зеркало из https://github.com/github/codeql.git
C++: respond to style comments on PR
This commit is contained in:
Robert Marsh
Родитель
f17b563692
Коммит
423e0bf99a
|
|
@ -63,14 +63,14 @@ predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string o
|
|||
|
||||
predicate isConstantSizeOverflowSource(Field f, PointerAddInstruction pai, int delta) {
|
||||
exists(
|
||||
int size, int bound, SemZeroBound b, FieldAddressToPointerArithmeticConf conf,
|
||||
DataFlow::Node source, DataFlow::InstructionNode sink
|
||||
int size, int bound, FieldAddressToPointerArithmeticConf conf, DataFlow::Node source,
|
||||
DataFlow::InstructionNode sink
|
||||
|
|
||||
conf.hasFlow(source, sink) and
|
||||
isFieldAddressSource(f, source) and
|
||||
pai.getLeft() = sink.asInstruction() and
|
||||
f.getUnspecifiedType().(ArrayType).getArraySize() = size and
|
||||
semBounded(getSemanticExpr(pai.getRight()), b, bound, true, _) and
|
||||
semBounded(getSemanticExpr(pai.getRight()), any(SemZeroBound b), bound, true, _) and
|
||||
delta = bound - size and
|
||||
delta >= 0 and
|
||||
size != 0 and
|
||||
|
|
@ -89,13 +89,12 @@ class PointerArithmeticToDerefConf extends DataFlow2::Configuration {
|
|||
}
|
||||
|
||||
from
|
||||
Field f, DataFlow::Node source, DataFlow::Node sink,
|
||||
Instruction deref,
|
||||
Field f, DataFlow::Node source, DataFlow::Node sink, Instruction deref,
|
||||
PointerArithmeticToDerefConf conf, string operation, int delta
|
||||
where
|
||||
conf.hasFlow(source, sink) and
|
||||
isInvalidPointerDerefSink(sink, deref, operation) and
|
||||
isConstantSizeOverflowSource(f, source.asInstruction(), delta)
|
||||
select source,
|
||||
"This pointer arithmetic may have an off-by-" + (delta + 1) + " error allowing it to overrun $@ at this $@",
|
||||
f, f.getName(), deref, operation
|
||||
"This pointer arithmetic may have an off-by-" + (delta + 1) +
|
||||
" error allowing it to overrun $@ at this $@.", f, f.getName(), deref, operation
|
||||
|
|
|
|||
|
|
@ -1,11 +1,9 @@
|
|||
| test.cpp:26:5:26:15 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:5:9:5:11 | buf | buf | test.cpp:26:5:26:19 | Store: ... = ... | write |
|
||||
| test.cpp:30:5:30:15 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:10:9:10:11 | buf | buf | test.cpp:30:5:30:19 | Store: ... = ... | write |
|
||||
| test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write |
|
||||
| test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@ | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write |
|
||||
| test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write |
|
||||
| test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write |
|
||||
| test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@ | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write |
|
||||
| test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write |
|
||||
| test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@ | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write |
|
||||
| test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write |
|
||||
| test.cpp:77:27:77:44 | access to array | This pointer arithmetic may have an off-by-0 error allowing it to overrun $@ at this $@ | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write |
|
||||
| test.cpp:35:5:35:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:35:5:35:26 | Store: ... = ... | write |
|
||||
| test.cpp:36:5:36:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:36:5:36:28 | Store: ... = ... | write |
|
||||
| test.cpp:43:9:43:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:43:9:43:23 | Store: ... = ... | write |
|
||||
| test.cpp:49:5:49:22 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:49:5:49:26 | Store: ... = ... | write |
|
||||
| test.cpp:50:5:50:24 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:50:5:50:28 | Store: ... = ... | write |
|
||||
| test.cpp:57:9:57:19 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:57:9:57:23 | Store: ... = ... | write |
|
||||
| test.cpp:61:9:61:19 | access to array | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:19:9:19:11 | buf | buf | test.cpp:61:9:61:23 | Store: ... = ... | write |
|
||||
| test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write |
|
||||
| test.cpp:77:27:77:44 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write |
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче