hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Stricter dataflow in getBufferSize.

Browse Source
This commit is contained in:
Geoffrey White
2018-10-02 10:27:40 +01:00
parent beb21f92d3
commit fe6c9f9ea2
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/semmle/code/cpp/commons/Buffer.qll
View File

@@ -80,13 +80,15 @@ int getBufferSize(Expr bufferExpr, Element why) {
// buffer is a fixed size dynamic allocation
isFixedSizeAllocationExpr(bufferExpr, result) and
why = bufferExpr
) or exists(Expr def, Element why2 |
) or forex(Expr def |
// dataflow
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) and
result = getBufferSize(def, why2) and
(
why = def or
why = why2
DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) |
exists(Element why2 |
result = getBufferSize(def, why2) and
(
why = def or
why = why2
)
)
) or exists(Type bufferType |
// buffer is the address of a variable