)
{
int a;
int *c = &a;
*c = source();
target(a); // not detected as reached
a = source();
target(a); // detected as reachedreturn0;
}
Yes, we are aware of this limitation, which is one we are actively working on resolving. We might get that covered in the near future, though I cannot commit to any specific roadmap yet. Stay tuned 🙂
Assigning to a local variable though a pointer appears to defeat the taint tracking. In the following example I would have expected to see a taint flow from line 16 to 17 but only the one from line 19 to 20 is reported. The taint seems to not propagate through the pointer correctly.
This is the query I ran.
This is the output I received.
CodeQL version: 2.19.3
The text was updated successfully, but these errors were encountered: