[zlaski/memset-model] New Memset.qll file.

2026-05-02 04:05:14 +02:00 · 2019-09-25 12:38:52 -07:00
parent ad8ae35c82
commit 144aacb09d
1 changed files with 28 additions and 0 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll
@@ -0,0 +1,28 @@
+import semmle.code.cpp.Function
+import semmle.code.cpp.models.interfaces.ArrayFunction
+import semmle.code.cpp.models.interfaces.DataFlow
+import semmle.code.cpp.models.interfaces.Taint
+
+/**
+ * The standard function `memset` and its assorted variants
+ */
+class MemsetFunction extends ArrayFunction, DataFlowFunction, TaintFunction {
+  MemsetFunction() {
+    hasGlobalName("memset") or
+    hasGlobalName("bzero") or
+    hasGlobalName("__builtin_memset") or
+    hasQualifiedName("std", "memset")
+  }
+
+  override predicate hasArrayOutput(int bufParam) { bufParam = 0 }
+
+  override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
+    input.isInParameter(0) and
+    output.isOutReturnValue()
+  }
+
+  override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
+    bufParam = 0 and
+    (if hasGlobalName("bzero") then countParam = 1 else countParam = 2)
+  }
+}