joern icon indicating copy to clipboard operation
joern copied to clipboard
verified publisher icon joernio

[Bug][C] Data flow issue with global variables modified in method calls

Open mal-tee opened this issue 6 months ago • 1 comments

Describe the bug reachableByFlows appears to struggle with global variables that are modified in other functions.

To Reproduce

#include <stdio.h>

int x;
int y = 1337;

void set_x() {
    x = y;
}

int main (int argc, char **argv) {
    set_x();
    int z = x;
}

// in joern, after importCode():
cpg.identifier("z").reachableByFlows(cpg.identifier("x")).p // found
cpg.identifier("z").reachableByFlows(cpg.identifier("y")).p // empty

Expected behavior The data flow from y to z should be found (last line).

Desktop (please complete the following information): Latest joern via docker/nightly (4.0.388)

mal-tee avatar Jul 11 '25 08:07 mal-tee

This is a known limitation of Joern's dataflow engine (also manifests with flows in and out of lambdas / anonymous function in all supported languages at the moment. I am not sure if someone works on that at the moment or what the plans are to support this in the future.

max-leuthaeuser avatar Jul 11 '25 08:07 max-leuthaeuser