CPP: Fix the initialized array case in getBufferSize.

geoffw0 · geoffw0 · commit c747f24b39e6 · 2018-10-08T15:45:17.000+01:00
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
@@ -58,6 +58,10 @@ int getBufferSize(Expr bufferExpr, Element why) {
       // buffer is an initialized array
       //  e.g. int buffer[] = {1, 2, 3};
       why = bufferVar.getInitializer().getExpr() and
+      (
+        why instanceof AggregateLiteral or
+        why instanceof StringLiteral
+      ) and
       result = why.(Expr).getType().(ArrayType).getSize() and
       not exists(bufferVar.getType().getUnspecifiedType().(ArrayType).getSize())
     ) or exists(Class parentClass, VariableAccess parentPtr |
