hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql

Browse Source 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
This commit is contained in:
ihsinme
2022-06-23 12:50:59 +03:00
committed by GitHub
parent 5609d5200b
commit c1f0940b6a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
View File

@@ -64,8 +64,8 @@ from FunctionCall fc
where where
exists(ArrayType array, int bufArgPos, int sizeArgPos | exists(ArrayType array, int bufArgPos, int sizeArgPos |
numberArgument(fc.getTarget(), bufArgPos, sizeArgPos) and numberArgument(fc.getTarget(), bufArgPos, sizeArgPos) and
fc.getArgument(sizeArgPos).getValue().toInt() > array.getByteSize() and fc.getArgument(pragma[only_bind_into](sizeArgPos)).getValue().toInt() > array.getByteSize() and
fc.getArgument(bufArgPos).(VariableAccess).getTarget().getADeclarationEntry().getType() = array fc.getArgument(pragma[only_bind_into](bufArgPos)).(VariableAccess).getTarget().getADeclarationEntry().getType() = array
) )
select fc, select fc,
"Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer." "Access beyond the bounds of the allocated memory is possible, the size argument used is greater than the size of the buffer."