hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Update the experimental query as well.

Browse Source
This commit is contained in:
Geoffrey White
2023-01-05 12:47:12 +00:00
parent 46baf9d5e5
commit 3b31da8a62
3 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
View File

@@ -29,7 +29,7 @@ class MultToAllocConfig extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node node) {
// something that affects an allocation size
node.asExpr() = any(AllocationExpr ae).getSizeExpr().getAChild*()
node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
}
}

4
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
View File

@@ -13,6 +13,8 @@ nodes
| test.cpp:37:24:37:27 | size | semmle.label | size |
| test.cpp:37:46:37:49 | size | semmle.label | size |
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
| test.cpp:46:36:46:40 | ... * ... | semmle.label | ... * ... |
subpaths
#select
| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
@@ -22,3 +24,5 @@ subpaths
| test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:30:27:30:31 | ... * ... | multiplication |
| test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:31:27:31:31 | ... * ... | multiplication |
| test.cpp:37:46:37:49 | size | test.cpp:45:36:45:40 | ... * ... | test.cpp:37:46:37:49 | size | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
| test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
| test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:46:36:46:40 | ... * ... | multiplication |

4
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/test.cpp
View File

@@ -42,6 +42,6 @@ void customAllocatorTests()
int x = getAnInt();
int y = getAnInt();
char *buffer1 = (char *)MyMalloc1(x * y); // BAD [NOT DETECTED]
char *buffer2 = (char *)MyMalloc2(x * y); // BAD [NOT DETECTED]
char *buffer1 = (char *)MyMalloc1(x * y); // BAD
char *buffer2 = (char *)MyMalloc2(x * y); // BAD
}