From fe97572f70175893951a20bc70fd6016b3484919 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Sun, 18 Jun 2023 13:13:28 +0100 Subject: [PATCH] C++: Fix strncpy model. --- cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll | 2 +- cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll index 10b160dee47..ea371de958a 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll @@ -108,7 +108,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid // these may do only a partial copy of the input buffer to the output // buffer exists(this.getParamSize()) and - input.isParameter(this.getParamSrc()) and + input.isParameterDeref(this.getParamSrc()) and ( output.isParameterDeref(this.getParamDest()) or output.isReturnValueDeref() diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp index 5c582b67cd7..9810418a95e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp @@ -709,5 +709,5 @@ char * strncpy (char *, const char *, unsigned long); void test_strncpy(char* d, char* s) { argument_source(s); strncpy(d, s, 16); - sink(d); // $ ast MISSING: ir + sink(d); // $ ast ir } \ No newline at end of file