Skip to content

Commit 8e7eec1

Browse files
jketemajketema
committed
C++: inline isInvalidPointerDerefSink 
1 parent f98576b commit 8e7eec1

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,12 @@ predicate isFieldAddressSource(Field f, DataFlow::Node source) {
5555
* writes to an address that non-strictly upper-bounds `sink`, or `i` is a `LoadInstruction` that
5656
* reads from an address that non-strictly upper-bounds `sink`.
5757
*/
58+
pragma[inline]
5859
predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation) {
5960
exists(AddressOperand addr, int delta |
60-
bounded(pragma[only_bind_into](addr).getDef(), sink.asInstruction(), delta) and
61+
bounded(addr.getDef(), sink.asInstruction(), delta) and
6162
delta >= 0 and
62-
i.getAnOperand() = pragma[only_bind_into](addr)
63+
i.getAnOperand() = addr
6364
|
6465
i instanceof StoreInstruction and
6566
operation = "write"
@@ -88,6 +89,7 @@ module PointerArithmeticToDerefConfig implements DataFlow::ConfigSig {
8889
isConstantSizeOverflowSource(_, source.asInstruction(), _)
8990
}
9091

92+
pragma[inline]
9193
predicate isSink(DataFlow::Node sink) { isInvalidPointerDerefSink(sink, _, _) }
9294
}
9395

0 commit comments

Comments
 (0)