CodeQL library for C/C++
codeql/cpp-all 1.1.0 (changelog, source)

Member predicate ArrayFunction::hasArrayWithUnknownSize

Holds if parameter bufParam points to a buffer with no fixed size and no size parameter, which is not null-terminated or which is null-terminated but for which the null value may be written past. For example, the first parameters of sprintf and strcat.

predicate hasArrayWithUnknownSize(int bufParam)