From b5cbd909f78abf13f8e7663fd588d39bbe3d284f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 19 Oct 2023 11:00:33 +0200 Subject: [PATCH] Update docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst Co-authored-by: Felicity Chapman --- .../codeql-language-guides/advanced-dataflow-scenarios-cpp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst index b7cc1e0f4bc..98e8f6eb814 100644 --- a/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst +++ b/docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst @@ -325,7 +325,7 @@ Consider an alternative scenario where ``U`` contains a single ``int`` data, and Since the ``data`` field is now an ``int`` instead of an ``int*`` the field no longer has any indirections, and so the use of ``asIndirectExpr`` in ``isAdditionalFlowStep`` no longer makes sense (and so the additional step will have no results). So there is no choice about whether to taint the value of the field or its indirection: it has to be the value. However, since we pass the address of ``data`` to ``use_pointer`` on line 12 the tainted value is what is pointed to by the argument of ``use_pointer`` (since the value pointed to by ``&data`` is exactly ``data``). So to handle this case we need a mix of the two situations above: - 1. We need to taint the value of the field as described the :ref:`Using asExpr ` section. + 1. We need to taint the value of the field as described in the :ref:`Using asExpr ` section. 2. We need to select the indirection of the argument as described in the :ref:`Using asIndirectExpr ` section. With these changes the query looks like: