hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Address review comments.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-02-02 10:48:07 +01:00
parent be9908df87
commit 0db54e08b8
1 changed files with 4 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cpp/ql/src/semmle/code/cpp/models/implementations/Sscanf.qll
View File

@@ -19,7 +19,8 @@ private class SscanfModel extends ArrayFunction, TaintFunction, AliasFunction, S
override predicate hasArrayWithNullTerminator(int bufParam) {
bufParam = this.(ScanfFunction).getFormatParameterIndex()
or
bufParam = this.(Sscanf).getInputParameterIndex()
not this instanceof Fscanf and
bufParam = this.(ScanfFunction).getInputParameterIndex()
}
override predicate hasArrayInput(int bufParam) { hasArrayWithNullTerminator(bufParam) }
@@ -35,16 +36,10 @@ private class SscanfModel extends ArrayFunction, TaintFunction, AliasFunction, S
)
}
private int getArgsStartPosition() {
exists(int nLength, int nLocale |
(if exists(getLocaleParameterIndex()) then nLocale = 1 else nLocale = 0) and
(if exists(getLengthParameterIndex()) then nLength = 1 else nLength = 0) and
result = 2 + nLocale + nLength
)
}
private int getArgsStartPosition() { result = this.getNumberOfParameters() }
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input.isParameterDeref(0) and
input.isParameterDeref(this.(ScanfFunction).getInputParameterIndex()) and
output.isParameterDeref(any(int i | i >= getArgsStartPosition()))
}