From 46f1c6d311bbd789f5e59877ed5579bf49f89872 Mon Sep 17 00:00:00 2001
From: Jonas Jensen <jonas@semmle.com>
Date: Wed, 4 Sep 2019 10:11:18 +0200
Subject: [PATCH] C++: Allow field flow in conservativeDataFlowStep

Since local field flow is no longer a wild overapproximation, it can be
allowed in the `cpp/return-stack-allocated-memory` query.
---
 .../Memory Management/ReturnStackAllocatedMemory.ql         | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
index 838e1ef74c10..b1ddf2dbd93d 100644
--- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
+++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
@@ -16,13 +16,11 @@ import semmle.code.cpp.dataflow.EscapesTree
 import semmle.code.cpp.dataflow.DataFlow
 
 /**
- * Holds if `n1` may flow to `n2`, ignoring flow through fields because these
- * are currently modeled as an overapproximation that assumes all objects may
- * alias.
+ * Holds if `n1` may flow to `n2` without passing through conversions that
+ * perform dereferences or address-of operations.
  */
 predicate conservativeDataFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
   DataFlow::localFlowStep(n1, n2) and
-  not n2.asExpr() instanceof FieldAccess and
   not hasNontrivialConversion(n2.asExpr())
 }