hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add support for += and -=.

Browse Source
This commit is contained in:
Geoffrey White
2018-08-28 10:42:09 +01:00
parent 0bd8d9a113
commit 229d0406bb
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/semmle/code/cpp/security/Overflow.qll
View File

@@ -63,6 +63,7 @@ predicate missingGuardAgainstOverflow(Operation e, VariableAccess use) {
exists(LocalScopeVariable v | use.getTarget() = v |
// overflow possible if large
(e instanceof AddExpr and not guardedLesser(e, varUse(v))) or
(e instanceof AssignAddExpr and not guardedLesser(e, varUse(v))) or
(e instanceof IncrementOperation and not guardedLesser(e, varUse(v)) and v.getType().getUnspecifiedType() instanceof IntegralType) or
// overflow possible if large or small
(e instanceof MulExpr and
@@ -76,6 +77,7 @@ predicate missingGuardAgainstUnderflow(Operation e, VariableAccess use) {
exists(LocalScopeVariable v | use.getTarget() = v |
// underflow possible if use is left operand and small
(use = e.(SubExpr).getLeftOperand() and not guardedGreater(e, varUse(v))) or
(use = e.(AssignSubExpr).getLValue() and not guardedGreater(e, varUse(v))) or
// underflow possible if small
(e instanceof DecrementOperation and not guardedGreater(e, varUse(v)) and v.getType().getUnspecifiedType() instanceof IntegralType) or
// underflow possible if large or small