hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
792f302bd4dee4c7558e2ce5bbea7edb51f9896f
codeql/cpp/ql/test/query-tests/Security/CWE/CWE-193/AllocationToInvalidPointer.ql
Mathias Vorreiter Pedersen 4daabdae2b C++: Promote 'cpp/invalid-pointer-deref' out of experimental.
2023-08-21 10:23:22 +01:00

30 lines
1.0 KiB
Plaintext
Raw Blame History

import cpp
import semmle.code.cpp.security.InvalidPointerDereference.AllocationToInvalidPointer
import TestUtilities.InlineExpectationsTest
import semmle.code.cpp.ir.IR
import semmle.code.cpp.dataflow.new.DataFlow
module AllocationToInvalidPointerTest implements TestSig {
string getARelevantTag() { result = "alloc" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(DataFlow::Node allocation, PointerAddInstruction pai, int delta |
pointerAddInstructionHasBounds(allocation, pai, _, delta) and
location = pai.getLocation() and
element = pai.toString() and
tag = "alloc"
|
delta > 0 and
value = "L" + allocation.getLocation().getStartLine().toString() + "+" + delta.toString()
or
delta = 0 and
value = "L" + allocation.getLocation().getStartLine().toString()
or
delta < 0 and
value = "L" + allocation.getLocation().getStartLine().toString() + "-" + (-delta).toString()
)
}
}
import MakeTest<AllocationToInvalidPointerTest>
Reference in New Issue View Git Blame Copy Permalink