mirror of
https://github.com/github/codeql.git
synced 2026-02-21 09:23:40 +01:00
28 lines
642 B
Plaintext
28 lines
642 B
Plaintext
import semmle.code.cpp.pointsto.PointsTo
|
|
|
|
private predicate freed(Expr e) {
|
|
e = any(DeallocationExpr de).getFreedExpr()
|
|
or
|
|
exists(ExprCall c |
|
|
// cautiously assume that any `ExprCall` could be a deallocation expression.
|
|
c.getAnArgument() = e
|
|
)
|
|
}
|
|
|
|
/** An expression that might be deallocated. */
|
|
class FreedExpr extends PointsToExpr {
|
|
FreedExpr() { freed(this) }
|
|
|
|
override predicate interesting() { freed(this) }
|
|
}
|
|
|
|
/**
|
|
* An allocation expression that might be deallocated. For example:
|
|
* ```
|
|
* int* p = new int;
|
|
* ...
|
|
* delete p;
|
|
* ```
|
|
*/
|
|
predicate allocMayBeFreed(AllocationExpr alloc) { anythingPointsTo(alloc) }
|