hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Remove PointsTo.

Browse Source
This commit is contained in:
Geoffrey White
2018-10-17 10:24:56 +01:00
parent 99374301b8
commit 48c56cf744
1 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cpp/ql/src/Critical/OverflowDestination.ql
View File

@@ -12,7 +12,6 @@
*/
import cpp
import semmle.code.cpp.security.TaintTracking
import semmle.code.cpp.pointsto.PointsTo
/**
* Holds if `fc` is a call to a copy operation where the size argument contains
@@ -44,14 +43,7 @@ predicate sourceSized(FunctionCall fc, Expr src)
desttype.getArraySize() = srctype.getArraySize()))
}
class VulnerableArgument extends PointsToExpr
{
VulnerableArgument() { sourceSized(_, this) }
override predicate interesting() { sourceSized(_, this) }
}
from FunctionCall fc, VulnerableArgument vuln, Expr taintSource
from FunctionCall fc, Expr vuln, Expr taintSource
where sourceSized(fc, vuln)
and tainted(taintSource, vuln.pointsTo())
and vuln.confidence() > 0.01
and tainted(taintSource, vuln)
select fc, "To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size."