Merge pull request #4824 from geoffw0/modelchanges5

C++: Add cases in the Allocation model.
2025-12-18 01:33:15 +01:00 · 2020-12-18 09:16:01 +01:00
parent 39acc9a40b c89f7d824b
commit fd7dec7f20
4 changed files with 30 additions and 3 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
@@ -82,7 +82,9 @@ private class AllocaAllocationFunction extends AllocationFunction {
    hasGlobalName([
        // --- stack allocation
        "alloca", // // alloca(size)
-        "__builtin_alloca" // __builtin_alloca(size)
+        "__builtin_alloca", // __builtin_alloca(size)
+        "_alloca", // _alloca(size)
+        "_malloca" // _malloca(size)
      ]) and
    sizeArg = 0
  }
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
@@ -14,6 +14,7 @@ import semmle.code.cpp.models.interfaces.Taint
 private class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
  StrdupFunction() {
    hasGlobalName([
+        // --- C library allocation
        "strdup", // strdup(str)
        "wcsdup", // wcsdup(str)
        "_strdup", // _strdup(str)
@@ -39,8 +40,8 @@ private class StrndupFunction extends AllocationFunction, ArrayFunction, DataFlo
  StrndupFunction() {
    exists(string name |
      hasGlobalName(name) and
-      // strndup(str, maxlen)
-      name = "strndup"
+      // --- C library allocation
+      name = "strndup" // strndup(str, maxlen)
    )
  }