From cf96035d8c1e9954763944822c5f7fa045ecfbd4 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Tue, 4 Jun 2019 20:04:53 -0700 Subject: [PATCH] C++: Suspicious pointer scaling: @precision medium This query is not producing good enough results to justify `@precision high`. It's fundamentally looking for a pattern that should correlate with memory management errors, but it doesn't look for the errors themselves. --- change-notes/1.22/analysis-cpp.md | 1 + cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/change-notes/1.22/analysis-cpp.md b/change-notes/1.22/analysis-cpp.md index 2db097f8215d..58eb488509ea 100644 --- a/change-notes/1.22/analysis-cpp.md +++ b/change-notes/1.22/analysis-cpp.md @@ -11,6 +11,7 @@ | **Query** | **Expected impact** | **Change** | |----------------------------|------------------------|------------------------------------------------------------------| +| Suspicious pointer scaling (`cpp/suspicious-pointer-scaling`) | Lower precision | The precision of this query has been reduced to "medium". This coding pattern is used intentionally and safely in a number of real-world projects. Results are no longer displayed on LGTM unless you choose to display them. | ## Changes to QL libraries diff --git a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql index 4a9d525a5779..2a60728c5493 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql @@ -4,7 +4,7 @@ * can cause buffer overflow conditions. * @kind problem * @problem.severity warning - * @precision high + * @precision medium * @id cpp/suspicious-pointer-scaling * @tags security * external/cwe/cwe-468