C++: Another attempt to make the fix more solid. I believe it can't produce negative numbers now.

geoffw0 · geoffw0 · commit 7169c4be4808 · 2025-02-28T14:21:58.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
@@ -92,12 +92,7 @@ private int getSize(VariableAccess va) {
       // buffer is `12 - 4 = 8`.
       c = getRootType(va) and
       // we calculate the size based on the last field, to avoid including any padding after it
-      trueSize =
-        max(Field f |
-          f.getDeclaringType*() = c
-        |
-          f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()
-        ) and
+      trueSize = max(Field f | | f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()) and
       result = trueSize - v.(Field).getOffsetInClass(c)
     )
   )

Original file line number	Diff line number	Diff line change
`@@ -92,12 +92,7 @@ private int getSize(VariableAccess va) {`
`92`	`92`	// buffer is `12 - 4 = 8`.
`93`	`93`	`c = getRootType(va) and`
`94`	`94`	`// we calculate the size based on the last field, to avoid including any padding after it`
`95`		`- trueSize =`
`96`		`- max(Field f \|`
`97`		`- f.getDeclaringType*() = c`
`98`		`- \|`
`99`		`- f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()`
`100`		`- ) and`
	`95`	`+ trueSize = max(Field f \| \| f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()) and`
`101`	`96`	`result = trueSize - v.(Field).getOffsetInClass(c)`
`102`	`97`	`)`
`103`	`98`	`)`