hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1263 from geoffw0/bufferoverflowqueries

Browse Source 
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
This commit is contained in:
Robert Marsh
2019-04-18 13:21:57 -04:00
committed by GitHub
parent c674f54129 56e0adf152
commit c6f01265be
9 changed files with 87 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/test/query-tests/Critical/OverflowCalculated/NoSpaceForZeroTerminator.expected Normal file
View File

@@ -0,0 +1,5 @@
| tests1.cpp:26:21:26:26 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |

0
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.qlref → cpp/ql/test/query-tests/Critical/OverflowCalculated/NoSpaceForZeroTerminator.qlref
View File

3
cpp/ql/test/query-tests/Critical/OverflowCalculated/OverflowCalculated.expected
View File

@@ -1,4 +1 @@
| tests1.cpp:26:21:26:26 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
| tests2.cpp:34:4:34:9 | call to strcat | This buffer only contains enough room for 'str1' (copied on line 33) |

68
cpp/ql/test/query-tests/Critical/OverflowCalculated/tests3.cpp Normal file
View File

@@ -0,0 +1,68 @@
// tests1.cpp
typedef unsigned int size_t;
char *strcpy(char *destination, const char *source);
char *strcat(char *destination, const char *source);
size_t strlen(const char *str);
namespace std
{
void *malloc(size_t size);
void free(void *ptr);
}
const char *str3global = "123";
void tests3(int case_num)
{
const char *str3local = "123";
char *buffer = 0;
switch (case_num)
{
case 1:
buffer = (char *)std::malloc(strlen(str3global)); // BAD
strcpy(buffer, str3global);
break;
case 2:
buffer = (char *)std::malloc(strlen(str3local)); // BAD
strcpy(buffer, str3local);
break;
case 3:
buffer = (char *)std::malloc(strlen(str3global) + 1); // GOOD
strcpy(buffer, str3global);
break;
case 4:
buffer = (char *)std::malloc(strlen(str3local) + 1); // GOOD
strcpy(buffer, str3local);
break;
}
if (buffer != 0)
{
std::free(buffer);
}
}
void test3b()
{
char *buffer = new char[strlen(str3global)]; // BAD [NOT DETECTED]
strcpy(buffer, str3global);
delete buffer;
}
void test3c()
{
char *buffer = new char[10]; // BAD [NOT DETECTED]
strcpy(buffer, "123456");
strcat(buffer, "123456");
delete buffer;
}

0
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.expected → cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
View File

1
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql