hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 15:05:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: fix OverrunWrite for backward compatibility

Browse Source 
Rather than testing for `TypeBoundsAnalysis`, we test that the reason is
not `ValueFlowAnalysis` (which is reported by the new
`cpp/very-likely-overruning-write` query), so that if a client has
overridden `BufferWrite::getMaxData` the `NoSpecifiedEstimateReason` is
taken into account.
This commit is contained in:
Paolo Tranquilli
2021-12-14 10:39:29 +00:00
committed by GitHub
parent db6214fdff
commit b979f02e5d
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
View File

@@ -21,12 +21,14 @@ import semmle.code.cpp.commons.Alloc
* See CWE-120/UnboundedWrite.ql for a summary of CWE-120 alert cases.
*/
from BufferWrite bw, Expr dest, int destSize, int estimated, TypeBoundsAnalysis reason
from BufferWrite bw, Expr dest, int destSize, int estimated, BufferWriteEstimationReason reason
where
not bw.hasExplicitLimit() and // has no explicit size limit
dest = bw.getDest() and
destSize = getBufferSize(dest, _) and
estimated = bw.getMaxDataLimited(reason) and
// we exclude ValueFlowAnalysis as it is reported in cpp/very-likely-overruning-write
not reason instanceof ValueFlowAnalysis and
// we can deduce that too much data may be copied (even without
// long '%f' conversions)
estimated > destSize