Closed
Description
On lgtm.com I ran the following query c++ on openssl/openssl:
import cpp
from Call c
where not c.getTarget().hasDefinition() and c.getTarget().hasGlobalName("BUF_MEM_free")
select c, "TEST"
It produces several instances of calls to BUF_MEM_free where codeql thinks the definition does not exist. It only finds the stub in buffer.h. If I generate a similar query for calls where a definition is known, it also finds many instances, pointing to the definition in buffer.c.
I'm trying to understand why there is a discrepancy in finding function definitions. I'm guessing there is probably some dynamic loading going on, but I wanted to verify there isn't some deeper bug here. Also, I was wondering if there are solutions to finding the possible definition other than matching functions with definitions to the fully qualified function name at the call.