Skip to content

Commit 49cceb2

Browse files
MathiasVPMathiasVP
committed
C++: Fix joins.
1 parent 259d5b6 commit 49cceb2

File tree

1 file changed

+21
-7
lines changed

1 file changed

+21
-7
lines changed

cpp/ql/src/Critical/UseAfterFree.ql

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -94,8 +94,8 @@ module ParameterSinks {
9494
private InitializeParameterInstruction getAnAlwaysDereferencedParameter0() {
9595
exists(DataFlow::Node source, DataFlow::Node sink, IRBlock b1, int i1, IRBlock b2, int i2 |
9696
hasFlow(pragma[only_bind_into](source), result, pragma[only_bind_into](sink)) and
97-
source.hasIndexInBlock(b1, i1) and
98-
sink.hasIndexInBlock(b2, i2) and
97+
source.hasIndexInBlock(b1, pragma[only_bind_into](i1)) and
98+
sink.hasIndexInBlock(b2, pragma[only_bind_into](i2)) and
9999
strictlyPostDominates(b2, i2, b1, i1)
100100
)
101101
}
@@ -104,15 +104,29 @@ module ParameterSinks {
104104
result.getBlock().postDominates(f.getEntryBlock())
105105
}
106106

107+
pragma[nomagic]
108+
predicate callHasTargetAndArgument(Function f, int i, CallInstruction call, Instruction argument) {
109+
call.getStaticCallTarget() = f and
110+
call.getArgument(i) = argument
111+
}
112+
113+
pragma[nomagic]
114+
predicate initializeParameterInFunction(Function f, int i, InitializeParameterInstruction init) {
115+
pragma[only_bind_out](init.getEnclosingFunction()) = f and
116+
init.hasIndex(i)
117+
}
118+
107119
InitializeParameterInstruction getAnAlwaysDereferencedParameter() {
108120
result = getAnAlwaysDereferencedParameter0()
109121
or
110-
exists(CallInstruction call, int i, InitializeParameterInstruction p |
111-
pragma[only_bind_out](call.getStaticCallTarget()) =
112-
pragma[only_bind_out](p.getEnclosingFunction()) and
113-
p.hasIndex(i) and
122+
exists(
123+
CallInstruction call, int i, InitializeParameterInstruction p, Instruction argument,
124+
Function f
125+
|
126+
callHasTargetAndArgument(f, i, call, argument) and
127+
initializeParameterInFunction(f, i, p) and
114128
p = getAnAlwaysDereferencedParameter() and
115-
result = valueNumber(call.getArgument(i)).getAnInstruction() and
129+
result = pragma[only_bind_out](valueNumber(argument).getAnInstruction()) and
116130
call = getAnAlwaysReachedCallInstruction(_)
117131
)
118132
}

0 commit comments

Comments
 (0)