hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add a FP testcase involving flow through back-edges.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-05-12 13:00:39 +01:00
parent 48f22681a5
commit 0b7fc3cbf7
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected
View File

@@ -223,6 +223,7 @@ edges
| test.cpp:243:12:243:14 | str indirection [string] | test.cpp:243:16:243:21 | string indirection |
| test.cpp:243:16:243:21 | string indirection | test.cpp:243:12:243:21 | string |
| test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p |
| test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p |
nodes
| test.cpp:16:11:16:21 | mk_string_t indirection [string] | semmle.label | mk_string_t indirection [string] |
| test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... |
@@ -405,6 +406,8 @@ nodes
| test.cpp:243:16:243:21 | string indirection | semmle.label | string indirection |
| test.cpp:249:20:249:27 | call to my_alloc | semmle.label | call to my_alloc |
| test.cpp:250:12:250:12 | p | semmle.label | p |
| test.cpp:256:17:256:22 | call to malloc | semmle.label | call to malloc |
| test.cpp:257:12:257:12 | p | semmle.label | p |
subpaths
| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:12:236:17 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
#select
@@ -426,3 +429,4 @@ subpaths
| test.cpp:232:3:232:8 | call to memset | test.cpp:228:43:228:48 | call to malloc | test.cpp:232:10:232:15 | buffer | This write may overflow $@ by 32 elements. | test.cpp:232:10:232:15 | buffer | buffer |
| test.cpp:243:5:243:10 | call to memset | test.cpp:241:27:241:32 | call to malloc | test.cpp:243:12:243:21 | string | This write may overflow $@ by 1 element. | test.cpp:243:16:243:21 | string | string |
| test.cpp:250:5:250:10 | call to memset | test.cpp:249:20:249:27 | call to my_alloc | test.cpp:250:12:250:12 | p | This write may overflow $@ by 1 element. | test.cpp:250:12:250:12 | p | p |
| test.cpp:257:5:257:10 | call to memset | test.cpp:256:17:256:22 | call to malloc | test.cpp:257:12:257:12 | p | This write may overflow $@ by 32 elements. | test.cpp:257:12:257:12 | p | p |

8
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp
View File

@@ -248,4 +248,12 @@ void* my_alloc(unsigned size);
void foo(unsigned size) {
int* p = (int*)my_alloc(size); // BAD
memset(p, 0, size + 1);
}
void test6(unsigned long n, char *p) {
while (unknown()) {
n++;
p = (char *)malloc(n);
memset(p, 0, n); // GOOD [FALSE POSITIVE]
}
}