hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc6133de5c1ff734a5fa475a5dd6e0af7ed9ff3c
codeql/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
Owen Mansel-Chan b2a9cecd69 Fix Allocation Size Overflow for use-use flow 
We have an operator expression like `x * 5`. We want to follow where the
value of the operator expression goes. We used to follow local flow from
an operand, but now there is flow from that operand to the next use of
the variable. The fix is to explicitly start local flow from the
operator expression.

There are also some expected edge changes due to use-use flow.
2025-10-01 16:12:18 +01:00

71 lines
7.0 KiB
Plaintext
Raw Blame History

#select
| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | potentially large value |
| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] | potentially large value |
| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] | potentially large value |
| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] | potentially large value |
| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] | potentially large value |
| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] | potentially large value |
| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] | potentially large value |
edges
| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance | |
| AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | Config |
| tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:26:10:29 | data | provenance | Src:MaD:1 |
| tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | Config |
| tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance | |
| tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config |
| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance | |
| tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config |
| tst3.go:7:26:7:33 | jsonData | tst3.go:9:32:9:39 | jsonData | provenance | |
| tst3.go:9:32:9:39 | jsonData | tst3.go:11:9:11:16 | jsonData | provenance | |
| tst3.go:11:9:11:16 | jsonData | tst3.go:16:20:16:27 | jsonData | provenance | |
| tst3.go:16:20:16:27 | jsonData | tst3.go:24:20:24:27 | jsonData | provenance | |
| tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config |
| tst3.go:24:20:24:27 | jsonData | tst3.go:32:20:32:27 | jsonData | provenance | |
| tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config |
| tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance | |
| tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config |
| tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:26:21:33 | jsonData | provenance | |
| tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | Config |
| tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:30:27:37 | jsonData | provenance | |
| tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | Config |
| tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:26:35:33 | jsonData | provenance | |
| tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | Config |
models
| 1 | Source: io/ioutil; ; false; ReadFile; ; ; ReturnValue[0]; file; manual |
nodes
| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
| AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |
| AllocationSizeOverflow.go:10:14:10:21 | jsonData | semmle.label | jsonData |
| tst2.go:9:2:9:37 | ... := ...[0] | semmle.label | ... := ...[0] |
| tst2.go:10:22:10:30 | call to len | semmle.label | call to len |
| tst2.go:10:26:10:29 | data | semmle.label | data |
| tst2.go:14:2:14:29 | ... := ...[0] | semmle.label | ... := ...[0] |
| tst2.go:15:22:15:30 | call to len | semmle.label | call to len |
| tst2.go:15:26:15:29 | data | semmle.label | data |
| tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] |
| tst3.go:7:22:7:34 | call to len | semmle.label | call to len |
| tst3.go:7:26:7:33 | jsonData | semmle.label | jsonData |
| tst3.go:9:32:9:39 | jsonData | semmle.label | jsonData |
| tst3.go:11:9:11:16 | jsonData | semmle.label | jsonData |
| tst3.go:16:20:16:27 | jsonData | semmle.label | jsonData |
| tst3.go:24:16:24:28 | call to len | semmle.label | call to len |
| tst3.go:24:20:24:27 | jsonData | semmle.label | jsonData |
| tst3.go:32:16:32:28 | call to len | semmle.label | call to len |
| tst3.go:32:20:32:27 | jsonData | semmle.label | jsonData |
| tst.go:14:2:14:30 | ... = ...[0] | semmle.label | ... = ...[0] |
| tst.go:15:22:15:34 | call to len | semmle.label | call to len |
| tst.go:15:26:15:33 | jsonData | semmle.label | jsonData |
| tst.go:20:2:20:31 | ... = ...[0] | semmle.label | ... = ...[0] |
| tst.go:21:22:21:34 | call to len | semmle.label | call to len |
| tst.go:21:26:21:33 | jsonData | semmle.label | jsonData |
| tst.go:26:2:26:31 | ... = ...[0] | semmle.label | ... = ...[0] |
| tst.go:27:26:27:38 | call to len | semmle.label | call to len |
| tst.go:27:30:27:37 | jsonData | semmle.label | jsonData |
| tst.go:34:2:34:30 | ... = ...[0] | semmle.label | ... = ...[0] |
| tst.go:35:22:35:34 | call to len | semmle.label | call to len |
| tst.go:35:26:35:33 | jsonData | semmle.label | jsonData |
subpaths
Reference in New Issue View Git Blame Copy Permalink