C++: Expand heuristic to catch more sources.

2026-05-02 12:15:17 +02:00 · 2023-05-10 08:23:07 +01:00
parent 9da7c9f696
commit 363514e4ca
2 changed files with 2 additions and 2 deletions
--- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Allocation.qll
@@ -437,7 +437,7 @@ private module HeuristicAllocation {
    int sizeArg;

    HeuristicAllocationFunctionByName() {
-      Function.super.getName().matches("%alloc%") and
+      Function.super.getName().matches(["%alloc%", "%Alloc%"]) and
      Function.super.getUnspecifiedType() instanceof PointerType and
      sizeArg = unique( | | getAnUnsignedParameter(this))
    }
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/test.cpp
@@ -246,6 +246,6 @@ void test_flow_through_setter(unsigned size) {
 void* my_alloc(unsigned size);

 void foo(unsigned size) {
-    int* p = (int*)my_alloc(size); // BAD [NOT DETECTED]
+    int* p = (int*)my_alloc(size); // BAD
    memset(p, 0, size + 1);
 }