C++: Fix Code Scanning errors.

2025-12-23 04:06:37 +01:00 · 2023-07-18 16:27:27 +01:00
parent 4762e883fc
commit 576f021c25
4 changed files with 6 additions and 8 deletions
--- a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
@@ -2,7 +2,6 @@ private import cpp
 private import semmle.code.cpp.ir.dataflow.internal.ProductFlow
 private import semmle.code.cpp.ir.ValueNumbering
 private import semmle.code.cpp.controlflow.IRGuards
 private import semmle.code.cpp.ir.IR
 private import codeql.util.Unit
 private import RangeAnalysisUtil
--- a/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll
@@ -2,7 +2,6 @@ private import cpp
 private import semmle.code.cpp.dataflow.new.DataFlow
 private import semmle.code.cpp.ir.ValueNumbering
 private import semmle.code.cpp.controlflow.IRGuards
 private import semmle.code.cpp.ir.IR
 private import AllocationToInvalidPointer as AllocToInvalidPointer
 private import RangeAnalysisUtil
@@ -174,7 +173,7 @@ private predicate derefSinkToOperation(
 * Holds if `allocation` is the result of an allocation that flows to the left-hand side of `pai`, and where
 * the right-hand side of `pai` is an offset such that the result of `pai` points to an out-of-bounds pointer.
 *
- * Futhermore, `derefSource` is at least as large as `pai` and flows to `derefSink` before being dereferenced
+ * Furthermore, `derefSource` is at least as large as `pai` and flows to `derefSink` before being dereferenced
 * by `operation` (which is either a `StoreInstruction` or `LoadInstruction`). The result is that `operation`
 * dereferences a pointer that's "off by `delta`" number of elements.
 */
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/AllocationToInvalidPointer.ql
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/AllocationToInvalidPointer.ql
@@ -8,8 +8,8 @@ module AllocationToInvalidPointerTest implements TestSig {
  string getARelevantTag() { result = "alloc" }
  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node allocation, PointerAddInstruction pai, DataFlow::Node sink1, int delta |
+    exists(DataFlow::Node allocation, PointerAddInstruction pai, int delta |
-      pointerAddInstructionHasBounds(allocation, pai, sink1, delta) and
+      pointerAddInstructionHasBounds(allocation, pai, _, delta) and
      location = pai.getLocation() and
      element = pai.toString() and
      tag = "alloc"
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerToDereference.ql
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerToDereference.ql
@@ -48,10 +48,10 @@ module InvalidPointerToDereferenceTest implements TestSig {
  predicate hasActualResult(Location location, string element, string tag, string value) {
    exists(
-      PointerArithmeticInstruction pai, DataFlow::Node derefSource, DataFlow::Node derefSink,
+      DataFlow::Node derefSource, DataFlow::Node derefSink, DataFlow::Node operation, int delta,
-      DataFlow::Node operation, int delta, string value1, string value2
+      string value1, string value2
    |
-      operationIsOffBy(_, pai, derefSource, derefSink, _, operation, delta) and
+      operationIsOffBy(_, _, derefSource, derefSink, _, operation, delta) and
      location = operation.getLocation() and
      element = operation.toString() and
      tag = "deref" and