hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update BufferAccessWithIncorrectLengthValue.ql

Browse Source
This commit is contained in:
ihsinme
2022-06-26 13:49:44 +03:00
committed by GitHub
parent c1f0940b6a
commit 65c9a7b278
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
View File

@@ -65,7 +65,11 @@ where
exists(ArrayType array, int bufArgPos, int sizeArgPos |
numberArgument(fc.getTarget(), bufArgPos, sizeArgPos) and
fc.getArgument(pragma[only_bind_into](sizeArgPos)).getValue().toInt() > array.getByteSize() and
fc.getArgument(pragma[only_bind_into](bufArgPos)).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
fc.getArgument(pragma[only_bind_into](bufArgPos))
.(VariableAccess)
.getTarget()
.getADeclarationEntry()
.getType() = array
)
select fc,
"Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer."