hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Move overflow detection to SimpleRangeAnalysis.qll

Browse Source
This commit is contained in:
Robert Marsh
2023-03-17 16:58:06 -04:00
parent 0f4157c534
commit 204dbee14c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/SimpleRangeAnalysis.qll
View File

@@ -8,6 +8,7 @@ private import semmle.code.cpp.ir.IR
private import experimental.semmle.code.cpp.semantic.SemanticBound
private import experimental.semmle.code.cpp.semantic.SemanticExprSpecific
private import RangeAnalysis
private import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils
/**
* Gets the lower bound of the expression.
@@ -90,7 +91,7 @@ predicate defMightOverflow(RangeSsaDefinition def, StackVariable v) {
* does not consider the possibility that the expression might overflow
* due to a conversion.
*/
predicate exprMightOverflowNegatively(Expr expr) { none() }
predicate exprMightOverflowNegatively(Expr expr) { lowerBound(expr) < exprMinVal(expr) }
/**
* Holds if the expression might overflow negatively. Conversions
@@ -108,7 +109,7 @@ predicate convertedExprMightOverflowNegatively(Expr expr) {
* does not consider the possibility that the expression might overflow
* due to a conversion.
*/
predicate exprMightOverflowPositively(Expr expr) { none() }
predicate exprMightOverflowPositively(Expr expr) { upperBound(expr) > exprMaxVal(expr) }
/**
* Holds if the expression might overflow positively. Conversions