hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql

Browse Source
This commit is contained in:
ihsinme
2021-01-26 23:50:54 +03:00
committed by GitHub
parent de0bbc8826
commit fc9d219057
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
View File

@@ -12,13 +12,12 @@
*/
import cpp
import semmle.code.cpp.valuenumbering.HashCons
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
from FunctionCall fc, AssignExpr expr, ArrayExpr exprarr
where
fc.getTarget().hasGlobalOrStdName("strlen") and
exprarr = expr.getLValue() and
expr.getRValue().getValue().toInt() = 0 and
exprarr.getArrayOffset() = fc and
hashCons(fc.getArgument(0)) = hashCons(exprarr.getArrayBase())
select expr, "use a different method to calculate the length."
globalValueNumber(fc.getArgument(0)) = globalValueNumber(exprarr.getArrayBase())
select expr, "potential unsafe or redundant assignment."