From 23a7cd943f2381b0f33e2f85ead4a2d0a4059109 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 13 Apr 2023 10:50:46 +0100 Subject: [PATCH] C++: Fix missing result and accept test changes. --- cpp/ql/src/Critical/UseAfterFree.ql | 2 ++ .../query-tests/Critical/MemoryFreed/UseAfterFree.expected | 7 +++++++ cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/Critical/UseAfterFree.ql b/cpp/ql/src/Critical/UseAfterFree.ql index 797834bf0df..6c2e5cdc81b 100644 --- a/cpp/ql/src/Critical/UseAfterFree.ql +++ b/cpp/ql/src/Critical/UseAfterFree.ql @@ -39,6 +39,8 @@ predicate isUse0(DataFlow::Node n, Expr e) { or e = any(ArrayExpr ae).getArrayBase() or + e = any(Call call).getQualifier() + or // Assume any function without a body will dereference the pointer exists(int i, Call call, Function f | n.asExpr() = call.getArgument(i) and diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected b/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected index 4d889d08661..6223a6f31ea 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected @@ -9,6 +9,8 @@ edges | test_free.cpp:44:27:44:27 | a | test_free.cpp:45:5:45:5 | a | | test_free.cpp:69:10:69:10 | a | test_free.cpp:71:9:71:9 | a | | test_free.cpp:69:10:69:10 | a | test_free.cpp:71:9:71:9 | a | +| test_free.cpp:90:10:90:10 | a | test_free.cpp:91:5:91:5 | a | +| test_free.cpp:90:10:90:10 | a | test_free.cpp:91:5:91:5 | a | | test_free.cpp:95:10:95:10 | a | test_free.cpp:96:9:96:9 | a | | test_free.cpp:101:10:101:10 | a | test_free.cpp:102:23:102:23 | a | | test_free.cpp:152:27:152:27 | a | test_free.cpp:153:5:153:5 | a | @@ -28,6 +30,9 @@ nodes | test_free.cpp:69:10:69:10 | a | semmle.label | a | | test_free.cpp:69:10:69:10 | a | semmle.label | a | | test_free.cpp:71:9:71:9 | a | semmle.label | a | +| test_free.cpp:90:10:90:10 | a | semmle.label | a | +| test_free.cpp:90:10:90:10 | a | semmle.label | a | +| test_free.cpp:91:5:91:5 | a | semmle.label | a | | test_free.cpp:95:10:95:10 | a | semmle.label | a | | test_free.cpp:96:9:96:9 | a | semmle.label | a | | test_free.cpp:101:10:101:10 | a | semmle.label | a | @@ -49,6 +54,8 @@ subpaths | test_free.cpp:45:5:45:5 | a | test_free.cpp:44:27:44:27 | a | test_free.cpp:45:5:45:5 | a | Memory may have been previously freed by $@. | test_free.cpp:44:22:44:25 | call to free | call to free | | test_free.cpp:71:9:71:9 | a | test_free.cpp:69:10:69:10 | a | test_free.cpp:71:9:71:9 | a | Memory may have been previously freed by $@. | test_free.cpp:69:5:69:8 | call to free | call to free | | test_free.cpp:71:9:71:9 | a | test_free.cpp:69:10:69:10 | a | test_free.cpp:71:9:71:9 | a | Memory may have been previously freed by $@. | test_free.cpp:69:5:69:8 | call to free | call to free | +| test_free.cpp:91:5:91:5 | a | test_free.cpp:90:10:90:10 | a | test_free.cpp:91:5:91:5 | a | Memory may have been previously freed by $@. | test_free.cpp:90:5:90:8 | call to free | call to free | +| test_free.cpp:91:5:91:5 | a | test_free.cpp:90:10:90:10 | a | test_free.cpp:91:5:91:5 | a | Memory may have been previously freed by $@. | test_free.cpp:90:5:90:8 | call to free | call to free | | test_free.cpp:96:9:96:9 | a | test_free.cpp:95:10:95:10 | a | test_free.cpp:96:9:96:9 | a | Memory may have been previously freed by $@. | test_free.cpp:95:5:95:8 | call to free | call to free | | test_free.cpp:102:23:102:23 | a | test_free.cpp:101:10:101:10 | a | test_free.cpp:102:23:102:23 | a | Memory may have been previously freed by $@. | test_free.cpp:101:5:101:8 | call to free | call to free | | test_free.cpp:153:5:153:5 | a | test_free.cpp:152:27:152:27 | a | test_free.cpp:153:5:153:5 | a | Memory may have been previously freed by $@. | test_free.cpp:152:22:152:25 | call to free | call to free | diff --git a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp index f7e7a6b972f..754ba5deb05 100644 --- a/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp +++ b/cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp @@ -88,7 +88,7 @@ void test_new1() { void test_dereference1(A *a) { a->f(); // GOOD free(a); - a->f(); // BAD [NOT DETECTED] + a->f(); // BAD } void* use_after_free(void *a) {