Add files via upload

2026-04-30 19:26:02 +02:00 · 2020-12-26 20:45:11 +03:00
parent cd7c47ea39
commit 0c7381a3b0
3 changed files with 112 additions and 0 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
@@ -0,0 +1,3 @@
+| test.c:10:29:10:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
+| test.c:39:29:39:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
+| test.c:83:29:83:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/test.c
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/test.c
@@ -0,0 +1,108 @@
+#define size_t int
+#define NULL ((void*)0)
+
+
+unsigned char * badResize0(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * goodResize0(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: this way we will exclude possible memory leak 
+	unsigned char * tmp;
+	if (currentSize < newSize)
+	{
+		tmp = (unsigned char *)realloc(buffer, newSize);
+	}
+	if (tmp == NULL)
+	{
+		free(buffer);
+		return NULL;
+	} 
+	else
+		buffer = tmp;
+	return buffer;
+}
+unsigned char * badResize1(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	if(!buffer)
+		exit(0);
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize1(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	if(!buffer)
+		exit(0);
+	return buffer;
+}
+unsigned char * noBadResize1e(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	if(buffer)
+		return buffer;
+	else
+		exit(0);
+}
+unsigned char * noBadResize1o(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		if(buffer = (unsigned char *)realloc(buffer, newSize))
+			exit(0);
+	}
+	return buffer;
+}
+unsigned char * badResize2(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	assert(buffer!=0);
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize2(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+		assert(buffer!=0);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize2e(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	assert(buffer!=0);
+	return buffer;
+}
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql`