hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Improve the special case for realloc in MemoryMayNotBeFreed.ql.

Browse Source
This commit is contained in:
Geoffrey White
2018-08-24 17:14:42 +01:00
parent 0589be1b8a
commit 3e18a9b885
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
View File

@@ -62,8 +62,14 @@ predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode
// a realloc followed by a null check at 'node' (return the non-null
// successor, i.e. where the realloc is confirmed to have succeeded)
newV.getAnAssignedValue() = reallocCall and
node.(AnalysedExpr).getNonNullSuccessor(newV) = verified
node.(AnalysedExpr).getNonNullSuccessor(newV) = verified and
// note: this case uses naive flow logic (getAnAssignedValue).
// special case: if the result of the 'realloc' is assigned to the
// same variable, we don't descriminate properly between the old
// and the new allocation; better to not consider this a free at
// all in that case.
newV != v
) or (
// a realloc(ptr, 0), which always succeeds and frees
// (return the realloc itself)