C++: Remove taint flow from size parameter.

2026-04-30 11:15:13 +02:00 · 2020-10-01 10:51:01 +01:00
parent ed5c3b321f
commit ce9abe071d
1 changed files with 1 additions and 9 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Memcpy.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Memcpy.qll
@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.Taint
 * The standard functions `memcpy` and `memmove`, and the gcc variant
 * `__builtin___memcpy_chk`
 */
-class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction, TaintFunction {
+class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction {
  MemcpyFunction() {
    // memcpy(dest, src, num)
    this.hasName("memcpy")
@@ -59,14 +59,6 @@ class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction
    output.isReturnValue()
  }

-  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
-    input.isParameter(getParamSize()) and
-    output.isParameterDeref(getParamDest())
-    or
-    input.isParameter(getParamSize()) and
-    output.isReturnValueDeref()
-  }
-
  override predicate hasArrayWithVariableSize(int bufParam, int countParam) {
    (
      bufParam = getParamDest() or