From 70b72f70e14f51930f3c9c4de67174ca0636214e Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:32:53 +0100
Subject: [PATCH 1/3] C++: Upgrade query precision.

---
 cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
index 343e96a00d39..d5a5cd8f6655 100644
--- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -6,7 +6,7 @@
  * @kind problem
  * @problem.severity warning
  * @security-severity 8.8
- * @precision medium
+ * @precision high
  * @id cpp/suspicious-add-sizeof
  * @tags security
  *       external/cwe/cwe-468

From cc89b6ea919eb619ee932c2008fca5bbdeb4da08 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:33:06 +0100
Subject: [PATCH 2/3] C++: Change note.

---
 cpp/ql/src/change-notes/2026-04-02-suspicious-add-sizeof.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 cpp/ql/src/change-notes/2026-04-02-suspicious-add-sizeof.md

diff --git a/cpp/ql/src/change-notes/2026-04-02-suspicious-add-sizeof.md b/cpp/ql/src/change-notes/2026-04-02-suspicious-add-sizeof.md
new file mode 100644
index 000000000000..040e89c13475
--- /dev/null
+++ b/cpp/ql/src/change-notes/2026-04-02-suspicious-add-sizeof.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query has been upgraded to `high` precision. This query will now run in the default code scanning suite.

From b21dba6131e8550f7ea940c3341ccfbfbbd3dc6d Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Tue, 7 Apr 2026 13:06:34 +0100
Subject: [PATCH 3/3] C++: Update code scanning suite .expected.

---
 .../integration-tests/query-suite/cpp-code-scanning.qls.expected | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected b/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected
index 57d240fd7958..4e86c27d53fd 100644
--- a/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected
+++ b/cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected
@@ -40,6 +40,7 @@ ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
 ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
+ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
 ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
 ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
 ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql