hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Remove 'ValidForStateConfig'.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2023-08-11 13:57:59 +01:00
parent 2164069eda
commit f4e6deeee0
1 changed files with 5 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll
View File

@@ -118,11 +118,11 @@ private module SizeBarrier {
predicate isSink(DataFlow::Node sink) { isSink(_, sink, _, _, _) }
}
private import DataFlow::Global<SizeBarrierConfig>
module SizeBarrierFlow = DataFlow::Global<SizeBarrierConfig>;
private int getASizeAddend(DataFlow::Node node) {
exists(DataFlow::Node source |
flow(source, node) and
SizeBarrierFlow::flow(source, node) and
hasSize(_, source, result)
)
}
@@ -133,7 +133,7 @@ private module SizeBarrier {
private predicate operandGuardChecks(
IRGuardCondition g, Operand left, DataFlow::Node right, int k, boolean edge
) {
flowTo(right) and
SizeBarrierFlow::flowTo(right) and
SizeBarrierConfig::isSink(DataFlow::operandNode(left), right, g, k, edge)
}
@@ -174,27 +174,15 @@ private module SizeBarrier {
)
}
private module ValidForStateConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { hasSize(_, source, _) }
predicate isSink(DataFlow::Node sink) { isSink(sink, _, _) }
additional predicate isSink(DataFlow::Node sink, int delta, int k) {
sink.asOperand() = SizeBarrier::getABarrierInstruction0(delta, k).getAUse()
}
}
private module ValidForStateFlow = DataFlow::Global<ValidForStateConfig>;
/**
* Gets a `DataFlow::Node` that is guarded by a guard condition which ensures that
* the value of the node is upper-bounded by size of some allocation.
*/
DataFlow::Node getABarrierNode(int state) {
exists(DataFlow::Node source, int delta, int k |
ValidForStateFlow::flow(source, result) and
SizeBarrierFlow::flow(source, result) and
hasSize(_, source, state) and
ValidForStateConfig::isSink(result, delta, k) and
result.asInstruction() = SizeBarrier::getABarrierInstruction0(delta, k) and
state > k + delta
// so now we have:
// result <= "size of allocation" + delta + k