hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix mistakes in models of internal strcat and strcpy functions.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2025-11-07 17:29:48 +00:00
parent f163d015d5
commit 56b9566299
2 changed files with 2 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll
View File

@@ -58,11 +58,7 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
(
this.getName() =
[
"strncat", "wcsncat", "_mbsncat", "_mbsncat_l", "__builtin___strncat_chk",
"__builtin___strcat_chk"
] and
this.getName() = ["strncat", "wcsncat", "_mbsncat", "_mbsncat_l", "__builtin___strncat_chk"] and
input.isParameter(2)
or
this.getName() = ["_mbsncat_l", "_mbsnbcat_l"] and

6
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll
View File

@@ -73,11 +73,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
if this.isSVariant()
then result = 1
else (
this.getName()
.matches([
"%ncpy%", "%nbcpy%", "%xfrm%", "strlcpy", "__builtin___strcpy_chk",
"__builtin___stpcpy_chk", "__builtin___stpncpy_chk", "__builtin___strncpy_chk"
]) and
this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%", "strlcpy"]) and
result = 2
)
}