hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add more QLDoc.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-10-04 14:37:05 +02:00
parent 9a139ea903
commit 843e9ad254
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
View File

@@ -291,6 +291,19 @@ private module Config implements ProductFlow::StateConfigSig {
}
predicate isBarrier2(DataFlow::Node node) {
// Block flow from `*p` to `*(p + n)` when `n` is not `0`. This removes
// false positives
// when tracking the size of the allocation as an element of an array such
// as:
// ```
// size_t* p = new size_t[n];
// ...
// p[0] = n;
// int i = p[1];
// p[i] = ...
// ```
// In the above case, this barrier blocks flow from the indirect node
// for `p` to `p[1]`.
exists(Operand operand, PointerAddInstruction add |
node.(IndirectOperand).hasOperandAndIndirectionIndex(operand, _) and
add.getLeftOperand() = operand and