Fixes in cpp/global-use-before-init

cpp/ql/src/Critical/GlobalUseBeforeInit.ql

@@ -31,11 +31,19 @@ predicate dominatingInitInFunc(GlobalVariable v, Function f, ControlFlowNode nod
   )
 }
 
+predicate safeAccess(VariableAccess access) {
+  // it is safe if the variable access is part of a `sizeof` expression
+  exists(SizeofExprOperator e |
+    e.getAChild*() = access
+  )
+}
+
 predicate useFunc(GlobalVariable v, Function f) {
   exists(VariableAccess access |
     v.getAnAccess() = access and
     access.isRValue() and
     access.getEnclosingFunction() = f and
+    not safeAccess(access) and
     not dominatingInitInFunc(v, f, access)
   )
 }

cpp/ql/test/query-tests/Critical/GlobalUseBeforeInit/GlobalUseBeforeInit.expected

@@ -1,2 +1,2 @@
-| test.cpp:27:5:27:6 | f1 | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |
-| test.cpp:38:5:38:8 | main | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |
+| test.cpp:28:5:28:6 | f1 | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |
+| test.cpp:39:5:39:8 | main | The variable $@ is used in this function but may not be initialized when it is called. | test.cpp:14:5:14:5 | b | b |

cpp/ql/test/query-tests/Critical/GlobalUseBeforeInit/test.cpp

@@ -12,6 +12,7 @@ int vfprintf (FILE *, const char *, va_list);
 
 int a = 1;
 int b;
+int *c;
 
 int my_printf(const char * fmt, ...)
 {
@@ -37,8 +38,9 @@ void f2() {
 
 int main()
 {
+    unsigned size = sizeof(*c); // GOOD
     my_printf("%d\n", b); // BAD
     b = f1();
     f2();
     return 0;
-}
+}