Skip to content

Commit 3954da5

Browse files
ihsinmeihsinme
authored
Update DivideByZeroUsingReturnValue.ql
1 parent 01b357e commit 3954da5

File tree

1 file changed

+14
-18
lines changed

1 file changed

+14
-18
lines changed

cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql

Lines changed: 14 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -97,15 +97,6 @@ predicate compareFunctionWithValue(Expr guardExp, Function compArg, Expr valArg)
9797
or
9898
gc.ensuresLt(valArg, globalValueNumber(compArg.getACallToThisFunction()).getAnExpr(), 0,
9999
guardExp.getBasicBlock(), false)
100-
or
101-
if valArg.getValue().toFloat() = 0
102-
then
103-
exists(NotExpr ne, IfStmt ifne |
104-
ne.getOperand() = globalValueNumber(compArg.getACallToThisFunction()).getAnExpr() and
105-
ifne.getCondition() = ne and
106-
ifne.getThen().getAChild*() = guardExp
107-
)
108-
else none()
109100
)
110101
or
111102
exists(Expr exp |
@@ -118,6 +109,13 @@ predicate compareFunctionWithValue(Expr guardExp, Function compArg, Expr valArg)
118109
guardExp.getBasicBlock(), true)
119110
)
120111
)
112+
or
113+
valArg.getValue().toFloat() = 0 and
114+
exists(NotExpr ne, IfStmt ifne |
115+
ne.getOperand() = globalValueNumber(compArg.getACallToThisFunction()).getAnExpr() and
116+
ifne.getCondition() = ne and
117+
ifne.getThen().getAChild*() = guardExp
118+
)
121119
}
122120

123121
/** Wraping predicate for call `compareFunctionWithValue`. */
@@ -148,15 +146,6 @@ predicate compareExprWithValue(Expr guardExp, Expr compArg, Expr valArg) {
148146
or
149147
gc.ensuresLt(valArg, globalValueNumber(compArg).getAnExpr(), 0, guardExp.getBasicBlock(),
150148
false)
151-
or
152-
if valArg.getValue().toFloat() = 0
153-
then
154-
exists(NotExpr ne, IfStmt ifne |
155-
ne.getOperand() = globalValueNumber(compArg).getAnExpr() and
156-
ifne.getCondition() = ne and
157-
ifne.getThen().getAChild*() = guardExp
158-
)
159-
else none()
160149
)
161150
or
162151
exists(Expr exp |
@@ -167,6 +156,13 @@ predicate compareExprWithValue(Expr guardExp, Expr compArg, Expr valArg) {
167156
gc.ensuresLt(exp, globalValueNumber(compArg).getAnExpr(), 0, guardExp.getBasicBlock(), true)
168157
)
169158
)
159+
or
160+
valArg.getValue().toFloat() = 0 and
161+
exists(NotExpr ne, IfStmt ifne |
162+
ne.getOperand() = globalValueNumber(compArg).getAnExpr() and
163+
ifne.getCondition() = ne and
164+
ifne.getThen().getAChild*() = guardExp
165+
)
170166
}
171167

172168
/** Wraping predicate for call `compareExprWithValue`. */

0 commit comments

Comments
 (0)