/**
 * @name Array index might overflow
 * @description An array indexing expression of the form
 *              x[i+j] could cause an out-of-bounds write.
 * @kind problem
 * @problem.severity warning
 * @id apple-xnu/cpp/array-index-might-overflow
 */

import cpp
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis

// Find an assignment like this:  x[i+j] = v
from ArrayExpr ae, BinaryArithmeticOperation idx, Assignment assign
where ae = assign.getLValue()
  and idx = ae.getArrayOffset()
  and convertedExprMightOverflow(idx)
select idx, "Array index might overflow"