mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
This commit is contained in:
Mathias Vorreiter Pedersen
committed by
GitHub
GitHub
parent
9108982b07
commit
a272eb8447
@@ -18,9 +18,9 @@
|
|||||||
* `allocation` to `a` this means that the `pai` will compute a pointer that is some number of elements beyond
|
* `allocation` to `a` this means that the `pai` will compute a pointer that is some number of elements beyond
|
||||||
* the end position in the allocation. See `pointerAddInstructionHasBounds` for the implementation of this.
|
* the end position in the allocation. See `pointerAddInstructionHasBounds` for the implementation of this.
|
||||||
*
|
*
|
||||||
* In the above example, the pair `(a, b)` is `(base, size)` from the expression `base + size` on line 2. However, it could
|
* In the above example, the pair `(a, b)` is `(base, size)` with `base` and `size` coming from the expression `base + size` on line 2, which is also the pointer-arithmetic instruction. In general, the pair does not necessarily correspond directly to the operands of the pointer-arithmetic instruction.
|
||||||
* also be something more complex like `(base, size)` where `base` is from line 3 and `size` is from line 2, and the
|
* In the following example, the pair is again `(base, size)`, but with `base` coming from line 3 and `size` from line 2, and the
|
||||||
* pointer-arithmetic instruction is `base + n` on line 3 in the following example:
|
* pointer-arithmetic instruction being `base + n` on line 3:
|
||||||
* ```cpp
|
* ```cpp
|
||||||
* 1. int* base = new int[size];
|
* 1. int* base = new int[size];
|
||||||
* 2. if(n <= size) {
|
* 2. if(n <= size) {
|
||||||
|
|||||||
Reference in New Issue
Block a user