Skip to content

[Bug][C] Dataflow is broken for variables used as conditions in conditional operators #5667

@van-dalf

Description

@van-dalf

Describe the bug
Dataflow is broken for variables used as conditions in conditional operators.
The dataflow is not detected for assignments after the conditional operator.
(A DDG edge seems to be missing in the CPG)

To Reproduce

int main(int argc, char **argv) {
    int source = 0;
    int source_copy = source;
    int sink_1 = source_copy;
    int status = source_copy ? 1 : 0;
    int sink_2 = source_copy;
}

Import above code and run the queries

cpg.identifier("sink_1").reachableByFlows(cpg.identifier("source")).p //finds flow
cpg.identifier("sink_2").reachableByFlows(cpg.identifier("source")).p //empty

Only the flow to the variable sink_1is detected

Expected behavior
Flow to variable sink_2should be detected as well

Desktop (please complete the following information):

  • Joern Version 4.0.302

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions