Merge pull request #7625 from geoffw0/nullterm4

C++: Fix some code duplication.
2026-05-05 13:45:19 +02:00 · 2022-01-18 11:18:06 +00:00
parent b16b0270d2 d475101286
commit cb0cc8d859
2 changed files with 18 additions and 14 deletions
--- a/cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll
@@ -101,6 +101,21 @@ predicate functionArgumentMustBeNullTerminated(Function f, int i) {
  f instanceof StrcatFunction and i = 0
 }

+/**
+ * Holds if `arg` is a string format argument to a formatting function call
+ * `ffc`.
+ */
+predicate formatArgumentMustBeNullTerminated(FormattingFunctionCall ffc, Expr arg) {
+  // String argument to a formatting function (such as `printf`)
+  exists(int n, FormatLiteral fl |
+    ffc.getConversionArgument(n) = arg and
+    fl = ffc.getFormat() and
+    fl.getConversionType(n) instanceof PointerType and // `%s`, `%ws` etc
+    not fl.getConversionType(n) instanceof VoidPointerType and // exclude: `%p`
+    not fl.hasPrecision(n) // exclude: `%.*s`
+  )
+}
+
 /**
 * Holds if `va` is a variable access where the contents must be null terminated.
 */
@@ -113,13 +128,7 @@ predicate variableMustBeNullTerminated(VariableAccess va) {
    )
    or
    // String argument to a formatting function (such as `printf`)
-    exists(int n, FormatLiteral fl |
-      fc.(FormattingFunctionCall).getConversionArgument(n) = va and
-      fl = fc.(FormattingFunctionCall).getFormat() and
-      fl.getConversionType(n) instanceof PointerType and // `%s`, `%ws` etc
-      not fl.getConversionType(n) instanceof VoidPointerType and // exclude: `%p`
-      not fl.hasPrecision(n) // exclude: `%.*s`
-    )
+    formatArgumentMustBeNullTerminated(fc, va)
    or
    // Call to a wrapper function that requires null termination
    // (not itself adding a null terminator)