hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15040 from MathiasVP/fewer-dataflow-branches

Browse Source 
C++: Fix dataflow inconsistencies
This commit is contained in:
Mathias Vorreiter Pedersen
2023-12-08 12:14:49 +00:00
committed by GitHub
parent 1dc0a063b0 90a62b27f5
commit 30c67ba6e7
11 changed files with 520 additions and 600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -18,17 +18,17 @@ private import codeql.util.Unit
/**
* The IR dataflow graph consists of the following nodes:
* - `Node0`, which injects most instructions and operands directly into the dataflow graph.
* - `Node0`, which injects most instructions and operands directly into the
* dataflow graph.
* - `VariableNode`, which is used to model flow through global variables.
* - `PostFieldUpdateNode`, which is used to model the state of a field after a value has been stored
* into an address after a number of loads.
* - `SsaPhiNode`, which represents phi nodes as computed by the shared SSA library.
* - `IndirectArgumentOutNode`, which represents the value of an argument (and its indirections) after
* it leaves a function call.
* - `RawIndirectOperand`, which represents the value of `operand` after loading the address a number
* of times.
* - `RawIndirectInstruction`, which represents the value of `instr` after loading the address a number
* of times.
* - `PostUpdateNodeImpl`, which is used to model the state of an object after
* an update after a number of loads.
* - `SsaPhiNode`, which represents phi nodes as computed by the shared SSA
* library.
* - `RawIndirectOperand`, which represents the value of `operand` after
* loading the address a number of times.
* - `RawIndirectInstruction`, which represents the value of `instr` after
* loading the address a number of times.
*/
cached
private newtype TIRDataFlowNode =
@@ -37,14 +37,13 @@ private newtype TIRDataFlowNode =
indirectionIndex =
[getMinIndirectionsForType(var.getUnspecifiedType()) .. Ssa::getMaxIndirectionsForType(var.getUnspecifiedType())]
} or
TPostFieldUpdateNode(FieldAddress operand, int indirectionIndex) {
indirectionIndex =
[1 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType())]
} or
TSsaPhiNode(Ssa::PhiNode phi) or
TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) {
TPostUpdateNodeImpl(Operand operand, int indirectionIndex) {
operand = any(FieldAddress fa).getObjectAddressOperand() and
indirectionIndex = [1 .. Ssa::countIndirectionsForCppType(Ssa::getLanguageType(operand))]
or
Ssa::isModifiableByCall(operand, indirectionIndex)
} or
TSsaPhiNode(Ssa::PhiNode phi) or
TRawIndirectOperand0(Node0Impl node, int indirectionIndex) {
Ssa::hasRawIndirectOperand(node.asOperand(), indirectionIndex)
} or
@@ -84,7 +83,7 @@ private predicate parameterIsRedefined(Parameter p) {
class FieldAddress extends Operand {
FieldAddressInstruction fai;
FieldAddress() { fai = this.getDef() }
FieldAddress() { fai = this.getDef() and not Ssa::ignoreOperand(this) }
/** Gets the field associated with this instruction. */
Field getField() { result = fai.getField() }
@@ -550,37 +549,44 @@ Type stripPointer(Type t) {
result = t.(FunctionPointerIshType).getBaseType()
}
private class PostUpdateNodeImpl extends PartialDefinitionNode, TPostUpdateNodeImpl {
int indirectionIndex;
Operand operand;
PostUpdateNodeImpl() { this = TPostUpdateNodeImpl(operand, indirectionIndex) }
override Declaration getFunction() { result = operand.getUse().getEnclosingFunction() }
override Declaration getEnclosingCallable() { result = this.getFunction() }
/** Gets the operand associated with this node. */
Operand getOperand() { result = operand }
/** Gets the indirection index associated with this node. */
int getIndirectionIndex() { result = indirectionIndex }
override Location getLocationImpl() { result = operand.getLocation() }
final override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) }
final override Expr getDefinedExpr() {
result = operand.getDef().getUnconvertedResultExpression()
}
}
/**
* INTERNAL: do not use.
*
* The node representing the value of a field after it has been updated.
*/
class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode {
int indirectionIndex;
class PostFieldUpdateNode extends PostUpdateNodeImpl {
FieldAddress fieldAddress;
PostFieldUpdateNode() { this = TPostFieldUpdateNode(fieldAddress, indirectionIndex) }
override Declaration getFunction() { result = fieldAddress.getUse().getEnclosingFunction() }
override Declaration getEnclosingCallable() { result = this.getFunction() }
PostFieldUpdateNode() { operand = fieldAddress.getObjectAddressOperand() }
FieldAddress getFieldAddress() { result = fieldAddress }
Field getUpdatedField() { result = fieldAddress.getField() }
int getIndirectionIndex() { result = indirectionIndex }
override Node getPreUpdateNode() {
hasOperandAndIndex(result, pragma[only_bind_into](fieldAddress).getObjectAddressOperand(),
indirectionIndex)
}
override Expr getDefinedExpr() {
result = fieldAddress.getObjectAddress().getUnconvertedResultExpression()
}
override Location getLocationImpl() { result = fieldAddress.getLocation() }
Field getUpdatedField() { result = this.getFieldAddress().getField() }
override string toStringImpl() { result = this.getPreUpdateNode() + " [post update]" }
}
@@ -816,13 +822,8 @@ class IndirectReturnNode extends Node {
* A node representing the indirection of a value after it
* has been returned from a function.
*/
class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PartialDefinitionNode {
ArgumentOperand operand;
int indirectionIndex;
IndirectArgumentOutNode() { this = TIndirectArgumentOutNode(operand, indirectionIndex) }
int getIndirectionIndex() { result = indirectionIndex }
class IndirectArgumentOutNode extends PostUpdateNodeImpl {
override ArgumentOperand operand;
int getArgumentIndex() {
exists(CallInstruction call | call.getArgumentOperand(result) = operand)
@@ -834,12 +835,6 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PartialDef
Function getStaticCallTarget() { result = this.getCallInstruction().getStaticCallTarget() }
override Declaration getEnclosingCallable() { result = this.getFunction() }
override Declaration getFunction() { result = this.getCallInstruction().getEnclosingFunction() }
override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) }
override string toStringImpl() {
// This string should be unique enough to be helpful but common enough to
// avoid storing too many different strings.
@@ -848,10 +843,6 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PartialDef
not exists(this.getStaticCallTarget()) and
result = "output argument"
}
override Location getLocationImpl() { result = operand.getLocation() }
override Expr getDefinedExpr() { result = operand.getDef().getUnconvertedResultExpression() }
}
/**

18
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.expected
View File

@@ -3,8 +3,8 @@ edges
| test.cpp:4:17:4:22 | call to malloc | test.cpp:10:9:10:11 | arr |
| test.cpp:19:9:19:16 | mk_array indirection [p] | test.cpp:28:19:28:26 | call to mk_array [p] |
| test.cpp:19:9:19:16 | mk_array indirection [p] | test.cpp:50:18:50:25 | call to mk_array [p] |
| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:9:21:9 | arr indirection [post update] [p] |
| test.cpp:21:9:21:9 | arr indirection [post update] [p] | test.cpp:22:5:22:7 | arr indirection [p] |
| test.cpp:21:5:21:7 | arr indirection [post update] [p] | test.cpp:22:5:22:7 | arr indirection [p] |
| test.cpp:21:5:21:24 | ... = ... | test.cpp:21:5:21:7 | arr indirection [post update] [p] |
| test.cpp:21:13:21:18 | call to malloc | test.cpp:21:5:21:24 | ... = ... |
| test.cpp:22:5:22:7 | arr indirection [p] | test.cpp:19:9:19:16 | mk_array indirection [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | test.cpp:31:9:31:11 | arr indirection [p] |
@@ -16,8 +16,8 @@ edges
| test.cpp:41:9:41:11 | arr indirection [p] | test.cpp:41:13:41:13 | p |
| test.cpp:45:9:45:11 | arr indirection [p] | test.cpp:45:13:45:13 | p |
| test.cpp:50:18:50:25 | call to mk_array [p] | test.cpp:39:27:39:29 | arr [p] |
| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:9:55:9 | arr indirection [post update] [p] |
| test.cpp:55:9:55:9 | arr indirection [post update] [p] | test.cpp:56:5:56:7 | arr indirection [p] |
| test.cpp:55:5:55:7 | arr indirection [post update] [p] | test.cpp:56:5:56:7 | arr indirection [p] |
| test.cpp:55:5:55:24 | ... = ... | test.cpp:55:5:55:7 | arr indirection [post update] [p] |
| test.cpp:55:13:55:18 | call to malloc | test.cpp:55:5:55:24 | ... = ... |
| test.cpp:56:5:56:7 | arr indirection [p] | test.cpp:59:9:59:11 | arr indirection [p] |
| test.cpp:56:5:56:7 | arr indirection [p] | test.cpp:63:9:63:11 | arr indirection [p] |
@@ -25,8 +25,8 @@ edges
| test.cpp:63:9:63:11 | arr indirection [p] | test.cpp:63:13:63:13 | p |
| test.cpp:67:10:67:19 | mk_array_p indirection [p] | test.cpp:76:20:76:29 | call to mk_array_p indirection [p] |
| test.cpp:67:10:67:19 | mk_array_p indirection [p] | test.cpp:98:18:98:27 | call to mk_array_p indirection [p] |
| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:10:69:10 | arr indirection [post update] [p] |
| test.cpp:69:10:69:10 | arr indirection [post update] [p] | test.cpp:70:5:70:7 | arr indirection [p] |
| test.cpp:69:5:69:7 | arr indirection [post update] [p] | test.cpp:70:5:70:7 | arr indirection [p] |
| test.cpp:69:5:69:25 | ... = ... | test.cpp:69:5:69:7 | arr indirection [post update] [p] |
| test.cpp:69:14:69:19 | call to malloc | test.cpp:69:5:69:25 | ... = ... |
| test.cpp:70:5:70:7 | arr indirection [p] | test.cpp:67:10:67:19 | mk_array_p indirection [p] |
| test.cpp:76:20:76:29 | call to mk_array_p indirection [p] | test.cpp:79:9:79:11 | arr indirection [p] |
@@ -43,8 +43,8 @@ nodes
| test.cpp:6:9:6:11 | arr | semmle.label | arr |
| test.cpp:10:9:10:11 | arr | semmle.label | arr |
| test.cpp:19:9:19:16 | mk_array indirection [p] | semmle.label | mk_array indirection [p] |
| test.cpp:21:5:21:7 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:21:5:21:24 | ... = ... | semmle.label | ... = ... |
| test.cpp:21:9:21:9 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:21:13:21:18 | call to malloc | semmle.label | call to malloc |
| test.cpp:22:5:22:7 | arr indirection [p] | semmle.label | arr indirection [p] |
| test.cpp:28:19:28:26 | call to mk_array [p] | semmle.label | call to mk_array [p] |
@@ -58,8 +58,8 @@ nodes
| test.cpp:45:9:45:11 | arr indirection [p] | semmle.label | arr indirection [p] |
| test.cpp:45:13:45:13 | p | semmle.label | p |
| test.cpp:50:18:50:25 | call to mk_array [p] | semmle.label | call to mk_array [p] |
| test.cpp:55:5:55:7 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:55:5:55:24 | ... = ... | semmle.label | ... = ... |
| test.cpp:55:9:55:9 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:55:13:55:18 | call to malloc | semmle.label | call to malloc |
| test.cpp:56:5:56:7 | arr indirection [p] | semmle.label | arr indirection [p] |
| test.cpp:59:9:59:11 | arr indirection [p] | semmle.label | arr indirection [p] |
@@ -67,8 +67,8 @@ nodes
| test.cpp:63:9:63:11 | arr indirection [p] | semmle.label | arr indirection [p] |
| test.cpp:63:13:63:13 | p | semmle.label | p |
| test.cpp:67:10:67:19 | mk_array_p indirection [p] | semmle.label | mk_array_p indirection [p] |
| test.cpp:69:5:69:7 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:69:5:69:25 | ... = ... | semmle.label | ... = ... |
| test.cpp:69:10:69:10 | arr indirection [post update] [p] | semmle.label | arr indirection [post update] [p] |
| test.cpp:69:14:69:19 | call to malloc | semmle.label | call to malloc |
| test.cpp:70:5:70:7 | arr indirection [p] | semmle.label | arr indirection [p] |
| test.cpp:76:20:76:29 | call to mk_array_p indirection [p] | semmle.label | call to mk_array_p indirection [p] |

1
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
View File

@@ -15,7 +15,6 @@ postIsNotPre
| flowOut.cpp:84:3:84:14 | access to array indirection | PostUpdateNode should not equal its pre-update node. |
postHasUniquePre
uniquePostUpdate
| example.c:24:13:24:18 | coords indirection | Node has multiple PostUpdateNodes. |
postIsInSameCallable
reverseRead
argHasPostUpdate

25
cpp/ql/test/library-tests/dataflow/fields/dataflow-ir-consistency.expected
View File

@@ -14,31 +14,6 @@ localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
| aliasing.cpp:70:11:70:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:77:11:77:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:84:11:84:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| aliasing.cpp:91:11:91:11 | definition of w indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:54:3:54:3 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:61:3:61:3 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:90:3:90:3 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:104:2:104:2 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:111:4:111:4 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:118:2:118:2 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:125:2:125:2 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:132:2:132:2 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:139:4:139:4 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:165:3:165:3 | s indirection | Node has multiple PostUpdateNodes. |
| clearning.cpp:172:3:172:3 | s indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:22:3:22:5 | this indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:25:7:25:7 | this indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:42:10:42:14 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:43:10:43:14 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:53:6:53:10 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:54:6:54:10 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:55:6:55:10 | inner indirection | Node has multiple PostUpdateNodes. |
| complex.cpp:56:6:56:10 | inner indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:26:16:26:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
| struct_init.c:41:16:41:20 | definition of outer indirection | Node has multiple PostUpdateNodes. |
postIsInSameCallable
reverseRead
argHasPostUpdate

729
cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
View File

File diff suppressed because it is too large Load Diff

186
cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
View File

@@ -1,7 +1,7 @@
WARNING: Module DataFlow has been deprecated and may be removed in future (partial-definition-diff.ql:7,8-51)
| A.cpp:25:13:25:13 | c | AST only |
| A.cpp:27:28:27:28 | c | AST only |
| A.cpp:28:29:28:29 | this | IR only |
| A.cpp:28:23:28:26 | this | IR only |
| A.cpp:31:14:31:21 | new | IR only |
| A.cpp:40:15:40:21 | 0 | IR only |
| A.cpp:40:15:40:21 | 0 | IR only |
@@ -45,7 +45,7 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (parti
| A.cpp:161:29:161:35 | 0 | IR only |
| A.cpp:162:18:162:40 | new | IR only |
| A.cpp:162:29:162:35 | 0 | IR only |
| A.cpp:167:47:167:50 | l | IR only |
| A.cpp:167:44:167:44 | l | IR only |
| A.cpp:183:7:183:10 | head | AST only |
| A.cpp:184:13:184:16 | next | AST only |
| B.cpp:7:16:7:35 | new | IR only |
@@ -93,54 +93,54 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (parti
| aliasing.cpp:9:6:9:7 | m1 | AST only |
| aliasing.cpp:13:5:13:6 | m1 | AST only |
| aliasing.cpp:17:5:17:6 | m1 | AST only |
| aliasing.cpp:29:11:29:12 | s1 | IR only |
| aliasing.cpp:30:11:30:12 | s2 | IR only |
| aliasing.cpp:31:11:31:12 | s3 | IR only |
| aliasing.cpp:29:8:29:9 | s1 | IR only |
| aliasing.cpp:30:8:30:9 | s2 | IR only |
| aliasing.cpp:31:8:31:9 | s3 | IR only |
| aliasing.cpp:37:8:37:9 | m1 | AST only |
| aliasing.cpp:38:11:38:12 | s1 | IR only |
| aliasing.cpp:38:8:38:9 | s1 | IR only |
| aliasing.cpp:42:6:42:7 | m1 | AST only |
| aliasing.cpp:43:13:43:14 | ref2 | IR only |
| aliasing.cpp:43:8:43:11 | ref2 | IR only |
| aliasing.cpp:49:9:49:10 | m1 | AST only |
| aliasing.cpp:50:11:50:12 | s1 | IR only |
| aliasing.cpp:50:8:50:9 | s1 | IR only |
| aliasing.cpp:54:6:54:7 | m1 | AST only |
| aliasing.cpp:55:14:55:15 | copy2 | IR only |
| aliasing.cpp:55:8:55:12 | copy2 | IR only |
| aliasing.cpp:60:6:60:7 | m1 | AST only |
| aliasing.cpp:62:14:62:15 | copy2 | IR only |
| aliasing.cpp:71:11:71:11 | w | IR only |
| aliasing.cpp:62:8:62:12 | copy2 | IR only |
| aliasing.cpp:71:9:71:9 | w | IR only |
| aliasing.cpp:72:5:72:6 | m1 | AST only |
| aliasing.cpp:73:10:73:10 | w | IR only |
| aliasing.cpp:73:12:73:13 | s | IR only |
| aliasing.cpp:78:13:78:13 | w | IR only |
| aliasing.cpp:73:8:73:8 | w | IR only |
| aliasing.cpp:73:10:73:10 | s | IR only |
| aliasing.cpp:78:11:78:11 | w | IR only |
| aliasing.cpp:79:6:79:7 | m1 | AST only |
| aliasing.cpp:80:10:80:10 | w | IR only |
| aliasing.cpp:80:12:80:13 | s | IR only |
| aliasing.cpp:85:12:85:12 | w | IR only |
| aliasing.cpp:80:8:80:8 | w | IR only |
| aliasing.cpp:80:10:80:10 | s | IR only |
| aliasing.cpp:85:10:85:10 | w | IR only |
| aliasing.cpp:86:5:86:6 | m1 | AST only |
| aliasing.cpp:87:10:87:10 | w | IR only |
| aliasing.cpp:87:12:87:13 | s | IR only |
| aliasing.cpp:87:8:87:8 | w | IR only |
| aliasing.cpp:87:10:87:10 | s | IR only |
| aliasing.cpp:92:7:92:8 | m1 | AST only |
| aliasing.cpp:93:10:93:10 | w | IR only |
| aliasing.cpp:93:12:93:13 | s | IR only |
| aliasing.cpp:93:8:93:8 | w | IR only |
| aliasing.cpp:93:10:93:10 | s | IR only |
| aliasing.cpp:98:5:98:6 | m1 | AST only |
| aliasing.cpp:101:21:101:22 | s_copy | IR only |
| aliasing.cpp:101:14:101:19 | s_copy | IR only |
| aliasing.cpp:106:3:106:5 | * ... | AST only |
| aliasing.cpp:112:10:112:11 | s | IR only |
| aliasing.cpp:143:10:143:13 | s | IR only |
| aliasing.cpp:148:13:148:14 | access to array | IR only |
| aliasing.cpp:159:11:159:14 | s | IR only |
| aliasing.cpp:165:10:165:13 | s | IR only |
| aliasing.cpp:176:11:176:11 | s2 | IR only |
| aliasing.cpp:176:13:176:14 | s | IR only |
| aliasing.cpp:182:11:182:11 | s2 | IR only |
| aliasing.cpp:182:13:182:14 | s | IR only |
| aliasing.cpp:189:13:189:13 | s2_2 | IR only |
| aliasing.cpp:189:15:189:16 | s | IR only |
| aliasing.cpp:196:13:196:13 | s2_2 | IR only |
| aliasing.cpp:196:15:196:16 | s | IR only |
| aliasing.cpp:201:13:201:13 | ps2 | IR only |
| aliasing.cpp:201:15:201:16 | s | IR only |
| aliasing.cpp:206:13:206:13 | ps2 | IR only |
| aliasing.cpp:206:15:206:16 | s | IR only |
| aliasing.cpp:112:8:112:8 | s | IR only |
| aliasing.cpp:143:8:143:8 | s | IR only |
| aliasing.cpp:148:8:148:11 | access to array | IR only |
| aliasing.cpp:159:9:159:9 | s | IR only |
| aliasing.cpp:165:8:165:8 | s | IR only |
| aliasing.cpp:176:8:176:9 | s2 | IR only |
| aliasing.cpp:176:11:176:11 | s | IR only |
| aliasing.cpp:182:8:182:9 | s2 | IR only |
| aliasing.cpp:182:11:182:11 | s | IR only |
| aliasing.cpp:189:8:189:11 | s2_2 | IR only |
| aliasing.cpp:189:13:189:13 | s | IR only |
| aliasing.cpp:196:8:196:11 | s2_2 | IR only |
| aliasing.cpp:196:13:196:13 | s | IR only |
| aliasing.cpp:201:8:201:10 | ps2 | IR only |
| aliasing.cpp:201:13:201:13 | s | IR only |
| aliasing.cpp:206:8:206:10 | ps2 | IR only |
| aliasing.cpp:206:13:206:13 | s | IR only |
| arrays.cpp:6:3:6:8 | access to array | AST only |
| arrays.cpp:7:8:7:13 | access to array | IR only |
| arrays.cpp:7:8:7:13 | access to array | IR only |
@@ -160,53 +160,53 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (parti
| arrays.cpp:48:22:48:25 | data | AST only |
| by_reference.cpp:12:8:12:8 | a | AST only |
| by_reference.cpp:16:11:16:11 | a | AST only |
| by_reference.cpp:32:15:32:15 | s | IR only |
| by_reference.cpp:36:18:36:18 | this | IR only |
| by_reference.cpp:32:12:32:12 | s | IR only |
| by_reference.cpp:36:12:36:15 | this | IR only |
| by_reference.cpp:44:26:44:29 | this | IR only |
| by_reference.cpp:69:22:69:23 | & ... | IR only |
| by_reference.cpp:84:10:84:10 | a | AST only |
| by_reference.cpp:88:9:88:9 | a | AST only |
| by_reference.cpp:92:3:92:5 | * ... | AST only |
| by_reference.cpp:96:3:96:4 | pa | AST only |
| clearning.cpp:18:7:18:7 | s | IR only |
| clearning.cpp:18:5:18:5 | s | IR only |
| clearning.cpp:19:3:19:6 | * ... | AST only |
| clearning.cpp:20:12:20:12 | s | IR only |
| clearning.cpp:25:7:25:7 | s | IR only |
| clearning.cpp:26:7:26:7 | s | IR only |
| clearning.cpp:27:12:27:12 | s | IR only |
| clearning.cpp:20:10:20:10 | s | IR only |
| clearning.cpp:25:5:25:5 | s | IR only |
| clearning.cpp:26:5:26:5 | s | IR only |
| clearning.cpp:27:10:27:10 | s | IR only |
| clearning.cpp:32:3:32:6 | * ... | AST only |
| clearning.cpp:33:7:33:7 | s | IR only |
| clearning.cpp:33:5:33:5 | s | IR only |
| clearning.cpp:34:8:34:11 | * ... | IR only |
| clearning.cpp:34:11:34:11 | s | IR only |
| clearning.cpp:34:9:34:9 | s | IR only |
| clearning.cpp:39:3:39:6 | * ... | AST only |
| clearning.cpp:40:5:40:5 | x | AST only |
| clearning.cpp:41:8:41:11 | * ... | IR only |
| clearning.cpp:41:11:41:11 | s | IR only |
| clearning.cpp:46:7:46:7 | s | IR only |
| clearning.cpp:41:9:41:9 | s | IR only |
| clearning.cpp:46:5:46:5 | s | IR only |
| clearning.cpp:47:5:47:5 | x | AST only |
| clearning.cpp:48:8:48:11 | * ... | IR only |
| clearning.cpp:48:11:48:11 | s | IR only |
| clearning.cpp:48:9:48:9 | s | IR only |
| clearning.cpp:53:3:53:6 | * ... | AST only |
| clearning.cpp:54:5:54:5 | x | AST only |
| clearning.cpp:60:7:60:7 | s | IR only |
| clearning.cpp:60:5:60:5 | s | IR only |
| clearning.cpp:61:5:61:5 | x | AST only |
| clearning.cpp:75:2:75:10 | access to array | AST only |
| clearning.cpp:76:10:76:12 | s | IR only |
| clearning.cpp:76:8:76:8 | s | IR only |
| clearning.cpp:82:2:82:9 | access to array | AST only |
| clearning.cpp:83:7:83:9 | val | AST only |
| clearning.cpp:83:15:83:17 | s | IR only |
| clearning.cpp:84:10:84:12 | s | IR only |
| clearning.cpp:83:13:83:13 | s | IR only |
| clearning.cpp:84:8:84:8 | s | IR only |
| clearning.cpp:90:5:90:7 | val | AST only |
| clearning.cpp:91:10:91:12 | s | IR only |
| clearning.cpp:91:8:91:8 | s | IR only |
| clearning.cpp:97:4:97:6 | val | AST only |
| clearning.cpp:97:12:97:14 | s | IR only |
| clearning.cpp:98:10:98:12 | s | IR only |
| clearning.cpp:97:10:97:10 | s | IR only |
| clearning.cpp:98:8:98:8 | s | IR only |
| clearning.cpp:104:4:104:6 | val | AST only |
| clearning.cpp:105:10:105:12 | s | IR only |
| clearning.cpp:105:8:105:8 | s | IR only |
| clearning.cpp:111:6:111:8 | val | AST only |
| clearning.cpp:112:10:112:12 | s | IR only |
| clearning.cpp:112:8:112:8 | s | IR only |
| clearning.cpp:118:4:118:6 | val | AST only |
| clearning.cpp:119:10:119:12 | s | IR only |
| clearning.cpp:119:8:119:8 | s | IR only |
| clearning.cpp:124:4:124:6 | val | AST only |
| clearning.cpp:125:4:125:6 | val | AST only |
| clearning.cpp:131:4:131:6 | val | AST only |
@@ -214,38 +214,38 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (parti
| clearning.cpp:138:4:138:6 | val | AST only |
| clearning.cpp:139:6:139:8 | val | AST only |
| clearning.cpp:151:5:151:7 | val | AST only |
| clearning.cpp:152:10:152:12 | s | IR only |
| clearning.cpp:152:8:152:8 | s | IR only |
| clearning.cpp:157:5:157:7 | val | AST only |
| clearning.cpp:158:5:158:7 | val | AST only |
| clearning.cpp:159:10:159:12 | s | IR only |
| clearning.cpp:159:8:159:8 | s | IR only |
| clearning.cpp:164:5:164:7 | val | AST only |
| clearning.cpp:165:5:165:7 | val | AST only |
| clearning.cpp:166:10:166:12 | s | IR only |
| clearning.cpp:166:8:166:8 | s | IR only |
| clearning.cpp:171:5:171:7 | val | AST only |
| clearning.cpp:172:5:172:7 | val | AST only |
| clearning.cpp:173:10:173:12 | s | IR only |
| clearning.cpp:173:8:173:8 | s | IR only |
| clearning.cpp:178:5:178:7 | val | AST only |
| clearning.cpp:179:5:179:7 | val | AST only |
| clearning.cpp:179:13:179:15 | s | IR only |
| clearning.cpp:180:10:180:12 | s | IR only |
| clearning.cpp:179:11:179:11 | s | IR only |
| clearning.cpp:180:8:180:8 | s | IR only |
| complex.cpp:9:20:9:21 | this | IR only |
| complex.cpp:10:20:10:21 | this | IR only |
| complex.cpp:11:22:11:23 | a_ | AST only |
| complex.cpp:12:22:12:23 | b_ | AST only |
| conflated.cpp:10:3:10:7 | * ... | AST only |
| conflated.cpp:11:12:11:12 | ra | IR only |
| conflated.cpp:11:9:11:10 | ra | IR only |
| conflated.cpp:29:7:29:7 | x | AST only |
| conflated.cpp:30:12:30:12 | pa | IR only |
| conflated.cpp:30:8:30:9 | pa | IR only |
| conflated.cpp:36:7:36:7 | x | AST only |
| conflated.cpp:37:12:37:12 | pa | IR only |
| conflated.cpp:37:8:37:9 | pa | IR only |
| conflated.cpp:53:7:53:10 | next | AST only |
| conflated.cpp:54:13:54:13 | y | AST only |
| conflated.cpp:55:12:55:15 | ll | IR only |
| conflated.cpp:55:18:55:18 | next | IR only |
| conflated.cpp:55:8:55:9 | ll | IR only |
| conflated.cpp:55:12:55:15 | next | IR only |
| conflated.cpp:59:20:59:39 | new | IR only |
| conflated.cpp:60:13:60:13 | y | AST only |
| conflated.cpp:61:12:61:15 | ll | IR only |
| conflated.cpp:61:18:61:18 | next | IR only |
| conflated.cpp:61:8:61:9 | ll | IR only |
| conflated.cpp:61:12:61:15 | next | IR only |
| constructors.cpp:18:22:18:23 | this | IR only |
| constructors.cpp:19:22:19:23 | this | IR only |
| constructors.cpp:20:24:20:25 | a_ | AST only |
@@ -261,31 +261,31 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (parti
| realistic.cpp:49:20:49:22 | baz | AST only |
| realistic.cpp:53:35:53:43 | bufferLen | AST only |
| realistic.cpp:54:50:54:61 | call to user_input | IR only |
| realistic.cpp:55:16:55:18 | foo | IR only |
| realistic.cpp:55:23:55:25 | access to array | IR only |
| realistic.cpp:55:28:55:36 | baz | IR only |
| realistic.cpp:55:38:55:46 | userInput | IR only |
| realistic.cpp:57:92:57:94 | foo | IR only |
| realistic.cpp:57:99:57:101 | access to array | IR only |
| realistic.cpp:57:104:57:112 | baz | IR only |
| realistic.cpp:57:114:57:122 | userInput | IR only |
| realistic.cpp:55:12:55:14 | foo | IR only |
| realistic.cpp:55:12:55:21 | access to array | IR only |
| realistic.cpp:55:23:55:25 | baz | IR only |
| realistic.cpp:55:28:55:36 | userInput | IR only |
| realistic.cpp:57:88:57:90 | foo | IR only |
| realistic.cpp:57:88:57:97 | access to array | IR only |
| realistic.cpp:57:99:57:101 | baz | IR only |
| realistic.cpp:57:104:57:112 | userInput | IR only |
| realistic.cpp:60:21:60:23 | foo | IR only |
| realistic.cpp:60:21:60:30 | access to array | IR only |
| realistic.cpp:60:21:60:52 | buffer | IR only |
| realistic.cpp:60:25:60:27 | foo | IR only |
| realistic.cpp:60:32:60:34 | access to array | IR only |
| realistic.cpp:60:37:60:45 | baz | IR only |
| realistic.cpp:60:47:60:52 | userInput | IR only |
| realistic.cpp:60:59:60:61 | foo | IR only |
| realistic.cpp:60:66:60:68 | access to array | IR only |
| realistic.cpp:60:71:60:79 | baz | IR only |
| realistic.cpp:60:81:60:89 | userInput | IR only |
| realistic.cpp:60:32:60:34 | baz | IR only |
| realistic.cpp:60:37:60:45 | userInput | IR only |
| realistic.cpp:60:55:60:57 | foo | IR only |
| realistic.cpp:60:55:60:64 | access to array | IR only |
| realistic.cpp:60:66:60:68 | baz | IR only |
| realistic.cpp:60:71:60:79 | userInput | IR only |
| simple.cpp:18:22:18:23 | this | IR only |
| simple.cpp:19:22:19:23 | this | IR only |
| simple.cpp:20:24:20:25 | a_ | AST only |
| simple.cpp:21:24:21:25 | b_ | AST only |
| simple.cpp:65:7:65:7 | i | AST only |
| simple.cpp:67:13:67:13 | a2 | IR only |
| simple.cpp:67:10:67:11 | a2 | IR only |
| simple.cpp:79:16:79:17 | f2 | IR only |
| simple.cpp:79:16:79:17 | this | IR only |
| simple.cpp:79:19:79:20 | f2 | IR only |
| simple.cpp:83:12:83:13 | f1 | AST only |
| simple.cpp:92:7:92:7 | i | AST only |
| simple.cpp:94:13:94:13 | a2 | IR only |
| simple.cpp:94:10:94:11 | a2 | IR only |

18
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -20,24 +20,6 @@ localCallNodes
postIsNotPre
postHasUniquePre
uniquePostUpdate
| allocators.cpp:4:24:4:26 | this indirection | Node has multiple PostUpdateNodes. |
| cpp11.cpp:82:17:82:17 | this indirection | Node has multiple PostUpdateNodes. |
| cpp11.cpp:82:17:82:55 | [...](...){...} indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:514:10:514:11 | definition of r2 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | definition of r3 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:515:10:515:11 | definition of r3 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | definition of r4 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:516:10:516:11 | definition of r4 indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:659:5:659:5 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:659:5:659:5 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:747:8:747:8 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:750:3:750:6 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:759:3:759:8 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:768:3:768:9 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:777:3:777:11 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:786:3:786:11 | this indirection | Node has multiple PostUpdateNodes. |
| ir.cpp:795:3:795:11 | this indirection | Node has multiple PostUpdateNodes. |
| static_init_templates.cpp:240:7:240:7 | this indirection | Node has multiple PostUpdateNodes. |
postIsInSameCallable
reverseRead
argHasPostUpdate

6
cpp/ql/test/query-tests/Critical/MemoryFreed/UseAfterFree.expected
View File

@@ -13,8 +13,8 @@ edges
| test_free.cpp:239:14:239:15 | * ... | test_free.cpp:241:9:241:10 | * ... |
| test_free.cpp:245:10:245:11 | * ... | test_free.cpp:246:9:246:10 | * ... |
| test_free.cpp:293:8:293:10 | buf | test_free.cpp:294:3:294:13 | ... = ... |
| test_free.cpp:294:3:294:13 | ... = ... | test_free.cpp:294:5:294:7 | s indirection [post update] [buf] |
| test_free.cpp:294:5:294:7 | s indirection [post update] [buf] | test_free.cpp:295:12:295:12 | s indirection [buf] |
| test_free.cpp:294:3:294:3 | s indirection [post update] [buf] | test_free.cpp:295:12:295:12 | s indirection [buf] |
| test_free.cpp:294:3:294:13 | ... = ... | test_free.cpp:294:3:294:3 | s indirection [post update] [buf] |
| test_free.cpp:295:12:295:12 | s indirection [buf] | test_free.cpp:295:14:295:16 | buf |
nodes
| test_free.cpp:11:10:11:10 | a | semmle.label | a |
@@ -43,8 +43,8 @@ nodes
| test_free.cpp:245:10:245:11 | * ... | semmle.label | * ... |
| test_free.cpp:246:9:246:10 | * ... | semmle.label | * ... |
| test_free.cpp:293:8:293:10 | buf | semmle.label | buf |
| test_free.cpp:294:3:294:3 | s indirection [post update] [buf] | semmle.label | s indirection [post update] [buf] |
| test_free.cpp:294:3:294:13 | ... = ... | semmle.label | ... = ... |
| test_free.cpp:294:5:294:7 | s indirection [post update] [buf] | semmle.label | s indirection [post update] [buf] |
| test_free.cpp:295:12:295:12 | s indirection [buf] | semmle.label | s indirection [buf] |
| test_free.cpp:295:14:295:16 | buf | semmle.label | buf |
subpaths

24
cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverrunWriteProductFlow.expected
View File

@@ -1,7 +1,7 @@
edges
| test.cpp:16:11:16:21 | mk_string_t indirection [string] | test.cpp:39:21:39:31 | call to mk_string_t indirection [string] |
| test.cpp:18:5:18:30 | ... = ... | test.cpp:18:10:18:15 | str indirection [post update] [string] |
| test.cpp:18:10:18:15 | str indirection [post update] [string] | test.cpp:19:5:19:7 | str indirection [string] |
| test.cpp:18:5:18:7 | str indirection [post update] [string] | test.cpp:19:5:19:7 | str indirection [string] |
| test.cpp:18:5:18:30 | ... = ... | test.cpp:18:5:18:7 | str indirection [post update] [string] |
| test.cpp:18:19:18:24 | call to malloc | test.cpp:18:5:18:30 | ... = ... |
| test.cpp:19:5:19:7 | str indirection [string] | test.cpp:16:11:16:21 | mk_string_t indirection [string] |
| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | test.cpp:42:13:42:15 | str indirection [string] |
@@ -11,8 +11,8 @@ edges
| test.cpp:72:17:72:19 | str indirection [string] | test.cpp:72:22:72:27 | string |
| test.cpp:80:17:80:19 | str indirection [string] | test.cpp:80:22:80:27 | string |
| test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] |
| test.cpp:90:5:90:34 | ... = ... | test.cpp:90:10:90:15 | str indirection [post update] [string] |
| test.cpp:90:10:90:15 | str indirection [post update] [string] | test.cpp:91:5:91:7 | str indirection [string] |
| test.cpp:90:5:90:7 | str indirection [post update] [string] | test.cpp:91:5:91:7 | str indirection [string] |
| test.cpp:90:5:90:34 | ... = ... | test.cpp:90:5:90:7 | str indirection [post update] [string] |
| test.cpp:90:19:90:24 | call to malloc | test.cpp:90:5:90:34 | ... = ... |
| test.cpp:91:5:91:7 | str indirection [string] | test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] |
| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | test.cpp:99:13:99:15 | str indirection [string] |
@@ -21,8 +21,8 @@ edges
| test.cpp:99:13:99:15 | str indirection [string] | test.cpp:99:18:99:23 | string |
| test.cpp:129:17:129:19 | str indirection [string] | test.cpp:129:22:129:27 | string |
| test.cpp:137:17:137:19 | str indirection [string] | test.cpp:137:22:137:27 | string |
| test.cpp:147:5:147:34 | ... = ... | test.cpp:147:10:147:15 | str indirection [post update] [string] |
| test.cpp:147:10:147:15 | str indirection [post update] [string] | test.cpp:148:5:148:7 | str indirection [string] |
| test.cpp:147:5:147:7 | str indirection [post update] [string] | test.cpp:148:5:148:7 | str indirection [string] |
| test.cpp:147:5:147:34 | ... = ... | test.cpp:147:5:147:7 | str indirection [post update] [string] |
| test.cpp:147:19:147:24 | call to malloc | test.cpp:147:5:147:34 | ... = ... |
| test.cpp:148:5:148:7 | str indirection [string] | test.cpp:152:13:152:15 | str indirection [string] |
| test.cpp:148:5:148:7 | str indirection [string] | test.cpp:154:13:154:15 | str indirection [string] |
@@ -47,7 +47,7 @@ edges
| test.cpp:222:15:222:20 | buffer | test.cpp:214:24:214:24 | p |
| test.cpp:228:27:228:54 | call to malloc | test.cpp:232:10:232:15 | buffer |
| test.cpp:235:40:235:45 | buffer | test.cpp:236:5:236:26 | ... = ... |
| test.cpp:236:5:236:26 | ... = ... | test.cpp:236:12:236:17 | p_str indirection [post update] [string] |
| test.cpp:236:5:236:26 | ... = ... | test.cpp:236:5:236:9 | p_str indirection [post update] [string] |
| test.cpp:241:20:241:38 | call to malloc | test.cpp:242:22:242:27 | buffer |
| test.cpp:242:16:242:19 | set_string output argument [string] | test.cpp:243:12:243:14 | str indirection [string] |
| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer |
@@ -59,8 +59,8 @@ edges
| test.cpp:264:13:264:30 | call to malloc | test.cpp:266:12:266:12 | p |
nodes
| test.cpp:16:11:16:21 | mk_string_t indirection [string] | semmle.label | mk_string_t indirection [string] |
| test.cpp:18:5:18:7 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:18:5:18:30 | ... = ... | semmle.label | ... = ... |
| test.cpp:18:10:18:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:18:19:18:24 | call to malloc | semmle.label | call to malloc |
| test.cpp:19:5:19:7 | str indirection [string] | semmle.label | str indirection [string] |
| test.cpp:39:21:39:31 | call to mk_string_t indirection [string] | semmle.label | call to mk_string_t indirection [string] |
@@ -71,8 +71,8 @@ nodes
| test.cpp:80:17:80:19 | str indirection [string] | semmle.label | str indirection [string] |
| test.cpp:80:22:80:27 | string | semmle.label | string |
| test.cpp:88:11:88:30 | mk_string_t_plus_one indirection [string] | semmle.label | mk_string_t_plus_one indirection [string] |
| test.cpp:90:5:90:7 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:90:5:90:34 | ... = ... | semmle.label | ... = ... |
| test.cpp:90:10:90:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:90:19:90:24 | call to malloc | semmle.label | call to malloc |
| test.cpp:91:5:91:7 | str indirection [string] | semmle.label | str indirection [string] |
| test.cpp:96:21:96:40 | call to mk_string_t_plus_one indirection [string] | semmle.label | call to mk_string_t_plus_one indirection [string] |
@@ -82,8 +82,8 @@ nodes
| test.cpp:129:22:129:27 | string | semmle.label | string |
| test.cpp:137:17:137:19 | str indirection [string] | semmle.label | str indirection [string] |
| test.cpp:137:22:137:27 | string | semmle.label | string |
| test.cpp:147:5:147:7 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:147:5:147:34 | ... = ... | semmle.label | ... = ... |
| test.cpp:147:10:147:15 | str indirection [post update] [string] | semmle.label | str indirection [post update] [string] |
| test.cpp:147:19:147:24 | call to malloc | semmle.label | call to malloc |
| test.cpp:148:5:148:7 | str indirection [string] | semmle.label | str indirection [string] |
| test.cpp:152:13:152:15 | str indirection [string] | semmle.label | str indirection [string] |
@@ -111,8 +111,8 @@ nodes
| test.cpp:228:27:228:54 | call to malloc | semmle.label | call to malloc |
| test.cpp:232:10:232:15 | buffer | semmle.label | buffer |
| test.cpp:235:40:235:45 | buffer | semmle.label | buffer |
| test.cpp:236:5:236:9 | p_str indirection [post update] [string] | semmle.label | p_str indirection [post update] [string] |
| test.cpp:236:5:236:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:236:12:236:17 | p_str indirection [post update] [string] | semmle.label | p_str indirection [post update] [string] |
| test.cpp:241:20:241:38 | call to malloc | semmle.label | call to malloc |
| test.cpp:242:16:242:19 | set_string output argument [string] | semmle.label | set_string output argument [string] |
| test.cpp:242:22:242:27 | buffer | semmle.label | buffer |
@@ -126,7 +126,7 @@ nodes
| test.cpp:264:13:264:30 | call to malloc | semmle.label | call to malloc |
| test.cpp:266:12:266:12 | p | semmle.label | p |
subpaths
| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:12:236:17 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
| test.cpp:242:22:242:27 | buffer | test.cpp:235:40:235:45 | buffer | test.cpp:236:5:236:9 | p_str indirection [post update] [string] | test.cpp:242:16:242:19 | set_string output argument [string] |
#select
| test.cpp:42:5:42:11 | call to strncpy | test.cpp:18:19:18:24 | call to malloc | test.cpp:42:18:42:23 | string | This write may overflow $@ by 1 element. | test.cpp:42:18:42:23 | string | string |
| test.cpp:72:9:72:15 | call to strncpy | test.cpp:18:19:18:24 | call to malloc | test.cpp:72:22:72:27 | string | This write may overflow $@ by 1 element. | test.cpp:72:22:72:27 | string | string |

6
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected
View File

@@ -3,8 +3,8 @@ edges
| main.cpp:10:20:10:23 | argv indirection | tests.cpp:657:32:657:35 | argv indirection |
| tests.cpp:613:19:613:24 | source indirection | tests.cpp:615:17:615:22 | source indirection |
| tests.cpp:622:19:622:24 | source indirection | tests.cpp:625:2:625:16 | ... = ... indirection |
| tests.cpp:625:2:625:16 | ... = ... indirection | tests.cpp:625:4:625:7 | s indirection [post update] [home indirection] |
| tests.cpp:625:4:625:7 | s indirection [post update] [home indirection] | tests.cpp:628:14:628:14 | s indirection [home indirection] |
| tests.cpp:625:2:625:2 | s indirection [post update] [home indirection] | tests.cpp:628:14:628:14 | s indirection [home indirection] |
| tests.cpp:625:2:625:16 | ... = ... indirection | tests.cpp:625:2:625:2 | s indirection [post update] [home indirection] |
| tests.cpp:628:14:628:14 | s indirection [home indirection] | tests.cpp:628:14:628:19 | home indirection |
| tests.cpp:628:14:628:14 | s indirection [home indirection] | tests.cpp:628:16:628:19 | home indirection |
| tests.cpp:628:16:628:19 | home indirection | tests.cpp:628:14:628:19 | home indirection |
@@ -18,8 +18,8 @@ nodes
| tests.cpp:613:19:613:24 | source indirection | semmle.label | source indirection |
| tests.cpp:615:17:615:22 | source indirection | semmle.label | source indirection |
| tests.cpp:622:19:622:24 | source indirection | semmle.label | source indirection |
| tests.cpp:625:2:625:2 | s indirection [post update] [home indirection] | semmle.label | s indirection [post update] [home indirection] |
| tests.cpp:625:2:625:16 | ... = ... indirection | semmle.label | ... = ... indirection |
| tests.cpp:625:4:625:7 | s indirection [post update] [home indirection] | semmle.label | s indirection [post update] [home indirection] |
| tests.cpp:628:14:628:14 | s indirection [home indirection] | semmle.label | s indirection [home indirection] |
| tests.cpp:628:14:628:19 | home indirection | semmle.label | home indirection |
| tests.cpp:628:16:628:19 | home indirection | semmle.label | home indirection |

6
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -4,8 +4,8 @@ edges
| tests2.cpp:78:18:78:38 | call to mysql_get_client_info indirection | tests2.cpp:81:14:81:19 | buffer indirection |
| tests2.cpp:91:42:91:45 | str1 indirection | tests2.cpp:93:14:93:17 | str1 indirection |
| tests2.cpp:101:8:101:15 | call to getpwuid indirection | tests2.cpp:102:14:102:15 | pw indirection |
| tests2.cpp:109:3:109:36 | ... = ... indirection | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] | tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] |
| tests2.cpp:109:3:109:4 | c1 indirection [post update] [ptr indirection] | tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] |
| tests2.cpp:109:3:109:36 | ... = ... indirection | tests2.cpp:109:3:109:4 | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:12:109:17 | call to getenv indirection | tests2.cpp:109:3:109:36 | ... = ... indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | tests2.cpp:111:14:111:19 | ptr indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | tests2.cpp:111:17:111:19 | ptr indirection |
@@ -30,8 +30,8 @@ nodes
| tests2.cpp:93:14:93:17 | str1 indirection | semmle.label | str1 indirection |
| tests2.cpp:101:8:101:15 | call to getpwuid indirection | semmle.label | call to getpwuid indirection |
| tests2.cpp:102:14:102:15 | pw indirection | semmle.label | pw indirection |
| tests2.cpp:109:3:109:4 | c1 indirection [post update] [ptr indirection] | semmle.label | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:3:109:36 | ... = ... indirection | semmle.label | ... = ... indirection |
| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr indirection] | semmle.label | c1 indirection [post update] [ptr indirection] |
| tests2.cpp:109:12:109:17 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests2.cpp:111:14:111:15 | c1 indirection [ptr indirection] | semmle.label | c1 indirection [ptr indirection] |
| tests2.cpp:111:14:111:19 | ptr indirection | semmle.label | ptr indirection |