hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Clean up PotentialBufferOverflow.ql a bit.

Browse Source
This commit is contained in:
Geoffrey White
2019-01-29 11:35:09 +00:00
parent 2a708d3243
commit 0541950c44
1 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
View File

@@ -13,12 +13,7 @@
import cpp
import semmle.code.cpp.commons.Buffer
abstract class PotentiallyDangerousFunctionCall extends FunctionCall {
abstract predicate isDangerous();
abstract string getDescription();
}
class SprintfCall extends PotentiallyDangerousFunctionCall {
class SprintfCall extends FunctionCall {
SprintfCall() {
this.getTarget().hasName("sprintf") or this.getTarget().hasName("vsprintf")
}
@@ -31,16 +26,16 @@ class SprintfCall extends PotentiallyDangerousFunctionCall {
result = this.getArgument(1).(FormatLiteral).getMaxConvertedLength()
}
override predicate isDangerous() {
predicate isDangerous() {
this.getMaxConvertedLength() > this.getBufferSize()
}
override string getDescription() {
string getDescription() {
result = "This conversion may yield a string of length "+this.getMaxConvertedLength().toString()+
", which exceeds the allocated buffer size of "+this.getBufferSize().toString()
}
}
from PotentiallyDangerousFunctionCall c
from SprintfCall c
where c.isDangerous()
select c, c.getDescription()