hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
377fb00dea83549416b95929962f555395e7898f
codeql/csharp/ql/test/query-tests/Security Features/CWE-119/LocalUnvalidatedArithmetic.cs
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

30 lines
890 B
C#
Raw Blame History

public class PossiblyOverridableClass
{
public virtual int getNumber()
{
// By default returns 0, which is safe
return 0;
}
}
public class PointerArithmetic
{
public unsafe void CalcPointer(PossiblyOverridableClass possiblyOverridable, char[] charArray)
{
fixed (char* charPointer = charArray)
{
// BAD: Unvalidate use in pointer arithmetic
char* newCharPointer = charPointer + possiblyOverridable.getNumber();
*newCharPointer = 'A';
// BAD: Unvalidate use in pointer arithmetic
int number = possiblyOverridable.getNumber();
if (number > 0 && number < charArray.Length)
{
// GOOD: number validated first
char* newCharPointer2 = charPointer + number;
*newCharPointer = 'A';
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink