hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #186 from Semmle/rc/1.18

Browse Source 
Approved by esben-semmle
This commit is contained in:
semmle-qlci
2018-09-13 12:34:54 +01:00
committed by GitHub
parent 9e0ba51280 1459b981f3
commit 3d022298dc
26 changed files with 780 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
View File

@@ -29,11 +29,20 @@ predicate isEffectivelyConstAccess(VariableAccess a)
)
}
from FunctionCall fc, VariableAccess src
where fc.getTarget().hasName("strcat") and
src = fc.getArgument(1) and
not src.getType() instanceof ArrayType and
class StrcatSource extends VariableAccess {
FunctionCall strcat;
StrcatSource() {
strcat.getTarget().hasName("strcat") and
this = strcat.getArgument(1)
}
FunctionCall getStrcatCall() { result = strcat }
}
from StrcatSource src
where not src.getType() instanceof ArrayType and
not exists(BufferSizeExpr bse |
bse.getArg().(VariableAccess).getTarget() = src.getTarget()) and
not isEffectivelyConstAccess(src)
select fc, "Always check the size of the source buffer when using strcat."
select src.getStrcatCall(), "Always check the size of the source buffer when using strcat."