Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False positive "Comparison result is always the same" because of incorrect sizeof evaluation #17343

Open
andyhhp opened this issue Aug 30, 2024 · 0 comments

Comments

@andyhhp
Copy link

andyhhp commented Aug 30, 2024

Description of the false positive

CodeQL complains "Comparison is always true because i <= 1. "

However, it is really a loop over 4 elements.

I suspect the problem is that

struct foo
{
   ...
    unsigned long (*fnptr_array[4])(void);
    ...
};

describes an array of 4 function pointers, but that CodeQL isn't evaluating sizeof correctly on the type.

Code samples or links to source code

https://github.com/andyhhp/xtf/blob/f503efe8e5cf8858ec0704f1aaa82d0bf50891a5/tests/swint-emulation/main.c#L162-L162

but I've done a simpler example in https://godbolt.org/z/9fGr51r68 if that helps

URL to the alert on GitHub code scanning (optional)

https://github.com/andyhhp/xtf/security/code-scanning/55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant