C++: Fix isParameterDeref typo.

MathiasVP · MathiasVP · commit 23eb4d2009aa · 2021-01-28T18:29:30.000+01:00
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Strset.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Strset.qll
@@ -34,7 +34,7 @@ private class StrsetFunction extends ArrayFunction, DataFlowFunction, AliasFunct
     (
       output.isReturnValueDeref()
       or
-      output.isParameterDeref(1)
+      output.isParameterDeref(0)
     )
     or
     // flow from the input string to the output string
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -5874,13 +5874,15 @@
 | taint.cpp:504:10:504:12 | ref arg ptr | taint.cpp:505:7:505:9 | ptr |  |
 | taint.cpp:504:10:504:12 | ref arg ptr | taint.cpp:506:8:506:10 | ptr |  |
 | taint.cpp:504:15:504:20 | source | taint.cpp:504:2:504:8 | call to _strset | TAINT |
+| taint.cpp:504:15:504:20 | source | taint.cpp:504:10:504:12 | ref arg ptr |  |
 | taint.cpp:505:7:505:9 | ref arg ptr | taint.cpp:506:8:506:10 | ptr |  |
 | taint.cpp:506:8:506:10 | ptr | taint.cpp:506:7:506:10 | * ... | TAINT |
 | taint.cpp:509:26:509:31 | source | taint.cpp:510:10:510:15 | source |  |
 | taint.cpp:509:26:509:31 | source | taint.cpp:511:7:511:12 | source |  |
 | taint.cpp:510:10:510:15 | ref arg source | taint.cpp:511:7:511:12 | source |  |
 | taint.cpp:510:10:510:15 | source | taint.cpp:510:2:510:8 | call to _strset |  |
 | taint.cpp:510:18:510:18 | 0 | taint.cpp:510:2:510:8 | call to _strset | TAINT |
+| taint.cpp:510:18:510:18 | 0 | taint.cpp:510:10:510:15 | ref arg source |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 |  |
 | vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
@@ -502,8 +502,8 @@ char *_strset(char *str, int c);
 
 void test_strset_1(char* ptr, char source) {
 	_strset(ptr, source);
-	sink(ptr);
-	sink(*ptr); // $ MISSING: ast,ir
+	sink(ptr); // $ SPURIOUS: ast,ir
+	sink(*ptr); // $ ast,ir
 }
 
 void test_strset_2(char* source) {

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ private class StrsetFunction extends ArrayFunction, DataFlowFunction, AliasFunct`
`34`	`34`	`(`
`35`	`35`	`output.isReturnValueDeref()`
`36`	`36`	`or`
`37`		`- output.isParameterDeref(1)`
	`37`	`+ output.isParameterDeref(0)`
`38`	`38`	`)`
`39`	`39`	`or`
`40`	`40`	`// flow from the input string to the output string`
Original file line number	Diff line number	Diff line change
`@@ -502,8 +502,8 @@ char _strset(char str, int c);`
`502`	`502`
`503`	`503`	`void test_strset_1(char* ptr, char source) {`
`504`	`504`	`_strset(ptr, source);`
`505`		`- sink(ptr);`
`506`		`- sink(*ptr); // $ MISSING: ast,ir`
	`505`	`+ sink(ptr); // $ SPURIOUS: ast,ir`
	`506`	`+ sink(*ptr); // $ ast,ir`
`507`	`507`	`}`
`508`	`508`
`509`	`509`	`void test_strset_2(char* source) {`