hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Limit SEH exception edges to calls in __try blocks

Browse Source
This commit is contained in:
Jeroen Ketema
2025-06-13 20:34:35 +02:00
parent c7a7447768
commit 4a42ca8c69
3 changed files with 96 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
View File

@@ -364,7 +364,7 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
final override predicate mayThrowException(ExceptionEdge e) {
this.mustThrowException(e)
or
expr.getEnclosingStmt().getParentStmt*() instanceof MicrosoftTryStmt and
exists(MicrosoftTryStmt tryStmt | tryStmt.getStmt().getAChild*() = expr) and
e instanceof SehExceptionEdge
}

231
cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
View File

@@ -39097,18 +39097,10 @@ try_except.c:
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| m21_4(unknown) = ^CallSideEffect : ~m18_4
# 21| m21_5(unknown) = Chi : total:m18_4, partial:m21_4
#-----| Goto -> Block 3
#-----| SEH Exception -> Block 4
# 18| Block 1
# 18| v18_5(void) = AliasedUse : ~m26_8
# 18| v18_6(void) = ExitFunction :
# 18| Block 2
# 18| v18_7(void) = Unwind :
#-----| Goto -> Block 1
#-----| SEH Exception -> Block 2
# 22| Block 3
# 22| Block 1
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, m19_5
# 22| r22_3(glval<int>) = VariableAddress[x] :
@@ -39118,24 +39110,21 @@ try_except.c:
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| m23_4(unknown) = ^CallSideEffect : ~m21_5
# 23| m23_5(unknown) = Chi : total:m21_5, partial:m23_4
#-----| Goto|SEH Exception -> Block 4
#-----| Goto|SEH Exception -> Block 2
# 26| Block 4
# 26| m26_1(unknown) = Phi : from 0:~m21_5, from 3:~m23_5
# 26| m26_2(int) = Phi : from 0:m19_2, from 3:m22_4
# 26| Block 2
# 26| m26_1(unknown) = Phi : from 0:~m21_5, from 1:~m23_5
# 26| m26_2(int) = Phi : from 0:m19_2, from 1:m22_4
# 26| r26_3(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_4(glval<int>) = VariableAddress[x] :
# 26| r26_5(int) = Load[x] : &:r26_4, m26_2
# 26| v26_6(void) = Call[sink] : func:r26_3, 0:r26_5
# 26| m26_7(unknown) = ^CallSideEffect : ~m26_1
# 26| m26_8(unknown) = Chi : total:m26_1, partial:m26_7
#-----| Goto -> Block 5
#-----| SEH Exception -> Block 2
# 28| Block 5
# 28| v28_1(void) = NoOp :
# 18| v18_8(void) = ReturnVoid :
#-----| Goto -> Block 1
# 28| v28_1(void) = NoOp :
# 18| v18_5(void) = ReturnVoid :
# 18| v18_6(void) = AliasedUse : ~m26_8
# 18| v18_7(void) = ExitFunction :
# 32| void h(int)
# 32| Block 0
@@ -39153,66 +39142,57 @@ try_except.c:
# 35| r35_3(int) = Constant[0] :
# 35| r35_4(bool) = CompareNE : r35_2, r35_3
# 35| v35_5(void) = ConditionalBranch : r35_4
#-----| False -> Block 8
#-----| True -> Block 3
#-----| False -> Block 6
#-----| True -> Block 1
# 32| Block 1
# 32| m32_7(unknown) = Phi : from 2:~m40_6, from 8:~m42_1
# 32| v32_8(void) = AliasedUse : ~m32_7
# 32| v32_9(void) = ExitFunction :
# 32| Block 2
# 32| v32_10(void) = Unwind :
#-----| Goto -> Block 1
# 36| Block 3
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| m36_3(unknown) = ^CallSideEffect : ~m32_4
# 36| m36_4(unknown) = Chi : total:m32_4, partial:m36_3
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 6
#-----| Goto -> Block 6
#-----| SEH Exception -> Block 4
# 39| Block 4
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_7, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 5
#-----| True -> Block 9
#-----| False -> Block 3
#-----| True -> Block 7
# 39| Block 5
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_7, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| False -> Block 9
#-----| True -> Block 7
#-----| False -> Block 7
#-----| True -> Block 5
# 39| Block 6
# 39| Block 4
# 39| r39_7(int) = Constant[1] :
# 39| r39_8(int) = Constant[-1] :
# 39| r39_9(bool) = CompareEQ : r39_7, r39_8
# 39| v39_10(void) = ConditionalBranch : r39_9
#-----| False -> Block 4
#-----| True -> Block 9
#-----| False -> Block 2
#-----| True -> Block 7
# 40| Block 7
# 40| Block 5
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, m33_3
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| m40_5(unknown) = ^CallSideEffect : ~m36_4
# 40| m40_6(unknown) = Chi : total:m36_4, partial:m40_5
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
#-----| Goto -> Block 6
# 42| Block 8
# 42| m42_1(unknown) = Phi : from 0:~m32_4, from 3:~m36_4, from 7:~m40_6
# 42| v42_2(void) = NoOp :
# 32| v32_11(void) = ReturnVoid :
#-----| Goto -> Block 1
# 42| Block 6
# 42| m42_1(unknown) = Phi : from 0:~m32_4, from 1:~m36_4, from 5:~m40_6
# 42| v42_2(void) = NoOp :
# 32| v32_7(void) = ReturnVoid :
# 32| v32_8(void) = AliasedUse : ~m42_1
# 32| v32_9(void) = ExitFunction :
# 32| Block 9
# 32| v32_12(void) = Unreached :
# 32| Block 7
# 32| v32_10(void) = Unreached :
try_except.cpp:
# 6| void f_cpp()
@@ -39296,18 +39276,10 @@ try_except.cpp:
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| m21_4(unknown) = ^CallSideEffect : ~m18_4
# 21| m21_5(unknown) = Chi : total:m18_4, partial:m21_4
#-----| Goto -> Block 3
#-----| SEH Exception -> Block 4
# 18| Block 1
# 18| v18_5(void) = AliasedUse : ~m26_8
# 18| v18_6(void) = ExitFunction :
# 18| Block 2
# 18| v18_7(void) = Unwind :
#-----| Goto -> Block 1
#-----| SEH Exception -> Block 2
# 22| Block 3
# 22| Block 1
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, m19_5
# 22| r22_3(glval<int>) = VariableAddress[x] :
@@ -39317,24 +39289,21 @@ try_except.cpp:
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| m23_4(unknown) = ^CallSideEffect : ~m21_5
# 23| m23_5(unknown) = Chi : total:m21_5, partial:m23_4
#-----| Goto|SEH Exception -> Block 4
#-----| Goto|SEH Exception -> Block 2
# 26| Block 4
# 26| m26_1(unknown) = Phi : from 0:~m21_5, from 3:~m23_5
# 26| m26_2(int) = Phi : from 0:m19_2, from 3:m22_4
# 26| Block 2
# 26| m26_1(unknown) = Phi : from 0:~m21_5, from 1:~m23_5
# 26| m26_2(int) = Phi : from 0:m19_2, from 1:m22_4
# 26| r26_3(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_4(glval<int>) = VariableAddress[x] :
# 26| r26_5(int) = Load[x] : &:r26_4, m26_2
# 26| v26_6(void) = Call[sink] : func:r26_3, 0:r26_5
# 26| m26_7(unknown) = ^CallSideEffect : ~m26_1
# 26| m26_8(unknown) = Chi : total:m26_1, partial:m26_7
#-----| Goto -> Block 5
#-----| SEH Exception -> Block 2
# 28| Block 5
# 28| v28_1(void) = NoOp :
# 18| v18_8(void) = ReturnVoid :
#-----| Goto -> Block 1
# 28| v28_1(void) = NoOp :
# 18| v18_5(void) = ReturnVoid :
# 18| v18_6(void) = AliasedUse : ~m26_8
# 18| v18_7(void) = ExitFunction :
# 32| void h_cpp(int)
# 32| Block 0
@@ -39352,66 +39321,57 @@ try_except.cpp:
# 35| r35_3(int) = Constant[0] :
# 35| r35_4(bool) = CompareNE : r35_2, r35_3
# 35| v35_5(void) = ConditionalBranch : r35_4
#-----| False -> Block 8
#-----| True -> Block 3
#-----| False -> Block 6
#-----| True -> Block 1
# 32| Block 1
# 32| m32_7(unknown) = Phi : from 2:~m40_6, from 8:~m42_1
# 32| v32_8(void) = AliasedUse : ~m32_7
# 32| v32_9(void) = ExitFunction :
# 32| Block 2
# 32| v32_10(void) = Unwind :
#-----| Goto -> Block 1
# 36| Block 3
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| m36_3(unknown) = ^CallSideEffect : ~m32_4
# 36| m36_4(unknown) = Chi : total:m32_4, partial:m36_3
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 6
#-----| Goto -> Block 6
#-----| SEH Exception -> Block 4
# 39| Block 4
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_7, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 5
#-----| True -> Block 9
#-----| False -> Block 3
#-----| True -> Block 7
# 39| Block 5
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_7, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| False -> Block 9
#-----| True -> Block 7
#-----| False -> Block 7
#-----| True -> Block 5
# 39| Block 6
# 39| Block 4
# 39| r39_7(int) = Constant[1] :
# 39| r39_8(int) = Constant[-1] :
# 39| r39_9(bool) = CompareEQ : r39_7, r39_8
# 39| v39_10(void) = ConditionalBranch : r39_9
#-----| False -> Block 4
#-----| True -> Block 9
#-----| False -> Block 2
#-----| True -> Block 7
# 40| Block 7
# 40| Block 5
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, m33_3
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| m40_5(unknown) = ^CallSideEffect : ~m36_4
# 40| m40_6(unknown) = Chi : total:m36_4, partial:m40_5
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
#-----| Goto -> Block 6
# 42| Block 8
# 42| m42_1(unknown) = Phi : from 0:~m32_4, from 3:~m36_4, from 7:~m40_6
# 42| v42_2(void) = NoOp :
# 32| v32_11(void) = ReturnVoid :
#-----| Goto -> Block 1
# 42| Block 6
# 42| m42_1(unknown) = Phi : from 0:~m32_4, from 1:~m36_4, from 5:~m40_6
# 42| v42_2(void) = NoOp :
# 32| v32_7(void) = ReturnVoid :
# 32| v32_8(void) = AliasedUse : ~m42_1
# 32| v32_9(void) = ExitFunction :
# 32| Block 9
# 32| v32_12(void) = Unreached :
# 32| Block 7
# 32| v32_10(void) = Unreached :
# 44| void throw_cpp(int)
# 44| Block 0
@@ -39429,62 +39389,53 @@ try_except.cpp:
# 47| r47_3(int) = Constant[0] :
# 47| r47_4(bool) = CompareNE : r47_2, r47_3
# 47| v47_5(void) = ConditionalBranch : r47_4
#-----| False -> Block 8
#-----| True -> Block 3
#-----| False -> Block 6
#-----| True -> Block 1
# 44| Block 1
# 44| m44_7(unknown) = Phi : from 2:~m52_6, from 8:~m54_1
# 44| v44_8(void) = AliasedUse : ~m44_7
# 44| v44_9(void) = ExitFunction :
# 44| Block 2
# 44| v44_10(void) = Unwind :
#-----| Goto -> Block 1
# 48| Block 3
# 48| Block 1
# 48| r48_1(glval<int>) = VariableAddress[#throw48:13] :
# 48| r48_2(int) = Constant[1] :
# 48| m48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, m48_3
#-----| C++ Exception -> Block 6
#-----| C++ Exception -> Block 4
# 51| Block 4
# 51| Block 2
# 51| r51_1(int) = Constant[0] :
# 51| r51_2(bool) = CompareEQ : r51_7, r51_1
# 51| v51_3(void) = ConditionalBranch : r51_2
#-----| False -> Block 5
#-----| True -> Block 9
#-----| False -> Block 3
#-----| True -> Block 7
# 51| Block 5
# 51| Block 3
# 51| r51_4(int) = Constant[1] :
# 51| r51_5(bool) = CompareEQ : r51_7, r51_4
# 51| v51_6(void) = ConditionalBranch : r51_5
#-----| False -> Block 9
#-----| True -> Block 7
#-----| False -> Block 7
#-----| True -> Block 5
# 51| Block 6
# 51| Block 4
# 51| r51_7(int) = Constant[1] :
# 51| r51_8(int) = Constant[-1] :
# 51| r51_9(bool) = CompareEQ : r51_7, r51_8
# 51| v51_10(void) = ConditionalBranch : r51_9
#-----| False -> Block 4
#-----| True -> Block 9
#-----| False -> Block 2
#-----| True -> Block 7
# 52| Block 7
# 52| Block 5
# 52| r52_1(glval<unknown>) = FunctionAddress[sink] :
# 52| r52_2(glval<int>) = VariableAddress[x] :
# 52| r52_3(int) = Load[x] : &:r52_2, m45_3
# 52| v52_4(void) = Call[sink] : func:r52_1, 0:r52_3
# 52| m52_5(unknown) = ^CallSideEffect : ~m44_4
# 52| m52_6(unknown) = Chi : total:m44_4, partial:m52_5
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
#-----| Goto -> Block 6
# 54| Block 8
# 54| m54_1(unknown) = Phi : from 0:~m44_4, from 7:~m52_6
# 54| v54_2(void) = NoOp :
# 44| v44_11(void) = ReturnVoid :
#-----| Goto -> Block 1
# 54| Block 6
# 54| m54_1(unknown) = Phi : from 0:~m44_4, from 5:~m52_6
# 54| v54_2(void) = NoOp :
# 44| v44_7(void) = ReturnVoid :
# 44| v44_8(void) = AliasedUse : ~m54_1
# 44| v44_9(void) = ExitFunction :
# 44| Block 9
# 44| v44_12(void) = Unreached :
# 44| Block 7
# 44| v44_10(void) = Unreached :

21
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -37351,7 +37351,6 @@ try_except.c:
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
# 16| Block 8
# 16| v16_1(void) = NoOp :
@@ -37400,12 +37399,8 @@ try_except.c:
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 5
#-----| SEH Exception -> Block 2
# 28| Block 5
# 28| v28_1(void) = NoOp :
# 18| v18_7(void) = ReturnVoid :
# 28| v28_1(void) = NoOp :
# 18| v18_7(void) = ReturnVoid :
#-----| Goto -> Block 1
# 32| void h(int)
@@ -37469,7 +37464,6 @@ try_except.c:
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
# 42| Block 8
# 42| v42_1(void) = NoOp :
@@ -37542,7 +37536,6 @@ try_except.cpp:
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
# 16| Block 8
# 16| v16_1(void) = NoOp :
@@ -37591,12 +37584,8 @@ try_except.cpp:
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 5
#-----| SEH Exception -> Block 2
# 28| Block 5
# 28| v28_1(void) = NoOp :
# 18| v18_7(void) = ReturnVoid :
# 28| v28_1(void) = NoOp :
# 18| v18_7(void) = ReturnVoid :
#-----| Goto -> Block 1
# 32| void h_cpp(int)
@@ -37660,7 +37649,6 @@ try_except.cpp:
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
# 42| Block 8
# 42| v42_1(void) = NoOp :
@@ -37728,7 +37716,6 @@ try_except.cpp:
# 52| v52_4(void) = Call[sink] : func:r52_1, 0:r52_3
# 52| mu52_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 8
#-----| SEH Exception -> Block 2
# 54| Block 8
# 54| v54_1(void) = NoOp :