hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Use newer dataflow for the fix.

Browse Source
This commit is contained in:
Geoffrey White
2019-03-20 15:47:40 +00:00
parent 7d8886e30c
commit faeb326bf8
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Critical/NewDelete.qll
View File

@@ -3,6 +3,7 @@
*/
import cpp
import semmle.code.cpp.controlflow.SSA
import semmle.code.cpp.dataflow.DataFlow
/**
* Holds if `alloc` is a use of `malloc` or `new`. `kind` is
@@ -46,10 +47,9 @@ predicate allocExprOrIndirect(Expr alloc, string kind) {
alloc.(FunctionCall).getTarget() = rtn.getEnclosingFunction() and
(
allocExprOrIndirect(rtn.getExpr(), kind) or
exists(SsaDefinition def, LocalScopeVariable v |
// alloc via SSA
allocExprOrIndirect(def.getAnUltimateDefiningValue(v), kind) and
rtn.getExpr() = def.getAUse(v)
exists(Expr e |
allocExprOrIndirect(e, kind) and
DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rtn.getExpr()))
)
)
)

1
cpp/ql/test/query-tests/Critical/NewFree/NewFreeMismatch.expected
View File

@@ -6,6 +6,7 @@
| test.cpp:91:3:91:11 | delete | There is a malloc/delete mismatch between this delete and the corresponding $@. | test.cpp:88:28:88:36 | call to my_malloc | malloc |
| test.cpp:99:3:99:11 | call to my_delete | There is a malloc/delete mismatch between this delete and the corresponding $@. | test.cpp:96:28:96:33 | call to malloc | malloc |
| test.cpp:138:2:138:9 | delete | There is a malloc/delete mismatch between this delete and the corresponding $@. | test.cpp:135:12:135:22 | call to my_malloc_2 | malloc |
| test.cpp:155:2:155:9 | delete | There is a malloc/delete mismatch between this delete and the corresponding $@. | test.cpp:152:12:152:22 | call to my_malloc_3 | malloc |
| test.cpp:232:2:232:9 | delete | There is a malloc/delete mismatch between this delete and the corresponding $@. | test.cpp:226:7:226:12 | call to malloc | malloc |
| test.cpp:233:2:233:12 | delete[] | There is a malloc/delete mismatch between this delete[] and the corresponding $@. | test.cpp:226:7:226:12 | call to malloc | malloc |
| test.cpp:235:2:235:5 | call to free | There is a new/free mismatch between this free and the corresponding $@. | test.cpp:227:7:227:13 | new | new |

2
cpp/ql/test/query-tests/Critical/NewFree/test.cpp
View File

@@ -152,7 +152,7 @@ void test3()
void *b = my_malloc_3(10);
free(a); // GOOD
delete b; // BAD: malloc -> delete [NOT DETECTED]
delete b; // BAD: malloc -> delete
}
void test4(bool do_array_delete)