From 7db2b2ce37eb65565c7ccaa41433e7805a930e2a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 20 Oct 2020 17:46:47 +0100 Subject: [PATCH] C++: Make the two queries more alike. --- cpp/ql/src/Critical/SizeCheck.ql | 7 +------ cpp/ql/src/Critical/SizeCheck2.ql | 9 +++++++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpp/ql/src/Critical/SizeCheck.ql b/cpp/ql/src/Critical/SizeCheck.ql index 313763ba56c..e9d7c7a0028 100644 --- a/cpp/ql/src/Critical/SizeCheck.ql +++ b/cpp/ql/src/Critical/SizeCheck.ql @@ -15,12 +15,7 @@ import cpp class Allocation extends FunctionCall { - Allocation() { - exists(string name | - this.getTarget().hasGlobalOrStdName(name) and - (name = "malloc" or name = "calloc" or name = "realloc") - ) - } + Allocation() { this.getTarget().hasGlobalOrStdName(["malloc", "calloc", "realloc"]) } private string getName() { this.getTarget().hasGlobalOrStdName(result) } diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql index 1b7e1347c30..3ed7365a85f 100644 --- a/cpp/ql/src/Critical/SizeCheck2.ql +++ b/cpp/ql/src/Critical/SizeCheck2.ql @@ -44,16 +44,21 @@ predicate baseType(Allocation alloc, Type base) { ) } +predicate decideOnSize(Type t, int size) { + // If the codebase has more than one type with the same name, it can have more than one size. + size = min(t.getSize()) +} + from Allocation alloc, Type base, int basesize, int allocated where baseType(alloc, base) and allocated = alloc.getSize() and + decideOnSize(base, basesize) and // If the codebase has more than one type with the same name, check if any matches not exists(int size | base.getSize() = size | size = 0 or (allocated / size) * size = allocated - ) and - basesize = min(base.getSize()) + ) select alloc, "Allocated memory (" + allocated.toString() + " bytes) is not a multiple of the size of '" + base.getName() + "' (" + basesize.toString() + " bytes)."