hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Exclude placement new.

Browse Source
This commit is contained in:
Geoffrey White
2018-09-21 10:53:42 +01:00
parent c7aa5c169b
commit 84f9900c8c
3 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
View File

@@ -125,7 +125,21 @@ class Resource extends MemberVariable {
private Assignment getANew() {
result.getLValue() = this.getAnAccess() and
(result.getRValue() instanceof NewExpr or result.getRValue() instanceof NewArrayExpr) and
(
(
result.getRValue() instanceof NewExpr and
// exclude placement new and custom overloads as they
// may not conform to assumptions
not result.getRValue().(NewExpr).getAllocatorCall().getTarget().getNumberOfParameters() > 1
) or (
result.getRValue() instanceof NewArrayExpr and
// exclude placement new and custom overloads as they
// may not conform to assumptions
not result.getRValue().(NewArrayExpr).getAllocatorCall().getTarget().getNumberOfParameters() > 1
)
) and
this.inSameClass(result)
}

2
cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/AV Rule 79.expected
View File

@@ -12,7 +12,5 @@
| ListDelete.cpp:21:3:21:21 | ... = ... | Resource first is acquired by class MyThingColection but not released anywhere in this class. |
| NoDestructor.cpp:23:3:23:20 | ... = ... | Resource n is acquired by class MyClass5 but not released anywhere in this class. |
| PlacementNew.cpp:36:3:36:36 | ... = ... | Resource p1 is acquired by class MyTestForPlacementNew but not released anywhere in this class. |
| PlacementNew.cpp:37:3:37:51 | ... = ... | Resource p2 is acquired by class MyTestForPlacementNew but not released anywhere in this class. |
| PlacementNew.cpp:38:3:38:49 | ... = ... | Resource p3 is acquired by class MyTestForPlacementNew but not released anywhere in this class. |
| SelfRegistering.cpp:25:3:25:24 | ... = ... | Resource side is acquired by class MyOwner but not released anywhere in this class. |
| Variants.cpp:23:3:23:13 | ... = ... | Resource f is acquired by class MyClass4 but not released anywhere in this class. |

4
cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/PlacementNew.cpp
View File

@@ -34,8 +34,8 @@ public:
void *buffer_ptr = buffer;
p1 = new MyClassForPlacementNew(1); // BAD: not released
p2 = new (std::nothrow) MyClassForPlacementNew(2); // BAD: not released
p3 = new (buffer_ptr) MyClassForPlacementNew(3); // GOOD: placement new, not an allocation [FALSE POSITIVE]
p2 = new (std::nothrow) MyClassForPlacementNew(2); // BAD: not released [NOT DETECTED]
p3 = new (buffer_ptr) MyClassForPlacementNew(3); // GOOD: placement new, not an allocation
}
~MyTestForPlacementNew()