hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update AccessOfMemoryLocationAfterEndOfBufferUsingStrncat.ql

Browse Source
This commit is contained in:
ihsinme
2021-01-27 13:16:56 +03:00
committed by GitHub
parent aebf7bdff4
commit 68eba11dbf
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrncat.ql
View File

@@ -11,7 +11,6 @@
*/
import cpp
import semmle.code.cpp.valuenumbering.HashCons
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
/**
@@ -39,7 +38,7 @@ class WrongCallStrncat extends FunctionCall {
*/
predicate isExpressionEqualSizeof() {
// the left side of the expression `someExpr` is `sizeof(buf)`.
hashCons(this.getArgument(0)) = hashCons(leftsomeExpr.(SizeofExprOperator).getExprOperand())
globalValueNumber(this.getArgument(0)) = globalValueNumber(leftsomeExpr.(SizeofExprOperator).getExprOperand())
or
// value of the left side of the expression `someExpr` equal `sizeof(buf)` value, and `buf` is array.
leftsomeExpr.getValue().toInt() = this.getArgument(0).getType().getSize()