C++: Support 'readlinkat'.

Author: geoffw0

cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql

@@ -29,11 +29,14 @@ class ImproperNullTerminationReachability extends StackVariableReachabilityWithR
   override predicate isSourceActual(ControlFlowNode node, StackVariable v) {
     node = declWithNoInit(v)
     or
-    exists(Call c, VariableAccess va |
+    exists(Call c, int arg |
       c = node and
-      c.getTarget().hasName("readlink") and
-      c.getArgument(1) = va and
-      va.getTarget() = v
+      (
+        c.getTarget().hasName("readlink") and arg = 1
+        or
+        c.getTarget().hasName("readlinkat") and arg = 2
+      ) and
+      c.getArgument(arg).(VariableAccess).getTarget() = v
     )
   }
 

cpp/ql/test/query-tests/Likely Bugs/Memory Management/ImproperNullTermination/ImproperNullTermination.expected

@@ -10,6 +10,7 @@
 | test.cpp:116:10:116:15 | buffer | Variable $@ may not be null terminated. | test.cpp:109:8:109:13 | buffer | buffer |
 | test.cpp:130:14:130:19 | buffer | Variable $@ may not be null terminated. | test.cpp:127:7:127:12 | buffer | buffer |
 | test.cpp:139:10:139:15 | buffer | Variable $@ may not be null terminated. | test.cpp:136:8:136:13 | buffer | buffer |
+| test.cpp:147:14:147:19 | buffer | Variable $@ may not be null terminated. | test.cpp:143:8:143:13 | buffer | buffer |
 | test.cpp:154:10:154:15 | buffer | Variable $@ may not be null terminated. | test.cpp:151:8:151:13 | buffer | buffer |
 | test.cpp:162:10:162:15 | buffer | Variable $@ may not be null terminated. | test.cpp:158:8:158:13 | buffer | buffer |
 | test.cpp:170:10:170:15 | buffer | Variable $@ may not be null terminated. | test.cpp:166:8:166:13 | buffer | buffer |

cpp/ql/test/query-tests/Likely Bugs/Memory Management/ImproperNullTermination/test.cpp

@@ -144,7 +144,7 @@ void test_readlink(int fd, const char *path, size_t sz)
 		int v;
 
 		readlinkat(fd, path, buffer, sizeof(buffer));
-		v = strlen(buffer); // BAD [NOT DETECTED]
+		v = strlen(buffer); // BAD
 	}
 
 	{