hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll

Browse Source 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
This commit is contained in:
Mathias Vorreiter Pedersen
2023-07-24 12:04:02 +02:00
committed by GitHub
parent 8ab2f89d53
commit f0ab3a3c84
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
View File

@@ -15,8 +15,8 @@
* This is done using the product-flow library. The configuration tracks flow from the pair
* `(allocation, size of allocation)` to a pair `(a, b)` where there exists a pointer-arithmetic instruction
* `pai = a + r` such that `b` is a dataflow node where `b <= r`. Because there will be a dataflow-path from
* `allocation` to `a` this means that the `pai` will compute a pointer that's some number of elements away
* from the end position in the allocation. See `pointerAddInstructionHasBounds` for the implementation of this.
* `allocation` to `a` this means that the `pai` will compute a pointer that is some number of elements beyond
* the end position in the allocation. See `pointerAddInstructionHasBounds` for the implementation of this.
*
* In the above example, the pair `(a, b)` is `(base, size)` from the expression `base + size` on line 2. However, it could
* also be something more complex like `(base, size)` where `base` is from line 3 and `size` is from line 2, and the