hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a1aed1ad933df8dcf18dc91776614849349acf0f
codeql/cpp/ql
History
Jonas Jensen a1aed1ad93 C++: Workaround for problem with memcpy flow 
The type of the source argument to `memcpy` is `void *`, and somehow
that meant that the copied object itself got type `void`. Since that has
size 0, the SSA construction did not model it as reading from the last
write.

This is probably not the right fix, but maybe it's good enough for now.
The right fix would ensure that the type reported by
`hasOperandMemoryAccess` is `UnknownType`.

When `DefaultTaintTracking.qll` is enabled, this commit has the effect
of restoring a lost results:

    --- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
    +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
    @@ -1 +1,2 @@
     | overflowdestination.cpp:30:2:30:8 | call to strncpy | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
    +| overflowdestination.cpp:46:2:46:7 | call to memcpy | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
2020-01-31 16:04:43 +01:00
..
examples
CPP: Autoformat cookbook examples.
2019-08-02 15:29:20 +02:00
src
C++: Workaround for problem with memcpy flow
2020-01-31 16:04:43 +01:00
test
Merge remote-tracking branch 'upstream/master' into dbartol/Indirections
2020-01-30 10:26:44 +01:00