C++: Add extra cases to Allocation / Deallocation.

2026-04-29 18:55:14 +02:00 · 2020-12-07 18:44:46 +00:00
parent 899d1ab6d8
commit e02ebfb9bd
2 changed files with 9 additions and 4 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
@@ -82,7 +82,9 @@ private class AllocaAllocationFunction extends AllocationFunction {
    hasGlobalName([
        // --- stack allocation
        "alloca", // // alloca(size)
-        "__builtin_alloca" // __builtin_alloca(size)
+        "__builtin_alloca", // __builtin_alloca(size)
+        "_alloca", // __alloca(size)
+        "_malloca" // _malloca(size)
      ]) and
    sizeArg = 0
  }
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
@@ -14,11 +14,14 @@ import semmle.code.cpp.models.interfaces.Taint
 private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
  StrdupFunction() {
    hasGlobalName([
+        // --- C library allocation
        "strdup", // strdup(str)
        "wcsdup", // wcsdup(str)
        "_strdup", // _strdup(str)
        "_wcsdup", // _wcsdup(str)
-        "_mbsdup" // _mbsdup(str)
+        "_mbsdup", // _mbsdup(str)
+        // --- Windows Automation
+        "SysAllocString" // SysAllocString(string)
      ])
  }

@@ -39,8 +42,8 @@ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlo
  StrndupFunction() {
    exists(string name |
      hasGlobalName(name) and
-      // strndup(str, maxlen)
-      name = "strndup"
+      // --- C library allocation
+      name = "strndup" // strndup(str, maxlen)
    )
  }