From 56b9566299e65e388a5d1d17040d40ccc538a47f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 7 Nov 2025 17:29:48 +0000 Subject: [PATCH] C++: Fix mistakes in models of internal strcat and strcpy functions. --- .../lib/semmle/code/cpp/models/implementations/Strcat.qll | 6 +----- .../lib/semmle/code/cpp/models/implementations/Strcpy.qll | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll index 5dc0bb20689..df16d220e02 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll @@ -58,11 +58,7 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { ( - this.getName() = - [ - "strncat", "wcsncat", "_mbsncat", "_mbsncat_l", "__builtin___strncat_chk", - "__builtin___strcat_chk" - ] and + this.getName() = ["strncat", "wcsncat", "_mbsncat", "_mbsncat_l", "__builtin___strncat_chk"] and input.isParameter(2) or this.getName() = ["_mbsncat_l", "_mbsnbcat_l"] and diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll index d96a0d677bc..b3230a5a1c8 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll @@ -73,11 +73,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid if this.isSVariant() then result = 1 else ( - this.getName() - .matches([ - "%ncpy%", "%nbcpy%", "%xfrm%", "strlcpy", "__builtin___strcpy_chk", - "__builtin___stpcpy_chk", "__builtin___stpncpy_chk", "__builtin___strncpy_chk" - ]) and + this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%", "strlcpy"]) and result = 2 ) }