C++: Fix formatting.

2025-12-20 10:46:30 +01:00 · 2021-05-20 09:48:32 +02:00
parent 9504592909
commit 152c0161a2
2 changed files with 228 additions and 228 deletions
--- a/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.qhelp
+++ b/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.qhelp
@@ -1,31 +1,31 @@
-  <!DOCTYPE qhelp PUBLIC
-    "-//Semmle//qhelp//EN"
-    "qhelp.dtd">
-  <qhelp>
-  <overview>
-  <p>Different overloads of the <code>new</code> operator handle allocation failures in different ways.
-  If <code>new T</code> fails for some type <code>T</code>, it throws a <code>std::bad_alloc</code> exception,
-  but <code>new(std::nothrow) T</code> returns a null pointer. If the programmer does not use the corresponding
-  method of error handling, allocation failure may go unhandled and could cause the program to behave in
-  unexpected ways.</p>
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>Different overloads of the <code>new</code> operator handle allocation failures in different ways.
+If <code>new T</code> fails for some type <code>T</code>, it throws a <code>std::bad_alloc</code> exception,
+but <code>new(std::nothrow) T</code> returns a null pointer. If the programmer does not use the corresponding
+method of error handling, allocation failure may go unhandled and could cause the program to behave in
+unexpected ways.</p>

-  </overview>
-  <recommendation>
+</overview>
+<recommendation>

-  <p>Make sure that exceptions are handled appropriately if <code>new T</code> is used. On the other hand,
-  make sure to handle the possibility of null pointers if <code>new(std::nothrow) T</code> is used.</p>
+<p>Make sure that exceptions are handled appropriately if <code>new T</code> is used. On the other hand,
+make sure to handle the possibility of null pointers if <code>new(std::nothrow) T</code> is used.</p>

-  </recommendation>
-  <example>
-  <sample src="IncorrectAllocationErrorHandling.cpp" />
+</recommendation>
+<example>
+<sample src="IncorrectAllocationErrorHandling.cpp" />

-  </example>
-  <references>
+</example>
+<references>

-  <li>
-    CERT C++ Coding Standard:
-  <a href="https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM52-CPP.+Detect+and+handle+memory+allocation+errors">MEM52-CPP. Detect and handle memory allocation errors</a>.
-  </li>
+<li>
+  CERT C++ Coding Standard:
+<a href="https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM52-CPP.+Detect+and+handle+memory+allocation+errors">MEM52-CPP. Detect and handle memory allocation errors</a>.
+</li>

-  </references>
-  </qhelp>
+</references>
+</qhelp>
--- a/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
+++ b/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
@@ -1,224 +1,224 @@
-  /**
-   * @name Incorrect allocation-error handling
-   * @description `operator new` throws an exception on allocation failures, while `operator new(std::nothrow)` returns a null pointer. Mixing up these two failure conditions can result in unexpected behavior.
-   * @kind problem
-   * @id cpp/incorrect-allocation-error-handling
-   * @problem.severity warning
-   * @precision medium
-   * @tags correctness
-   *       security
-   *       external/cwe/cwe-570
-   */
+/**
+ * @name Incorrect allocation-error handling
+ * @description `operator new` throws an exception on allocation failures, while `operator new(std::nothrow)` returns a null pointer. Mixing up these two failure conditions can result in unexpected behavior.
+ * @kind problem
+ * @id cpp/incorrect-allocation-error-handling
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ *       security
+ *       external/cwe/cwe-570
+ */

-  import cpp
-  import semmle.code.cpp.valuenumbering.GlobalValueNumbering
-  import semmle.code.cpp.controlflow.Guards
+import cpp
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+import semmle.code.cpp.controlflow.Guards

-  /**
-   * A C++ `delete` or `delete[]` expression.
-   */
-  class DeleteOrDeleteArrayExpr extends Expr {
-    DeleteOrDeleteArrayExpr() { this instanceof DeleteExpr or this instanceof DeleteArrayExpr }
+/**
+ * A C++ `delete` or `delete[]` expression.
+ */
+class DeleteOrDeleteArrayExpr extends Expr {
+  DeleteOrDeleteArrayExpr() { this instanceof DeleteExpr or this instanceof DeleteArrayExpr }

-    DeallocationFunction getDeallocator() {
-      result = [this.(DeleteExpr).getDeallocator(), this.(DeleteArrayExpr).getDeallocator()]
-    }
-
-    Destructor getDestructor() {
-      result = [this.(DeleteExpr).getDestructor(), this.(DeleteArrayExpr).getDestructor()]
-    }
+  DeallocationFunction getDeallocator() {
+    result = [this.(DeleteExpr).getDeallocator(), this.(DeleteArrayExpr).getDeallocator()]
  }

-  /** Gets the `Constructor` invoked when `newExpr` allocates memory. */
-  Constructor getConstructorForAllocation(NewOrNewArrayExpr newExpr) {
-    result.getACallToThisFunction() = newExpr.getInitializer()
+  Destructor getDestructor() {
+    result = [this.(DeleteExpr).getDestructor(), this.(DeleteArrayExpr).getDestructor()]
  }
+}

-  /** Gets the `Destructor` invoked when `deleteExpr` deallocates memory. */
-  Destructor getDestructorForDeallocation(DeleteOrDeleteArrayExpr deleteExpr) {
-    result = deleteExpr.getDestructor()
-  }
+/** Gets the `Constructor` invoked when `newExpr` allocates memory. */
+Constructor getConstructorForAllocation(NewOrNewArrayExpr newExpr) {
+  result.getACallToThisFunction() = newExpr.getInitializer()
+}

-  /** Holds if the evaluation of `newExpr` may throw an exception. */
-  predicate newMayThrow(NewOrNewArrayExpr newExpr) {
-    functionMayThrow(newExpr.getAllocator()) or
-    functionMayThrow(getConstructorForAllocation(newExpr))
-  }
+/** Gets the `Destructor` invoked when `deleteExpr` deallocates memory. */
+Destructor getDestructorForDeallocation(DeleteOrDeleteArrayExpr deleteExpr) {
+  result = deleteExpr.getDestructor()
+}

-  /** Holds if the evaluation of `deleteExpr` may throw an exception. */
-  predicate deleteMayThrow(DeleteOrDeleteArrayExpr deleteExpr) {
-    functionMayThrow(deleteExpr.getDeallocator()) or
-    functionMayThrow(getDestructorForDeallocation(deleteExpr))
-  }
+/** Holds if the evaluation of `newExpr` may throw an exception. */
+predicate newMayThrow(NewOrNewArrayExpr newExpr) {
+  functionMayThrow(newExpr.getAllocator()) or
+  functionMayThrow(getConstructorForAllocation(newExpr))
+}

-  /**
-   * Holds if the function may throw an exception when called. That is, if the body of the function looks
-   * like it might throw an exception, and the function does not have a `noexcept` or `throw()` specifier.
-   */
-  predicate functionMayThrow(Function f) {
-    (not exists(f.getBlock()) or stmtMayThrow(f.getBlock())) and
-    not f.isNoExcept() and
-    not f.isNoThrow()
-  }
+/** Holds if the evaluation of `deleteExpr` may throw an exception. */
+predicate deleteMayThrow(DeleteOrDeleteArrayExpr deleteExpr) {
+  functionMayThrow(deleteExpr.getDeallocator()) or
+  functionMayThrow(getDestructorForDeallocation(deleteExpr))
+}

-  /** Holds if the evaluation of `stmt` may throw an exception. */
-  predicate stmtMayThrow(Stmt stmt) {
-    stmtMayThrow(stmt.(BlockStmt).getAStmt())
-    or
-    convertedExprMayThrow(stmt.(ExprStmt).getExpr())
-    or
-    convertedExprMayThrow(stmt.(DeclStmt).getADeclaration().(Variable).getInitializer().getExpr())
-    or
-    exists(IfStmt ifStmt | ifStmt = stmt |
-      convertedExprMayThrow(ifStmt.getCondition()) or
-      stmtMayThrow([ifStmt.getThen(), ifStmt.getElse()])
-    )
-    or
-    exists(ConstexprIfStmt constIfStmt | constIfStmt = stmt |
-      stmtMayThrow([constIfStmt.getThen(), constIfStmt.getElse()])
-    )
-    or
-    exists(Loop loop | loop = stmt |
-      convertedExprMayThrow(loop.getCondition()) or
-      stmtMayThrow(loop.getStmt())
-    )
-    or
-    // The case for `Loop` already checked the condition and the statement.
-    convertedExprMayThrow(stmt.(RangeBasedForStmt).getUpdate())
-    or
-    // The case for `Loop` already checked the condition and the statement.
-    exists(ForStmt forStmt | forStmt = stmt |
-      stmtMayThrow(forStmt.getInitialization())
-      or
-      convertedExprMayThrow(forStmt.getUpdate())
-    )
-    or
-    exists(SwitchStmt switchStmt | switchStmt = stmt |
-      convertedExprMayThrow(switchStmt.getExpr()) or
-      stmtMayThrow(switchStmt.getStmt())
-    )
-    or
-    // NOTE: We don't include `TryStmt` as those exceptions are not "observable" outside the function.
-    stmtMayThrow(stmt.(Handler).getBlock())
-    or
-    convertedExprMayThrow(stmt.(CoReturnStmt).getExpr())
-    or
-    convertedExprMayThrow(stmt.(ReturnStmt).getExpr())
-  }
+/**
+ * Holds if the function may throw an exception when called. That is, if the body of the function looks
+ * like it might throw an exception, and the function does not have a `noexcept` or `throw()` specifier.
+ */
+predicate functionMayThrow(Function f) {
+  (not exists(f.getBlock()) or stmtMayThrow(f.getBlock())) and
+  not f.isNoExcept() and
+  not f.isNoThrow()
+}

-  /** Holds if the evaluation of `e` (including conversions) may throw an exception. */
-  predicate convertedExprMayThrow(Expr e) {
-    exprMayThrow(e)
+/** Holds if the evaluation of `stmt` may throw an exception. */
+predicate stmtMayThrow(Stmt stmt) {
+  stmtMayThrow(stmt.(BlockStmt).getAStmt())
+  or
+  convertedExprMayThrow(stmt.(ExprStmt).getExpr())
+  or
+  convertedExprMayThrow(stmt.(DeclStmt).getADeclaration().(Variable).getInitializer().getExpr())
+  or
+  exists(IfStmt ifStmt | ifStmt = stmt |
+    convertedExprMayThrow(ifStmt.getCondition()) or
+    stmtMayThrow([ifStmt.getThen(), ifStmt.getElse()])
+  )
+  or
+  exists(ConstexprIfStmt constIfStmt | constIfStmt = stmt |
+    stmtMayThrow([constIfStmt.getThen(), constIfStmt.getElse()])
+  )
+  or
+  exists(Loop loop | loop = stmt |
+    convertedExprMayThrow(loop.getCondition()) or
+    stmtMayThrow(loop.getStmt())
+  )
+  or
+  // The case for `Loop` already checked the condition and the statement.
+  convertedExprMayThrow(stmt.(RangeBasedForStmt).getUpdate())
+  or
+  // The case for `Loop` already checked the condition and the statement.
+  exists(ForStmt forStmt | forStmt = stmt |
+    stmtMayThrow(forStmt.getInitialization())
    or
-    convertedExprMayThrow(e.getConversion())
-  }
+    convertedExprMayThrow(forStmt.getUpdate())
+  )
+  or
+  exists(SwitchStmt switchStmt | switchStmt = stmt |
+    convertedExprMayThrow(switchStmt.getExpr()) or
+    stmtMayThrow(switchStmt.getStmt())
+  )
+  or
+  // NOTE: We don't include `TryStmt` as those exceptions are not "observable" outside the function.
+  stmtMayThrow(stmt.(Handler).getBlock())
+  or
+  convertedExprMayThrow(stmt.(CoReturnStmt).getExpr())
+  or
+  convertedExprMayThrow(stmt.(ReturnStmt).getExpr())
+}

-  /** Holds if the evaluation of `e` may throw an exception. */
-  predicate exprMayThrow(Expr e) {
-    e instanceof DynamicCast
-    or
-    e instanceof TypeidOperator
-    or
-    e instanceof ThrowExpr
-    or
-    newMayThrow(e)
-    or
-    deleteMayThrow(e)
-    or
-    convertedExprMayThrow(e.(UnaryOperation).getOperand())
-    or
-    exists(BinaryOperation binOp | binOp = e |
-      convertedExprMayThrow([binOp.getLeftOperand(), binOp.getRightOperand()])
-    )
-    or
-    exists(Assignment assign | assign = e |
-      convertedExprMayThrow([assign.getLValue(), assign.getRValue()])
-    )
-    or
-    exists(CommaExpr comma | comma = e |
-      convertedExprMayThrow([comma.getLeftOperand(), comma.getRightOperand()])
-    )
-    or
-    exists(StmtExpr stmtExpr | stmtExpr = e |
-      convertedExprMayThrow(stmtExpr.getResultExpr()) or
-      stmtMayThrow(stmtExpr.getStmt())
-    )
-    or
-    convertedExprMayThrow(e.(Conversion).getExpr())
-    or
-    exists(FunctionCall fc | fc = e |
-      not exists(fc.getTarget()) or
-      functionMayThrow(fc.getTarget()) or
-      convertedExprMayThrow(fc.getAnArgument())
+/** Holds if the evaluation of `e` (including conversions) may throw an exception. */
+predicate convertedExprMayThrow(Expr e) {
+  exprMayThrow(e)
+  or
+  convertedExprMayThrow(e.getConversion())
+}
+
+/** Holds if the evaluation of `e` may throw an exception. */
+predicate exprMayThrow(Expr e) {
+  e instanceof DynamicCast
+  or
+  e instanceof TypeidOperator
+  or
+  e instanceof ThrowExpr
+  or
+  newMayThrow(e)
+  or
+  deleteMayThrow(e)
+  or
+  convertedExprMayThrow(e.(UnaryOperation).getOperand())
+  or
+  exists(BinaryOperation binOp | binOp = e |
+    convertedExprMayThrow([binOp.getLeftOperand(), binOp.getRightOperand()])
+  )
+  or
+  exists(Assignment assign | assign = e |
+    convertedExprMayThrow([assign.getLValue(), assign.getRValue()])
+  )
+  or
+  exists(CommaExpr comma | comma = e |
+    convertedExprMayThrow([comma.getLeftOperand(), comma.getRightOperand()])
+  )
+  or
+  exists(StmtExpr stmtExpr | stmtExpr = e |
+    convertedExprMayThrow(stmtExpr.getResultExpr()) or
+    stmtMayThrow(stmtExpr.getStmt())
+  )
+  or
+  convertedExprMayThrow(e.(Conversion).getExpr())
+  or
+  exists(FunctionCall fc | fc = e |
+    not exists(fc.getTarget()) or
+    functionMayThrow(fc.getTarget()) or
+    convertedExprMayThrow(fc.getAnArgument())
+  )
+}
+
+/** An allocator that might throw an exception. */
+class ThrowingAllocator extends Function {
+  ThrowingAllocator() {
+    exists(NewOrNewArrayExpr newExpr |
+      newExpr.getAllocator() = this and
+      functionMayThrow(this)
    )
  }
+}

-  /** An allocator that might throw an exception. */
-  class ThrowingAllocator extends Function {
-    ThrowingAllocator() {
-      exists(NewOrNewArrayExpr newExpr |
-        newExpr.getAllocator() = this and
-        functionMayThrow(this)
-      )
-    }
+/** The `std::bad_alloc` exception and its `bsl` variant. */
+class BadAllocType extends Class {
+  BadAllocType() { this.hasGlobalOrStdOrBslName("bad_alloc") }
+}
+
+/**
+ * A catch block that catches a `std::bad_alloc` (or any of its superclasses), or a catch
+ * block that catches every exception (i.e., `catch(...)`).
+ */
+class BadAllocCatchBlock extends CatchBlock {
+  BadAllocCatchBlock() {
+    this.getParameter().getUnspecifiedType().stripType() =
+      any(BadAllocType badAlloc).getABaseClass*()
+    or
+    not exists(this.getParameter())
  }
+}

-  /** The `std::bad_alloc` exception and its `bsl` variant. */
-  class BadAllocType extends Class {
-    BadAllocType() { this.hasGlobalOrStdOrBslName("bad_alloc") }
-  }
+/**
+ * Holds if `newExpr` is embedded in a `try` statement with a catch block `catchBlock` that
+ * catches a `std::bad_alloc` exception, but nothing in the `try` block (including the `newExpr`)
+ * will throw that exception.
+ */
+predicate noThrowInTryBlock(NewOrNewArrayExpr newExpr, BadAllocCatchBlock catchBlock) {
+  exists(TryStmt try |
+    not stmtMayThrow(try.getStmt()) and
+    try.getACatchClause() = catchBlock and
+    newExpr.getEnclosingBlock().getEnclosingBlock*() = try.getStmt()
+  )
+}

-  /**
-   * A catch block that catches a `std::bad_alloc` (or any of its superclasses), or a catch
-   * block that catches every exception (i.e., `catch(...)`).
-   */
-  class BadAllocCatchBlock extends CatchBlock {
-    BadAllocCatchBlock() {
-      this.getParameter().getUnspecifiedType().stripType() =
-        any(BadAllocType badAlloc).getABaseClass*()
-      or
-      not exists(this.getParameter())
-    }
-  }
+/**
+ * Holds if `newExpr` is handles allocation failures by throwing an exception, yet
+ * the guard condition `guard` compares the result of `newExpr` to a null value.
+ */
+predicate nullCheckInThrowingNew(NewOrNewArrayExpr newExpr, GuardCondition guard) {
+  newExpr.getAllocator() instanceof ThrowingAllocator and
+  (
+    // Handles null comparisons.
+    guard.ensuresEq(globalValueNumber(newExpr).getAnExpr(), any(NullValue null), _, _, _)
+    or
+    // Handles `if(ptr)` and `if(!ptr)` cases.
+    guard = globalValueNumber(newExpr).getAnExpr()
+  )
+}

-  /**
-   * Holds if `newExpr` is embedded in a `try` statement with a catch block `catchBlock` that
-   * catches a `std::bad_alloc` exception, but nothing in the `try` block (including the `newExpr`)
-   * will throw that exception.
-   */
-  predicate noThrowInTryBlock(NewOrNewArrayExpr newExpr, BadAllocCatchBlock catchBlock) {
-    exists(TryStmt try |
-      not stmtMayThrow(try.getStmt()) and
-      try.getACatchClause() = catchBlock and
-      newExpr.getEnclosingBlock().getEnclosingBlock*() = try.getStmt()
-    )
-  }
-
-  /**
-   * Holds if `newExpr` is handles allocation failures by throwing an exception, yet
-   * the guard condition `guard` compares the result of `newExpr` to a null value.
-   */
-  predicate nullCheckInThrowingNew(NewOrNewArrayExpr newExpr, GuardCondition guard) {
-    newExpr.getAllocator() instanceof ThrowingAllocator and
-    (
-      // Handles null comparisons.
-      guard.ensuresEq(globalValueNumber(newExpr).getAnExpr(), any(NullValue null), _, _, _)
-      or
-      // Handles `if(ptr)` and `if(!ptr)` cases.
-      guard = globalValueNumber(newExpr).getAnExpr()
-    )
-  }
-
-  from NewOrNewArrayExpr newExpr, Element element, string msg, string elementString
-  where
-    not newExpr.isFromUninstantiatedTemplate(_) and
-    (
-      noThrowInTryBlock(newExpr, element) and
-      msg = "This allocation cannot throw. $@ is unnecessary." and
-      elementString = "This catch block"
-      or
-      nullCheckInThrowingNew(newExpr, element) and
-      msg = "This allocation cannot return null. $@ is unnecessary." and
-      elementString = "This check"
-    )
-  select newExpr, msg, element, elementString
+from NewOrNewArrayExpr newExpr, Element element, string msg, string elementString
+where
+  not newExpr.isFromUninstantiatedTemplate(_) and
+  (
+    noThrowInTryBlock(newExpr, element) and
+    msg = "This allocation cannot throw. $@ is unnecessary." and
+    elementString = "This catch block"
+    or
+    nullCheckInThrowingNew(newExpr, element) and
+    msg = "This allocation cannot return null. $@ is unnecessary." and
+    elementString = "This check"
+  )
+select newExpr, msg, element, elementString