hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

update test files, add one more additional flow step for inflate function, fix gzopen additional flow step thanks to @jketema

Browse Source
This commit is contained in:
am0o0
2024-07-30 17:49:34 +02:00
parent 6f8eec2bf9
commit f97b1039cd
4 changed files with 26 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/zlibTest.cpp
View File

@@ -51,40 +51,17 @@ namespace std {
}
int UnsafeInflate(char *a) {
// placeholder for the compressed (deflated) version of "a"
char b[50];
// placeholder for the Uncompressed (inflated) version of "b"
char c[50];
// placeholder for the Uncompressed (inflated) version of "a"
char c[1024000];
// STEP 1.
// zlib struct
z_stream defstream;
defstream.zalloc = Z_NULL;
defstream.zfree = Z_NULL;
defstream.opaque = Z_NULL;
// setup "a" as the input and "b" as the compressed output
defstream.avail_in = (uInt) 50 + 1; // size of input, string + terminator
defstream.next_in = (Bytef *) a; // input char array
defstream.avail_out = (uInt) sizeof(b); // size of output
defstream.next_out = (Bytef *) b; // output char array
// the actual compression work.
deflateInit(&defstream, Z_BEST_COMPRESSION);
deflate(&defstream, Z_FINISH);
deflateEnd(&defstream);
// This is one way of getting the size of the output
// STEP 2.
// inflate b into c
// zlib struct
z_stream infstream;
infstream.zalloc = Z_NULL;
infstream.zfree = Z_NULL;
infstream.opaque = Z_NULL;
// setup "b" as the input and "c" as the compressed output
// TOTHINK: Here we can add additional step from Right operand to z_stream variable access
infstream.avail_in = (uInt) ((char *) defstream.next_out - b); // size of input
infstream.next_in = (Bytef *) b; // input char array
infstream.avail_in = (uInt) (1000); // size of input
infstream.next_in = (Bytef *) a; // input char array
infstream.avail_out = (uInt) sizeof(c); // size of output
infstream.next_out = (Bytef *) c; // output char array
@@ -159,7 +136,6 @@ int UnsafeGzgets(char *fileName) {
}
char *buffer = new char[4000000000];
char *result;
result = gzgets(inFileZ, buffer, 1000000000);
while (true) {
result = gzgets(inFileZ, buffer, 1000000000);
if (result == nullptr) {