Data flow: Restrict lambda reads at actual lambda calls

hvitved · hvitved · commit 9d6ece103900 · 2024-11-14T20:24:27.000+01:00
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
@@ -1797,7 +1797,9 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
         or
         exists(ArgumentPosition apos |
           c.getAReadContent() = getLambdaArgumentContent(k, apos) and
-          node2.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(call, apos)
+          node2.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(call, apos) and
+          // we should never read from the lambda itself
+          not any(ArgNodeEx arg | exists(arg.asLambdaMallocNode())).argumentOf(_, apos)
         )
       )
       or

Original file line number	Diff line number	Diff line change
`@@ -1797,7 +1797,9 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {`
`1797`	`1797`	`or`
`1798`	`1798`	`exists(ArgumentPosition apos \|`
`1799`	`1799`	`c.getAReadContent() = getLambdaArgumentContent(k, apos) and`
`1800`		`- node2.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(call, apos)`
	`1800`	`+ node2.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(call, apos) and`
	`1801`	`+ // we should never read from the lambda itself`
	`1802`	`+ not any(ArgNodeEx arg \| exists(arg.asLambdaMallocNode())).argumentOf(_, apos)`
`1801`	`1803`	`)`
`1802`	`1804`	`)`
`1803`	`1805`	`or`