C++: Undo changes to SizeCheck.ql, SizeCheck2.ql.

2026-05-01 03:35:13 +02:00 · 2023-01-05 12:25:51 +00:00
parent 2023abdc60
commit 823c767aac
6 changed files with 10 additions and 14 deletions
--- a/cpp/ql/src/Critical/SizeCheck.ql
+++ b/cpp/ql/src/Critical/SizeCheck.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.models.Models

-predicate baseType(HeuristicAllocationExpr alloc, Type base) {
+predicate baseType(AllocationExpr alloc, Type base) {
  exists(PointerType pointer |
    pointer.getBaseType() = base and
    (
@@ -34,12 +34,12 @@ predicate decideOnSize(Type t, int size) {
  size = min(t.getSize())
 }

-from HeuristicAllocationExpr alloc, Type base, int basesize, int allocated
+from AllocationExpr alloc, Type base, int basesize, int allocated
 where
  baseType(alloc, base) and
  allocated = alloc.getSizeBytes() and
  decideOnSize(base, basesize) and
-  alloc.(FunctionCall).getTarget() instanceof HeuristicAllocationFunction and // exclude `new` and similar
+  alloc.(FunctionCall).getTarget() instanceof AllocationFunction and // exclude `new` and similar
  basesize > allocated
 select alloc,
  "Type '" + base.getName() + "' is " + basesize.toString() + " bytes, but only " +
--- a/cpp/ql/src/Critical/SizeCheck2.ql
+++ b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -16,7 +16,7 @@
 import cpp
 import semmle.code.cpp.models.Models

-predicate baseType(HeuristicAllocationExpr alloc, Type base) {
+predicate baseType(AllocationExpr alloc, Type base) {
  exists(PointerType pointer |
    pointer.getBaseType() = base and
    (
@@ -34,12 +34,12 @@ predicate decideOnSize(Type t, int size) {
  size = min(t.getSize())
 }

-from HeuristicAllocationExpr alloc, Type base, int basesize, int allocated
+from AllocationExpr alloc, Type base, int basesize, int allocated
 where
  baseType(alloc, base) and
  allocated = alloc.getSizeBytes() and
  decideOnSize(base, basesize) and
-  alloc.(FunctionCall).getTarget() instanceof HeuristicAllocationFunction and // exclude `new` and similar
+  alloc.(FunctionCall).getTarget() instanceof AllocationFunction and // exclude `new` and similar
  // If the codebase has more than one type with the same name, check if any matches
  not exists(int size | base.getSize() = size |
    size = 0 or
--- a/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck.expected
+++ b/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck.expected
@@ -3,5 +3,3 @@
 | test.c:32:19:32:24 | call to malloc | Type 'float' is 4 bytes, but only 2 bytes are allocated. |
 | test.c:33:20:33:25 | call to malloc | Type 'double' is 8 bytes, but only 4 bytes are allocated. |
 | test.c:59:15:59:20 | call to malloc | Type 'MyUnion' is 128 bytes, but only 8 bytes are allocated. |
-| test.c:69:20:69:28 | call to MyMalloc1 | Type 'float' is 4 bytes, but only 3 bytes are allocated. |
-| test.c:70:20:70:28 | call to MyMalloc2 | Type 'float' is 4 bytes, but only 3 bytes are allocated. |
--- a/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck2.expected
+++ b/cpp/ql/test/query-tests/Critical/SizeCheck/SizeCheck2.expected
@@ -2,5 +2,3 @@
 | test2.c:17:20:17:25 | call to malloc | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
 | test2.c:32:23:32:28 | call to malloc | Allocated memory (28 bytes) is not a multiple of the size of 'long long' (8 bytes). |
 | test2.c:33:20:33:25 | call to malloc | Allocated memory (20 bytes) is not a multiple of the size of 'double' (8 bytes). |
-| test2.c:53:21:53:29 | call to MyMalloc1 | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
-| test2.c:54:21:54:29 | call to MyMalloc2 | Allocated memory (33 bytes) is not a multiple of the size of 'double' (8 bytes). |
--- a/cpp/ql/test/query-tests/Critical/SizeCheck/test.c
+++ b/cpp/ql/test/query-tests/Critical/SizeCheck/test.c
@@ -66,6 +66,6 @@ void *MyMalloc2(size_t size);

 void customAllocatorTests()
 {
-    float *fptr1 = MyMalloc1(3); // BAD (too small)
-    float *fptr2 = MyMalloc2(3); // BAD (too small)
+    float *fptr1 = MyMalloc1(3); // BAD (too small) [NOT DETECTED]
+    float *fptr2 = MyMalloc2(3); // BAD (too small) [NOT DETECTED]
 }
--- a/cpp/ql/test/query-tests/Critical/SizeCheck/test2.c
+++ b/cpp/ql/test/query-tests/Critical/SizeCheck/test2.c
@@ -50,6 +50,6 @@ void *MyMalloc2(size_t size);

 void customAllocatorTests()
 {
-    double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double)
-    double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double)
+    double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
+    double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
 }