hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #114 from geoffw0/samate-realloc

Browse Source 
CPP: Handle 'realloc' better in MemoryMayNotBeFreed.ql
This commit is contained in:
Jonas Jensen
2018-09-05 08:35:13 +02:00
committed by GitHub
parent 8225daf94d 8e5c170af6
commit 1bcae97447
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
View File

@@ -62,8 +62,14 @@ predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode
// a realloc followed by a null check at 'node' (return the non-null
// successor, i.e. where the realloc is confirmed to have succeeded)
newV.getAnAssignedValue() = reallocCall and
node.(AnalysedExpr).getNonNullSuccessor(newV) = verified
node.(AnalysedExpr).getNonNullSuccessor(newV) = verified and
// note: this case uses naive flow logic (getAnAssignedValue).
// special case: if the result of the 'realloc' is assigned to the
// same variable, we don't descriminate properly between the old
// and the new allocation; better to not consider this a free at
// all in that case.
newV != v
) or (
// a realloc(ptr, 0), which always succeeds and frees
// (return the realloc itself)