hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: restrict flowstates in constant off-by-one query

Browse Source
This commit is contained in:
Robert Marsh
2023-05-12 12:43:10 -04:00
parent f77c77fdf9
commit 584adf843a
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
View File

@@ -89,8 +89,10 @@ predicate pointerArithOverflow(
module FieldAddressToDerefConfig implements DataFlow::StateConfigSig {
newtype FlowState =
additional TArray(Field f) or
additional TOverflowArithmetic(PointerArithmeticInstruction pai)
additional TArray(Field f) { pointerArithOverflow(_, f, _, _, _) } or
additional TOverflowArithmetic(PointerArithmeticInstruction pai) {
pointerArithOverflow(pai, _, _, _, _)
}
predicate isSource(DataFlow::Node source, FlowState state) {
exists(Field f |