hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update DangerousWorksWithMultibyteOrWideCharacters.ql

Browse Source
This commit is contained in:
ihsinme
2022-08-08 18:46:39 +03:00
committed by GitHub
parent 212b1031b2
commit 4fdf4b23bd
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
View File

@@ -1,8 +1,8 @@
/** /**
* @name Dangerous use mbtowc. * @name Dangerous use convert function.
* @description Using function mbtowc with an invalid length argument can result in an out-of-bounds access error or unexpected result. * @description Using convert function with an invalid length argument can result in an out-of-bounds access error or unexpected result.
* @kind problem * @kind problem
* @id cpp/dangerous-use-mbtowc * @id cpp/dangerous-use-convert-function
* @problem.severity warning * @problem.severity warning
* @precision medium * @precision medium
* @tags correctness * @tags correctness
@@ -117,8 +117,7 @@ predicate findUseCharacterConversion(Expr exp, string msg) {
predicate findUseMultibyteCharacter(Expr exp, string msg) { predicate findUseMultibyteCharacter(Expr exp, string msg) {
exists(ArrayType arrayType, ArrayExpr arrayExpr | exists(ArrayType arrayType, ArrayExpr arrayExpr |
arrayExpr = exp and arrayExpr = exp and
arrayExpr.getArrayBase().getType() = arrayExpr.getArrayBase().getType() = arrayType and
arrayType and
( (
exists(AssignExpr assZero, SizeofExprOperator sizeofArray, Expr oneValue | exists(AssignExpr assZero, SizeofExprOperator sizeofArray, Expr oneValue |
oneValue.getValue() = "1" and oneValue.getValue() = "1" and