mirror of
https://github.com/github/codeql.git
synced 2026-04-23 07:45:17 +02:00
Rust: Implement barrier guard.
This commit is contained in:
Geoffrey White
@@ -7,6 +7,8 @@ import rust
|
||||
private import codeql.rust.Concepts
|
||||
private import codeql.rust.dataflow.DataFlow
|
||||
private import codeql.rust.dataflow.FlowSink
|
||||
private import codeql.rust.controlflow.ControlFlowGraph as Cfg
|
||||
private import codeql.rust.controlflow.CfgNodes as CfgNodes
|
||||
|
||||
/**
|
||||
* Provides default sources, sinks and barriers for detecting uncontrolled
|
||||
@@ -26,9 +28,25 @@ module UncontrolledAllocationSize {
|
||||
abstract class Barrier extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* sink for uncontrolled allocation size from model data.
|
||||
* A sink for uncontrolled allocation size from model data.
|
||||
*/
|
||||
private class ModelsAsDataSink extends Sink {
|
||||
ModelsAsDataSink() { sinkNode(this, ["alloc-size", "alloc-layout"]) }
|
||||
}
|
||||
|
||||
/**
|
||||
* A barrier for uncontrolled allocation size that is an guard / bound check.
|
||||
*/
|
||||
private class BoundCheckBarrier extends Barrier {
|
||||
BoundCheckBarrier() { this = DataFlow::BarrierGuard<isBoundCheck/3>::getABarrierNode() }
|
||||
}
|
||||
|
||||
private predicate isBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) {
|
||||
// any comparison (`g` / `cmp`) guards the expression on either side (`node`)
|
||||
exists(BinaryExpr cmp |
|
||||
g = cmp.getACfgNode() and
|
||||
[cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and
|
||||
branch = [true, false]
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,29 +18,12 @@
|
||||
| main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:83:13:83:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:83:13:83:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:97:17:97:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:97:17:97:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:116:17:116:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:116:17:116:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:121:17:121:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:121:17:121:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:126:17:126:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:126:17:126:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:135:13:135:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:135:13:135:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:147:17:147:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:147:17:147:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:158:13:158:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:158:13:158:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:170:17:170:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:170:17:170:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:178:13:178:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:178:13:178:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
@@ -60,7 +43,6 @@
|
||||
| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value |
|
||||
| main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value |
|
||||
| main.rs:301:22:301:38 | ...::alloc | main.rs:309:26:309:39 | ...::args | main.rs:301:22:301:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:309:26:309:39 | ...::args | user-provided value |
|
||||
edges
|
||||
| main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | |
|
||||
| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 |
|
||||
@@ -151,133 +133,25 @@ edges
|
||||
| main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | |
|
||||
| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | |
|
||||
| main.rs:81:33:81:40 | ...: usize | main.rs:82:54:82:54 | v | provenance | |
|
||||
| main.rs:82:9:82:14 | layout | main.rs:83:31:83:36 | layout | provenance | |
|
||||
| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | main.rs:82:18:82:67 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:82:18:82:67 | ... .unwrap(...) | main.rs:82:9:82:14 | layout | provenance | |
|
||||
| main.rs:82:54:82:54 | v | main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:83:31:83:36 | layout | main.rs:83:13:83:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | |
|
||||
| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | |
|
||||
| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | |
|
||||
| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:95:51:95:51 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:99:31:99:31 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:115:54:115:54 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:120:54:120:54 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:125:54:125:54 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:131:50:131:50 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:138:13:138:21 | mut v_mut | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:157:54:157:54 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:168:55:168:55 | v | provenance | |
|
||||
| main.rs:91:38:91:45 | ...: usize | main.rs:176:51:176:51 | v | provenance | |
|
||||
| main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | |
|
||||
| main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | |
|
||||
| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | |
|
||||
| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:95:13:95:14 | l2 | main.rs:97:35:97:36 | l2 | provenance | |
|
||||
| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | main.rs:95:18:95:61 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:95:18:95:61 | ... .unwrap(...) | main.rs:95:13:95:14 | l2 | provenance | |
|
||||
| main.rs:95:51:95:51 | v | main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | |
|
||||
| main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | |
|
||||
| main.rs:97:35:97:36 | l2 | main.rs:97:17:97:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:99:31:99:31 | v | main.rs:81:33:81:40 | ...: usize | provenance | |
|
||||
| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | |
|
||||
| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | |
|
||||
| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | |
|
||||
| main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | |
|
||||
| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | |
|
||||
| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | |
|
||||
| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | |
|
||||
| main.rs:115:13:115:14 | l4 | main.rs:116:35:116:36 | l4 | provenance | |
|
||||
| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | main.rs:115:18:115:67 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:115:18:115:67 | ... .unwrap(...) | main.rs:115:13:115:14 | l4 | provenance | |
|
||||
| main.rs:115:54:115:54 | v | main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:116:35:116:36 | l4 | main.rs:116:17:116:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:120:13:120:14 | l5 | main.rs:121:35:121:36 | l5 | provenance | |
|
||||
| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | main.rs:120:18:120:67 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:120:18:120:67 | ... .unwrap(...) | main.rs:120:13:120:14 | l5 | provenance | |
|
||||
| main.rs:120:54:120:54 | v | main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:121:35:121:36 | l5 | main.rs:121:17:121:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:125:13:125:14 | l6 | main.rs:126:35:126:36 | l6 | provenance | |
|
||||
| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | main.rs:125:18:125:67 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:125:18:125:67 | ... .unwrap(...) | main.rs:125:13:125:14 | l6 | provenance | |
|
||||
| main.rs:125:54:125:54 | v | main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:126:35:126:36 | l6 | main.rs:126:17:126:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:131:9:131:10 | l7 | main.rs:135:31:135:32 | l7 | provenance | |
|
||||
| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | main.rs:131:14:131:63 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:131:14:131:63 | ... .unwrap(...) | main.rs:131:9:131:10 | l7 | provenance | |
|
||||
| main.rs:131:50:131:50 | v | main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:135:31:135:32 | l7 | main.rs:135:13:135:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:138:13:138:21 | mut v_mut | main.rs:144:51:144:55 | v_mut | provenance | |
|
||||
| main.rs:144:13:144:14 | l8 | main.rs:147:35:147:36 | l8 | provenance | |
|
||||
| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | main.rs:144:18:144:65 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:144:18:144:65 | ... .unwrap(...) | main.rs:144:13:144:14 | l8 | provenance | |
|
||||
| main.rs:144:51:144:55 | v_mut | main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | |
|
||||
| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | |
|
||||
| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | |
|
||||
| main.rs:147:35:147:36 | l8 | main.rs:147:17:147:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | |
|
||||
| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | |
|
||||
| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 |
|
||||
| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | |
|
||||
| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | |
|
||||
| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 |
|
||||
| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:157:9:157:11 | l12 | main.rs:158:31:158:33 | l12 | provenance | |
|
||||
| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | main.rs:157:15:157:73 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:157:15:157:73 | ... .unwrap(...) | main.rs:157:9:157:11 | l12 | provenance | |
|
||||
| main.rs:157:48:157:63 | clamp(...) | main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | provenance | MaD:18 |
|
||||
| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | provenance | |
|
||||
| main.rs:157:54:157:54 | v | main.rs:157:48:157:63 | clamp(...) | provenance | |
|
||||
| main.rs:158:31:158:33 | l12 | main.rs:158:13:158:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | |
|
||||
| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | |
|
||||
| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | |
|
||||
| main.rs:168:13:168:15 | l14 | main.rs:170:35:170:37 | l14 | provenance | |
|
||||
| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | main.rs:168:19:168:68 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:168:19:168:68 | ... .unwrap(...) | main.rs:168:13:168:15 | l14 | provenance | |
|
||||
| main.rs:168:55:168:55 | v | main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:170:35:170:37 | l14 | main.rs:170:17:170:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:176:9:176:11 | l15 | main.rs:178:31:178:33 | l15 | provenance | |
|
||||
| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | main.rs:176:15:176:64 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:176:15:176:64 | ... .unwrap(...) | main.rs:176:9:176:11 | l15 | provenance | |
|
||||
| main.rs:176:51:176:51 | v | main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:178:31:178:33 | l15 | main.rs:178:13:178:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | |
|
||||
| main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | |
|
||||
| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
@@ -322,31 +196,17 @@ edges
|
||||
| main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | |
|
||||
| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:292:25:292:42 | ...: String | main.rs:293:16:293:42 | user_input.parse(...) [Ok] | provenance | MaD:32 |
|
||||
| main.rs:293:9:293:12 | size | main.rs:297:9:297:17 | num_bytes | provenance | |
|
||||
| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | main.rs:293:16:293:43 | TryExpr | provenance | |
|
||||
| main.rs:293:16:293:43 | TryExpr | main.rs:293:9:293:12 | size | provenance | |
|
||||
| main.rs:297:9:297:17 | num_bytes | main.rs:299:54:299:62 | num_bytes | provenance | |
|
||||
| main.rs:299:9:299:14 | layout | main.rs:301:40:301:45 | layout | provenance | |
|
||||
| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | main.rs:299:18:299:75 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
| main.rs:299:18:299:75 | ... .unwrap(...) | main.rs:299:9:299:14 | layout | provenance | |
|
||||
| main.rs:299:54:299:62 | num_bytes | main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 |
|
||||
| main.rs:301:40:301:45 | layout | main.rs:301:22:301:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 |
|
||||
| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 |
|
||||
| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 |
|
||||
| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:33 |
|
||||
| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 |
|
||||
| main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | |
|
||||
| main.rs:309:26:309:39 | ...::args | main.rs:309:26:309:41 | ...::args(...) [element] | provenance | Src:MaD:16 |
|
||||
| main.rs:309:26:309:41 | ...::args(...) [element] | main.rs:309:26:309:48 | ... .nth(...) [Some] | provenance | MaD:35 |
|
||||
| main.rs:309:26:309:48 | ... .nth(...) [Some] | main.rs:309:26:309:75 | ... .unwrap_or(...) | provenance | MaD:29 |
|
||||
| main.rs:309:26:309:75 | ... .unwrap_or(...) | main.rs:292:25:292:42 | ...: String | provenance | |
|
||||
| main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | |
|
||||
| main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | |
|
||||
| main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | |
|
||||
| main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | |
|
||||
| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | |
|
||||
| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 |
|
||||
| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 |
|
||||
| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:33 |
|
||||
| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 |
|
||||
| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 |
|
||||
| main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 |
|
||||
@@ -389,9 +249,7 @@ models
|
||||
| 30 | Summary: lang:core; <crate::result::Result>::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value |
|
||||
| 31 | Summary: lang:core; <crate::result::Result>::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value |
|
||||
| 32 | Summary: lang:core; <str>::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint |
|
||||
| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value |
|
||||
| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value |
|
||||
| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value |
|
||||
| 33 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value |
|
||||
nodes
|
||||
| main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize |
|
||||
| main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc |
|
||||
@@ -484,131 +342,23 @@ nodes
|
||||
| main.rs:67:46:67:46 | v | semmle.label | v |
|
||||
| main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:68:31:68:32 | l4 | semmle.label | l4 |
|
||||
| main.rs:71:35:71:38 | ...: T | semmle.label | ...: T |
|
||||
| main.rs:77:9:77:16 | return v | semmle.label | return v |
|
||||
| main.rs:81:33:81:40 | ...: usize | semmle.label | ...: usize |
|
||||
| main.rs:82:9:82:14 | layout | semmle.label | layout |
|
||||
| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:82:18:82:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:82:54:82:54 | v | semmle.label | v |
|
||||
| main.rs:83:13:83:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:83:31:83:36 | layout | semmle.label | layout |
|
||||
| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize |
|
||||
| main.rs:87:9:87:14 | layout | semmle.label | layout |
|
||||
| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:87:54:87:54 | v | semmle.label | v |
|
||||
| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:88:31:88:36 | layout | semmle.label | layout |
|
||||
| main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize |
|
||||
| main.rs:92:9:92:10 | l1 | semmle.label | l1 |
|
||||
| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:92:47:92:47 | v | semmle.label | v |
|
||||
| main.rs:95:13:95:14 | l2 | semmle.label | l2 |
|
||||
| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:95:18:95:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:95:51:95:51 | v | semmle.label | v |
|
||||
| main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:96:35:96:36 | l1 | semmle.label | l1 |
|
||||
| main.rs:97:17:97:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:97:35:97:36 | l2 | semmle.label | l2 |
|
||||
| main.rs:99:31:99:31 | v | semmle.label | v |
|
||||
| main.rs:101:13:101:14 | l3 | semmle.label | l3 |
|
||||
| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:101:51:101:51 | v | semmle.label | v |
|
||||
| main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:102:35:102:36 | l1 | semmle.label | l1 |
|
||||
| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:103:35:103:36 | l3 | semmle.label | l3 |
|
||||
| main.rs:105:33:105:33 | v | semmle.label | v |
|
||||
| main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:109:35:109:36 | l1 | semmle.label | l1 |
|
||||
| main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:111:35:111:36 | l1 | semmle.label | l1 |
|
||||
| main.rs:115:13:115:14 | l4 | semmle.label | l4 |
|
||||
| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:115:18:115:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:115:54:115:54 | v | semmle.label | v |
|
||||
| main.rs:116:17:116:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:116:35:116:36 | l4 | semmle.label | l4 |
|
||||
| main.rs:120:13:120:14 | l5 | semmle.label | l5 |
|
||||
| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:120:18:120:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:120:54:120:54 | v | semmle.label | v |
|
||||
| main.rs:121:17:121:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:121:35:121:36 | l5 | semmle.label | l5 |
|
||||
| main.rs:125:13:125:14 | l6 | semmle.label | l6 |
|
||||
| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:125:18:125:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:125:54:125:54 | v | semmle.label | v |
|
||||
| main.rs:126:17:126:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:126:35:126:36 | l6 | semmle.label | l6 |
|
||||
| main.rs:131:9:131:10 | l7 | semmle.label | l7 |
|
||||
| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:131:14:131:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:131:50:131:50 | v | semmle.label | v |
|
||||
| main.rs:135:13:135:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:135:31:135:32 | l7 | semmle.label | l7 |
|
||||
| main.rs:138:13:138:21 | mut v_mut | semmle.label | mut v_mut |
|
||||
| main.rs:144:13:144:14 | l8 | semmle.label | l8 |
|
||||
| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:144:18:144:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:144:51:144:55 | v_mut | semmle.label | v_mut |
|
||||
| main.rs:145:13:145:14 | l9 | semmle.label | l9 |
|
||||
| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:145:51:145:51 | v | semmle.label | v |
|
||||
| main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:146:35:146:36 | l1 | semmle.label | l1 |
|
||||
| main.rs:147:17:147:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:147:35:147:36 | l8 | semmle.label | l8 |
|
||||
| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:148:35:148:36 | l9 | semmle.label | l9 |
|
||||
| main.rs:151:9:151:11 | l10 | semmle.label | l10 |
|
||||
| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) |
|
||||
| main.rs:151:62:151:62 | v | semmle.label | v |
|
||||
| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:152:31:152:33 | l10 | semmle.label | l10 |
|
||||
| main.rs:154:9:154:11 | l11 | semmle.label | l11 |
|
||||
| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) |
|
||||
| main.rs:154:62:154:62 | v | semmle.label | v |
|
||||
| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:155:31:155:33 | l11 | semmle.label | l11 |
|
||||
| main.rs:157:9:157:11 | l12 | semmle.label | l12 |
|
||||
| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
| main.rs:157:15:157:73 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:157:48:157:63 | clamp(...) | semmle.label | clamp(...) |
|
||||
| main.rs:157:54:157:54 | v | semmle.label | v |
|
||||
| main.rs:158:13:158:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:158:31:158:33 | l12 | semmle.label | l12 |
|
||||
| main.rs:161:13:161:15 | l13 | semmle.label | l13 |
|
||||
| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:161:55:161:55 | v | semmle.label | v |
|
||||
| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:162:35:162:37 | l13 | semmle.label | l13 |
|
||||
| main.rs:168:13:168:15 | l14 | semmle.label | l14 |
|
||||
| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:168:19:168:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:168:55:168:55 | v | semmle.label | v |
|
||||
| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:169:35:169:37 | l13 | semmle.label | l13 |
|
||||
| main.rs:170:17:170:33 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:170:35:170:37 | l14 | semmle.label | l14 |
|
||||
| main.rs:176:9:176:11 | l15 | semmle.label | l15 |
|
||||
| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:176:15:176:64 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:176:51:176:51 | v | semmle.label | v |
|
||||
| main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:177:31:177:32 | l1 | semmle.label | l1 |
|
||||
| main.rs:178:13:178:29 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:178:31:178:33 | l15 | semmle.label | l15 |
|
||||
| main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize |
|
||||
| main.rs:192:9:192:10 | l2 | semmle.label | l2 |
|
||||
| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] |
|
||||
@@ -656,25 +406,10 @@ nodes
|
||||
| main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes |
|
||||
| main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:284:40:284:45 | layout | semmle.label | layout |
|
||||
| main.rs:292:25:292:42 | ...: String | semmle.label | ...: String |
|
||||
| main.rs:293:9:293:12 | size | semmle.label | size |
|
||||
| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] |
|
||||
| main.rs:293:16:293:43 | TryExpr | semmle.label | TryExpr |
|
||||
| main.rs:297:9:297:17 | num_bytes | semmle.label | num_bytes |
|
||||
| main.rs:299:9:299:14 | layout | semmle.label | layout |
|
||||
| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] |
|
||||
| main.rs:299:18:299:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) |
|
||||
| main.rs:299:54:299:62 | num_bytes | semmle.label | num_bytes |
|
||||
| main.rs:301:22:301:38 | ...::alloc | semmle.label | ...::alloc |
|
||||
| main.rs:301:40:301:45 | layout | semmle.label | layout |
|
||||
| main.rs:308:25:308:38 | ...::args | semmle.label | ...::args |
|
||||
| main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
|
||||
| main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
|
||||
| main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
|
||||
| main.rs:309:26:309:39 | ...::args | semmle.label | ...::args |
|
||||
| main.rs:309:26:309:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
|
||||
| main.rs:309:26:309:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] |
|
||||
| main.rs:309:26:309:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) |
|
||||
| main.rs:317:9:317:9 | v | semmle.label | v |
|
||||
| main.rs:317:13:317:26 | ...::args | semmle.label | ...::args |
|
||||
| main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] |
|
||||
@@ -688,4 +423,3 @@ nodes
|
||||
| main.rs:323:27:323:27 | v | semmle.label | v |
|
||||
| main.rs:324:25:324:25 | v | semmle.label | v |
|
||||
subpaths
|
||||
| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:157:48:157:63 | clamp(...) |
|
||||
|
||||
@@ -80,12 +80,12 @@ fn clamp<T: std::cmp::PartialOrd>(v: T, min: T, max: T) -> T {
|
||||
|
||||
unsafe fn test_fn_alloc_bounded(v: usize) {
|
||||
let layout = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(layout); // $ GOOD (bounded)
|
||||
}
|
||||
|
||||
unsafe fn test_fn_alloc_unbounded(v: usize) {
|
||||
let layout = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(layout); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
}
|
||||
|
||||
unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
@@ -94,13 +94,13 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
if v < 100 {
|
||||
let l2 = std::alloc::Layout::array::<u32>(v).unwrap();
|
||||
let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l2); // $ GOOD (bounded)
|
||||
|
||||
test_fn_alloc_bounded(v);
|
||||
} else {
|
||||
let l3 = std::alloc::Layout::array::<u32>(v).unwrap();
|
||||
let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
|
||||
test_fn_alloc_unbounded(v);
|
||||
}
|
||||
@@ -113,17 +113,17 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
|
||||
if (v < limit) {
|
||||
let l4 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l4); // $ GOOD (bounded)
|
||||
}
|
||||
|
||||
if (v < 2 * v) { // not a good bound
|
||||
let l5 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
}
|
||||
|
||||
if (true && v < limit && true) {
|
||||
let l6 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l6); // $ GOOD (bounded)
|
||||
}
|
||||
|
||||
let mut l7;
|
||||
@@ -132,7 +132,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
} else {
|
||||
l7 = std::alloc::Layout::from_size_align(100, 1).unwrap();
|
||||
}
|
||||
let _ = std::alloc::alloc(l7); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l7); // $ GOOD (bounded)
|
||||
|
||||
{
|
||||
let mut v_mut = v;
|
||||
@@ -144,30 +144,30 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
let l8 = std::alloc::Layout::array::<u32>(v_mut).unwrap();
|
||||
let l9 = std::alloc::Layout::array::<u32>(v).unwrap();
|
||||
let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l8); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l8); // $ GOOD (bounded)
|
||||
let _ = std::alloc::alloc(l9); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
}
|
||||
|
||||
let l10 = std::alloc::Layout::array::<u32>(std::cmp::min(v, 100)).unwrap();
|
||||
let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l10); // $ GOOD (bounded)
|
||||
|
||||
let l11 = std::alloc::Layout::array::<u32>(std::cmp::max(v, 100)).unwrap();
|
||||
let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l11); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
|
||||
let l12 = std::alloc::Layout::array::<u32>(clamp(v, 1, 100)).unwrap();
|
||||
let _ = std::alloc::alloc(l12); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l12); // $ GOOD (bounded)
|
||||
|
||||
for i in 0..10 {
|
||||
let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l13); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
|
||||
if (v > 1000) {
|
||||
continue;
|
||||
}
|
||||
|
||||
let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l14); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l13); // $ GOOD (bounded)
|
||||
let _ = std::alloc::alloc(l14); // $ GOOD (bounded)
|
||||
}
|
||||
|
||||
if v > 100 {
|
||||
@@ -175,7 +175,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) {
|
||||
}
|
||||
let l15 = std::alloc::Layout::from_size_align(v, 1).unwrap();
|
||||
let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l15); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1
|
||||
let _ = std::alloc::alloc(l15); // $ GOOD (bounded)
|
||||
}
|
||||
|
||||
use std::alloc::{GlobalAlloc, Allocator};
|
||||
@@ -298,7 +298,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> {
|
||||
|
||||
let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap();
|
||||
unsafe {
|
||||
let buffer = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=example2
|
||||
let buffer = std::alloc::alloc(layout); // $ GOOD (bounded)
|
||||
|
||||
Ok(buffer)
|
||||
}
|
||||
@@ -306,7 +306,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> {
|
||||
|
||||
fn test_examples() {
|
||||
allocate_buffer_bad(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example1
|
||||
allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example2
|
||||
allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string()));
|
||||
}
|
||||
|
||||
// --- main ---
|
||||
|
||||
Reference in New Issue
Block a user