hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-340] Simplify MistypedFunctionArguments.ql and reduce its

Browse Source 
precision from very-high to high.
This commit is contained in:
Ziemowit Laski
2019-04-03 16:19:37 -07:00
parent 96b8bdfeb5
commit e4ce8347bc
1 changed files with 3 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cpp/ql/src/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.ql
View File

@@ -6,7 +6,7 @@
* arguments on a stack may lead to unpredictable function behavior.
* @kind problem
* @problem.severity warning
* @precision very-high
* @precision high
* @id cpp/mistyped-function-arguments
* @tags correctness
* maintainability
@@ -14,9 +14,6 @@
import cpp
pragma[inline]
int sizeofInt() { result = any(IntType pt).getSize() }
pragma[inline]
predicate pointerArgTypeMayBeUsed(Type arg, Type parm) {
arg = parm
@@ -47,39 +44,16 @@ pragma[inline]
predicate argTypeMayBeUsed(Type arg, Type parm) {
arg = parm
or
// float will be promoted to double, and so it should correspond
// to the prototype
arg instanceof FloatType and parm instanceof DoubleType
or
// integral types are promoted "up to" (unsigned) int, but not long long.
// we treat signed and unsigned versions of integer types as compatible.
arg instanceof IntegralType and
parm instanceof IntegralType and
arg.getSize() <= sizeofInt() and
parm.getSize() <= sizeofInt()
parm instanceof IntegralType
or
/*
* // we allow interoperability between long long and pointer
* arg.getSize() = parm.getSize() and
* (
* (arg instanceof IntegralType and parm instanceof PointerType)
* or
* (arg instanceof PointerType and parm instanceof IntegralType)
* )
* or
*/
// pointers to compatible types
pointerArgTypeMayBeUsed(arg.(PointerType).getBaseType().getUnspecifiedType(),
parm.(PointerType).getBaseType().getUnspecifiedType())
or
pointerArgTypeMayBeUsed(arg.(PointerType).getBaseType().getUnspecifiedType(),
parm.(ArrayType).getBaseType().getUnspecifiedType())
or
pointerArgTypeMayBeUsed(arg.(ArrayType).getBaseType().getUnspecifiedType(),
parm.(PointerType).getBaseType().getUnspecifiedType())
or
pointerArgTypeMayBeUsed(arg.(ArrayType).getBaseType().getUnspecifiedType(),
parm.(ArrayType).getBaseType().getUnspecifiedType())
}
// This predicate doesn't necessarily have to exist, but if it does exist