mirror of
https://github.com/github/codeql.git
synced 2025-12-28 14:46:33 +01:00
42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
/**
|
|
* @name Large object passed by value
|
|
* @description An object larger than 64 bytes is passed by value to a function. Passing large objects by value unnecessarily use up scarce stack space, increase the cost of calling a function and can be a security risk. Use a const pointer to the object instead.
|
|
* @kind problem
|
|
* @problem.severity recommendation
|
|
* @precision very-high
|
|
* @id cpp/large-parameter
|
|
* @tags efficiency
|
|
* readability
|
|
* statistical
|
|
* non-attributable
|
|
*/
|
|
|
|
import cpp
|
|
import semmle.code.cpp.dataflow.EscapesTree
|
|
|
|
from Function f, Parameter p, Type t, int size
|
|
where
|
|
f.getAParameter() = p and
|
|
p.getType() = t and
|
|
t.getSize() = size and
|
|
size > 64 and
|
|
not t.getUnderlyingType() instanceof ArrayType and
|
|
not f instanceof CopyAssignmentOperator and
|
|
// exception: p is written to, which may mean the copy is intended
|
|
not p.getAnAccess().isAddressOfAccessNonConst() and
|
|
not exists(Expr e |
|
|
variableAccessedAsValue(p.getAnAccess(), e.getFullyConverted()) and
|
|
(
|
|
exists(Assignment an | an.getLValue() = e)
|
|
or
|
|
exists(CrementOperation co | co.getOperand() = e)
|
|
or
|
|
exists(FunctionCall fc | fc.getQualifier() = e and not fc.getTarget().hasSpecifier("const"))
|
|
)
|
|
) and
|
|
// if there's no block, we can't tell how the parameter is used
|
|
exists(f.getBlock())
|
|
select p,
|
|
"This parameter of type $@ is " + size.toString() +
|
|
" bytes - consider passing a const pointer/reference instead.", t, t.toString()
|