hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Separate the dataflow case from dynamic allocation.

Browse Source
This commit is contained in:
Geoffrey White
2018-10-02 10:20:46 +01:00
parent ef8ca5de58
commit beb21f92d3
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
View File

@@ -77,10 +77,11 @@ int getBufferSize(Expr bufferExpr, Element why) {
parentClass.getSize()
)
) or (
// buffer is assigned with an allocation
DataFlow::localFlowStep(DataFlow::exprNode(why), DataFlow::exprNode(bufferExpr)) and
isFixedSizeAllocationExpr(why, result)
// buffer is a fixed size dynamic allocation
isFixedSizeAllocationExpr(bufferExpr, result) and
why = bufferExpr
) or exists(Expr def, Element why2 |
// dataflow
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) and
result = getBufferSize(def, why2) and
(