hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix join order in cpp/invalid-pointer-deref

Browse Source
This commit is contained in:
Jeroen Ketema
2023-06-02 16:37:35 +02:00
parent ac4933a9cc
commit 8ac1d56a7f
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql
View File

@@ -182,6 +182,8 @@ predicate isSinkImpl(
/**
* Yields any instruction that is control-flow reachable from `instr`.
*/
bindingset[instr, result]
pragma[inline_late]
Instruction getASuccessor(Instruction instr) {
exists(IRBlock b, int instrIndex, int resultIndex |
result.getBlock() = b and
@@ -202,11 +204,12 @@ Instruction getASuccessor(Instruction instr) {
*/
pragma[inline]
predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation, int delta) {
exists(AddressOperand addr |
bounded1(addr.getDef(), sink.asInstruction(), delta) and
exists(AddressOperand addr, Instruction s |
s = sink.asInstruction() and
bounded1(addr.getDef(), s, delta) and
delta >= 0 and
i.getAnOperand() = addr and
i = getASuccessor(sink.asInstruction())
i = getASuccessor(s)
|
i instanceof StoreInstruction and
operation = "write"