Geoffrey White

Merged. Thanks for reviewing!

Hi @intrigus-lgtm. `syoyo/tinygltf` contains a call to `wordexp` in `tiny_gltf.h` line 2661. However the LGTM build does not include this line (presumably because of the `#if` preprocessor condition a few...

Thanks for that update ... I think the taint issue might be that the flow into `ParseBuffer` is in a lambda expression, its likely such flows are less well tested...

I've started the checks, and run a moderately large LGTM run of the query here: https://lgtm.com/query/1704064894746891004/ (results look good at a glance)

> I think for this query a string to integer sanitizer is need. Its fairly common to simply block flow through all integer typed expressions, in order to stop this...

Oh, and I'll run the checks now...

@jketema this is an old PR, I'd like to either minimally update it and get it merged, or else close it this week. Do you have any idea if it's...

Closing. If these predicates are really a big problem I'm sure we'll encounter them again (if we haven't already).

Thanks for the early review @MathiasVP . It's going to take me a bit of time to address everything, along with the known issues in this PR.

I’ve fixed `TInterpretNode` by removing the `TDataFlowCall_` case - which is redundant as the `Element` case can already represent a call, and that ambiguity was causing stuff to get lost....