Merge pull request #2900 from dbartol/dbartol/void-buffer

C++: Better fix for `void` type on buffer access
2025-12-21 19:26:31 +01:00 · 2020-03-02 09:00:15 +01:00
parent ec85f9f1a1 b0fb16c068
commit dab6691eb0
4 changed files with 31 additions and 23 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
@@ -214,23 +214,28 @@ abstract class IndirectReadOpcode extends IndirectMemoryAccessOpcode {
 }
 /**
- * An opcode that accesses a memory buffer of unknown size.
+ * An opcode that accesses a memory buffer.
 */
 abstract class BufferAccessOpcode extends Opcode {
  final override predicate hasAddressOperand() { any() }
 }
 /**
 * An opcode that accesses a memory buffer of unknown size.
 */
 abstract class UnsizedBufferAccessOpcode extends BufferAccessOpcode { }
 /**
 * An opcode that writes to a memory buffer of unknown size.
 */
-abstract class BufferWriteOpcode extends BufferAccessOpcode {
+abstract class UnsizedBufferWriteOpcode extends UnsizedBufferAccessOpcode {
  final override MemoryAccessKind getWriteMemoryAccess() { result instanceof BufferMemoryAccess }
 }
 /**
 * An opcode that reads from a memory buffer of unknown size.
 */
-abstract class BufferReadOpcode extends BufferAccessOpcode {
+abstract class UnsizedBufferReadOpcode extends UnsizedBufferAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() { result instanceof BufferMemoryAccess }
 }
@@ -262,9 +267,7 @@ abstract class EntireAllocationReadOpcode extends EntireAllocationAccessOpcode {
 /**
 * An opcode that accesses a memory buffer whose size is determined by a `BufferSizeOperand`.
 */
-abstract class SizedBufferAccessOpcode extends Opcode {
+abstract class SizedBufferAccessOpcode extends BufferAccessOpcode {
  final override predicate hasAddressOperand() { any() }
  final override predicate hasBufferSizeOperand() { any() }
 }
@@ -667,17 +670,18 @@ module Opcode {
    final override string toString() { result = "IndirectMayWriteSideEffect" }
  }
-  class BufferReadSideEffect extends ReadSideEffectOpcode, BufferReadOpcode, TBufferReadSideEffect {
+  class BufferReadSideEffect extends ReadSideEffectOpcode, UnsizedBufferReadOpcode,
    TBufferReadSideEffect {
    final override string toString() { result = "BufferReadSideEffect" }
  }
-  class BufferMustWriteSideEffect extends WriteSideEffectOpcode, BufferWriteOpcode,
+  class BufferMustWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
    TBufferMustWriteSideEffect {
    final override string toString() { result = "BufferMustWriteSideEffect" }
  }
-  class BufferMayWriteSideEffect extends WriteSideEffectOpcode, BufferWriteOpcode, MayWriteOpcode,
+  class BufferMayWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
-    TBufferMayWriteSideEffect {
+    MayWriteOpcode, TBufferMayWriteSideEffect {
    final override string toString() { result = "BufferMayWriteSideEffect" }
  }
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
@@ -26,7 +26,7 @@ private predicate hasResultMemoryAccess(
    type = languageType.getIRType() and
    isIndirectOrBufferMemoryAccess(instr.getResultMemoryAccess()) and
    (if instr.hasResultMayMemoryAccess() then isMayAccess = true else isMayAccess = false) and
-    if type.getByteSize() > 0
+    if exists(type.getByteSize())
    then endBitOffset = Ints::add(startBitOffset, Ints::mul(type.getByteSize(), 8))
    else endBitOffset = Ints::unknown()
  )
@@ -43,7 +43,7 @@ private predicate hasOperandMemoryAccess(
    type = languageType.getIRType() and
    isIndirectOrBufferMemoryAccess(operand.getMemoryAccess()) and
    (if operand.hasMayReadMemoryAccess() then isMayAccess = true else isMayAccess = false) and
-    if type.getByteSize() > 0
+    if exists(type.getByteSize())
    then endBitOffset = Ints::add(startBitOffset, Ints::mul(type.getByteSize(), 8))
    else endBitOffset = Ints::unknown()
  )
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
@@ -503,7 +503,7 @@ class TranslatedSideEffect extends TranslatedElement, TTranslatedArgumentSideEff
  }
  override CppType getInstructionOperandType(InstructionTag tag, TypedOperandTag operandTag) {
-    if hasSpecificReadSideEffect(any(Opcode::BufferReadSideEffect op))
+    if hasSpecificReadSideEffect(any(BufferAccessOpcode op))
    then
      result = getUnknownType() and
      tag instanceof OnlyInstructionTag and
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/Opcode.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/Opcode.qll
@@ -214,23 +214,28 @@ abstract class IndirectReadOpcode extends IndirectMemoryAccessOpcode {
 }
 /**
- * An opcode that accesses a memory buffer of unknown size.
+ * An opcode that accesses a memory buffer.
 */
 abstract class BufferAccessOpcode extends Opcode {
  final override predicate hasAddressOperand() { any() }
 }
 /**
 * An opcode that accesses a memory buffer of unknown size.
 */
 abstract class UnsizedBufferAccessOpcode extends BufferAccessOpcode { }
 /**
 * An opcode that writes to a memory buffer of unknown size.
 */
-abstract class BufferWriteOpcode extends BufferAccessOpcode {
+abstract class UnsizedBufferWriteOpcode extends UnsizedBufferAccessOpcode {
  final override MemoryAccessKind getWriteMemoryAccess() { result instanceof BufferMemoryAccess }
 }
 /**
 * An opcode that reads from a memory buffer of unknown size.
 */
-abstract class BufferReadOpcode extends BufferAccessOpcode {
+abstract class UnsizedBufferReadOpcode extends UnsizedBufferAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() { result instanceof BufferMemoryAccess }
 }
@@ -262,9 +267,7 @@ abstract class EntireAllocationReadOpcode extends EntireAllocationAccessOpcode {
 /**
 * An opcode that accesses a memory buffer whose size is determined by a `BufferSizeOperand`.
 */
-abstract class SizedBufferAccessOpcode extends Opcode {
+abstract class SizedBufferAccessOpcode extends BufferAccessOpcode {
  final override predicate hasAddressOperand() { any() }
  final override predicate hasBufferSizeOperand() { any() }
 }
@@ -667,17 +670,18 @@ module Opcode {
    final override string toString() { result = "IndirectMayWriteSideEffect" }
  }
-  class BufferReadSideEffect extends ReadSideEffectOpcode, BufferReadOpcode, TBufferReadSideEffect {
+  class BufferReadSideEffect extends ReadSideEffectOpcode, UnsizedBufferReadOpcode,
    TBufferReadSideEffect {
    final override string toString() { result = "BufferReadSideEffect" }
  }
-  class BufferMustWriteSideEffect extends WriteSideEffectOpcode, BufferWriteOpcode,
+  class BufferMustWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
    TBufferMustWriteSideEffect {
    final override string toString() { result = "BufferMustWriteSideEffect" }
  }
-  class BufferMayWriteSideEffect extends WriteSideEffectOpcode, BufferWriteOpcode, MayWriteOpcode,
+  class BufferMayWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
-    TBufferMayWriteSideEffect {
+    MayWriteOpcode, TBufferMayWriteSideEffect {
    final override string toString() { result = "BufferMayWriteSideEffect" }
  }