Skip to content

Commit 0fb1ded

Browse files
ihsinmeihsinme
authored
Update DivideByZeroUsingReturnValue.ql
1 parent 3954da5 commit 0fb1ded

File tree

1 file changed

+9
-7
lines changed

1 file changed

+9
-7
lines changed

cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -205,20 +205,20 @@ class MyDiv extends Expr {
205205
}
206206
}
207207

208-
from Expr exp, string msg, Function fn, Expr findVal, float changeInt, MyDiv div
208+
from Expr exp, string msg, Function fn, GVN findVal, float changeInt, MyDiv div
209209
where
210-
findVal = globalValueNumber(fn.getACallToThisFunction()).getAnExpr() and
210+
findVal = globalValueNumber(fn.getACallToThisFunction()) and
211211
(
212212
// Look for divide-by-zero operations possible due to the return value of the function `fn`.
213213
checkConditions1(div, fn, changeInt) and
214214
(
215215
// Function return value can be zero.
216216
mayBeReturnZero(fn) and
217-
getMulDivOperand(globalValueNumber(div.getRV()).getAnExpr()) = findVal and
217+
getMulDivOperand(globalValueNumber(div.getRV()).getAnExpr()) = findVal.getAnExpr() and
218218
changeInt = 0
219219
or
220220
// Denominator can be sum or difference.
221-
changeInt = getValueOperand(div.getRV(), findVal, _) and
221+
changeInt = getValueOperand(div.getRV(), findVal.getAnExpr(), _) and
222222
mayBeReturnValue(fn, changeInt)
223223
) and
224224
exp = div and
@@ -231,19 +231,21 @@ where
231231
// Division is associated with the function argument.
232232
exists(Function divFn |
233233
divFn.getParameter(posArg).getAnAccess() = divVal and
234+
divVal.getEnclosingStmt() = div.getEnclosingStmt() and
234235
divFc = divFn.getACallToThisFunction()
235236
) and
236237
(
237238
divVal = div.getRV() and
238239
(
239240
// Function return value can be zero.
240241
mayBeReturnZero(fn) and
241-
getMulDivOperand(globalValueNumber(divFc.getArgument(posArg)).getAnExpr()) = findVal and
242+
getMulDivOperand(globalValueNumber(divFc.getArgument(posArg)).getAnExpr()) =
243+
findVal.getAnExpr() and
242244
changeInt = 0 and
243245
changeInt2 = 0
244246
or
245247
// Denominator can be sum or difference.
246-
changeInt = getValueOperand(divFc.getArgument(posArg), findVal, _) and
248+
changeInt = getValueOperand(divFc.getArgument(posArg), findVal.getAnExpr(), _) and
247249
mayBeReturnValue(fn, changeInt) and
248250
changeInt2 = 0
249251
)
@@ -252,7 +254,7 @@ where
252254
changeInt = getValueOperand(div.getRV(), divVal, _) and
253255
changeInt2 = changeInt and
254256
mayBeReturnValue(fn, changeInt) and
255-
divFc.getArgument(posArg) = findVal
257+
divFc.getArgument(posArg) = findVal.getAnExpr()
256258
) and
257259
checkConditions2(div, divVal, changeInt2) and
258260
checkConditions1(divFc, fn, changeInt) and

0 commit comments

Comments
 (0)