hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
ihsinme
2021-01-25 00:33:54 +03:00
committed by GitHub
parent 9ae503a5a8
commit b899229298
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.expected Normal file
View File

@@ -0,0 +1,9 @@
| test.c:13:3:13:24 | ... = ... | use a different method to calculate the length. |
| test.c:14:3:14:40 | ... = ... | use a different method to calculate the length. |
| test.c:15:3:15:40 | ... = ... | use a different method to calculate the length. |
| test.c:16:3:16:44 | ... = ... | use a different method to calculate the length. |
| test.c:17:3:17:44 | ... = ... | use a different method to calculate the length. |
| test.c:18:3:18:48 | ... = ... | use a different method to calculate the length. |
| test.c:19:3:19:48 | ... = ... | use a different method to calculate the length. |
| test.c:20:3:20:50 | ... = ... | use a different method to calculate the length. |
| test.c:21:3:21:50 | ... = ... | use a different method to calculate the length. |

1
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql

44
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c Normal file
View File

@@ -0,0 +1,44 @@
struct buffers
{
unsigned char buff1[50];
unsigned char *buff2;
} globalBuff1,*globalBuff2,globalBuff1_c,*globalBuff2_c;
void badFunc0(){
unsigned char buff1[12];
struct buffers buffAll;
struct buffers * buffAll1;
buff1[strlen(buff1)]=0;
buffAll.buff1[strlen(buffAll.buff1)]=0;
buffAll.buff2[strlen(buffAll.buff2)]=0;
buffAll1->buff1[strlen(buffAll1->buff1)]=0;
buffAll1->buff2[strlen(buffAll1->buff2)]=0;
globalBuff1.buff1[strlen(globalBuff1.buff1)]=0;
globalBuff1.buff2[strlen(globalBuff1.buff2)]=0;
globalBuff2->buff1[strlen(globalBuff2->buff1)]=0;
globalBuff2->buff2[strlen(globalBuff2->buff2)]=0;
}
void noBadFunc0(){
unsigned char buff1[12],buff1_c[12];
struct buffers buffAll,buffAll_c;
struct buffers * buffAll1,*buffAll1_c;
buff1[strlen(buff1_c)]=0;
buffAll.buff1[strlen(buffAll_c.buff1)]=0;
buffAll.buff2[strlen(buffAll.buff1)]=0;
buffAll1->buff1[strlen(buffAll1_c->buff1)]=0;
buffAll1->buff2[strlen(buffAll1->buff1)]=0;
globalBuff1.buff1[strlen(globalBuff1_c.buff1)]=0;
globalBuff1.buff2[strlen(globalBuff1.buff1)]=0;
globalBuff2->buff1[strlen(globalBuff2_c->buff1)]=0;
globalBuff2->buff2[strlen(globalBuff2->buff1)]=0;
}
void goodFunc0(){
unsigned char buffer[12];
int i;
for(i = 0; i < 6; i++)
buffer[i] = 'A';
buffer[i]=0;
}