hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Fix false positives when a member variable is released via the target of a function pointer.

Browse Source
This commit is contained in:
Geoffrey White
2018-12-12 10:27:50 +00:00
parent 370387a9ca
commit 2f3a874c7d
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
View File

@@ -227,6 +227,11 @@ predicate leakedInSameMethod(Resource r, Expr acquire) {
fc.getQualifier() = r.getAnAccess() or // e.g. `r->setOwner(this)`
fc = acquire.getAChild*() // e.g. `r = new MyClass(this)`
)
) or exists(FunctionAccess fa, string kind |
// the address of a function that releases `r` is taken (and likely
// used to release `r` at some point).
r.acquisitionWithRequiredKind(acquire, kind) and
fa.getTarget() = r.getAReleaseExpr(kind).getEnclosingFunction()
)
)
}

1
cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/AV Rule 79.expected
View File

@@ -11,7 +11,6 @@
| DeleteThis.cpp:127:3:127:20 | ... = ... | Resource d is acquired by class MyClass9 but not released anywhere in this class. |
| ExternalOwners.cpp:49:3:49:20 | ... = ... | Resource a is acquired by class MyScreen but not released anywhere in this class. |
| Lambda.cpp:24:3:24:21 | ... = ... | Resource r4 is acquired by class testLambda but not released anywhere in this class. |
| Lambda.cpp:29:3:29:21 | ... = ... | Resource r6 is acquired by class testLambda but not released in the destructor. It is released from deleter_for_r6 on line 40, so this function may need to be called from the destructor. |
| ListDelete.cpp:21:3:21:21 | ... = ... | Resource first is acquired by class MyThingColection but not released anywhere in this class. |
| NoDestructor.cpp:23:3:23:20 | ... = ... | Resource n is acquired by class MyClass5 but not released anywhere in this class. |
| PlacementNew.cpp:36:3:36:36 | ... = ... | Resource p1 is acquired by class MyTestForPlacementNew but not released anywhere in this class. |

2
cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/Lambda.cpp
View File

@@ -26,7 +26,7 @@ public:
r5 = new char[4096]; // GOOD
deleter5 = &deleter_for_r5;
r6 = new char[4096]; // GOOD [FALSE POSITIVE]
r6 = new char[4096]; // GOOD
deleter6 = &testLambda::deleter_for_r6;
}