Merge pull request #17076 from MathiasVP/add-missing-write-side-effect-to-remquo

C++: Add missing write side effect to `std::remquo`

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/models/implementations/StdMath.qll

@@ -51,6 +51,12 @@ private class Remquo extends Function, SideEffectFunction {
   override predicate hasOnlySpecificReadSideEffects() { any() }
 
   override predicate hasOnlySpecificWriteSideEffects() { any() }
+
+  override predicate hasSpecificWriteSideEffect(ParameterIndex i, boolean buffer, boolean mustWrite) {
+    this.getParameter(i).getUnspecifiedType() instanceof PointerType and
+    buffer = false and
+    mustWrite = true
+  }
 }
 
 private class Fma extends Function, SideEffectFunction {
@@ -95,4 +101,8 @@ private class Nan extends Function, SideEffectFunction, AliasFunction {
   override predicate parameterNeverEscapes(int index) { index = 0 }
 
   override predicate parameterEscapesOnlyViaReturn(int index) { none() }
+
+  override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
+    i = 0 and buffer = true
+  }
 }

cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp

@@ -581,3 +581,15 @@ void test46()
   *rP = nullptr;
   use(r);
 }
+
+namespace std {
+	float remquo(float, float, int*);
+}
+
+void test47() {
+	float x = 1.0f;
+	float y = 2.0f;
+	int quo;
+	std::remquo(x, y, &quo);
+	use(quo); // GOOD
+}