hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Generalize a little.

Browse Source
This commit is contained in:
Geoffrey White
2019-07-01 19:06:23 +01:00
parent 7fc31f263a
commit 73c7bc1db9
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
View File

@@ -15,6 +15,7 @@
*/
import cpp
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.models.implementations.Memcpy
class MallocCall extends FunctionCall
{
@@ -35,11 +36,12 @@ class MallocCall extends FunctionCall
predicate terminationProblem(MallocCall malloc, string msg) {
malloc.getAllocatedSize() instanceof StrlenCall and
not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc |
not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc, MemcpyFunction memcpy, int ix |
DataFlow::localFlow(def, use) and
def.asExpr() = malloc and
use.asExpr() = fc.getArgument(0) and
fc.getTarget().hasName("memcpy")
fc.getTarget() = memcpy and
memcpy.hasArrayOutput(ix) and
use.asExpr() = fc.getArgument(ix)
) and
msg = "This allocation does not include space to null-terminate the string."
}