So under a project we have long lived branches of every version release(I know kinda bad design). Recently we noticed in latest branch count of total issues is less by 1. Upon further investigation we found one of the buffer overflow issue we accepted in previous release was not getting detected in current release.
unsigned int arr[3] = { 1u, 1u, 1u };
for ( unsigned int i = 0; i < some_obj.GetCount(); ++i ) {
if ( i < sizeof(arr) ) { // sizeof(arr) would come out as 12
arr[i] = some_obj.GetData(i);
}
}
earlier it would give Access of âdimensionsâ at index 3, while it holds only 3 âunsigned intâ elements
Is there any justification or recent update thats causing this?
Welcome to the community, and thank you for taking the time to report this!
We are aware of this behavioral change in our analyzer, which was introduced in SQ Cloud some time ago. We completely understand that in your specific case, this acts as a regressionâturning a True Positive into a False Negative. We know that can be frustrating.
However, there is a strong motivation behind this update: it reduces the overall number of False Positives the analyzer flags across other scenarios. In your code, because the loop condition relies on a call to an external function, it is opaque and cannot be tracked during interpretation. In such cases, our analyzer cannot safely assume the loop will execute more than twice. (The underlying logic is that if only one iteration were intended, an if statement would suffice; a for loop implies an intent of at least two iterations, but without more context, we cannot safely assume more than that).
Ultimately, we made the difficult choice to trade a a significant number of False Positives for a small handful of False Negatives. Because of the broad improvements this brings to the analyzerâs accuracy, we do not plan to revert to the previous behavior in the short term.
We apologize for the inconvenience this causes in your current workflow, but we sincerely appreciate you sharing your feedback with us.
Best regards,
1 Like