Skip to content

Commit 3b31da8

Browse files
geoffw0geoffw0
committed
C++: Update the experimental query as well.
1 parent 46baf9d commit 3b31da8

File tree

3 files changed

+7
-3
lines changed

3 files changed

+7
-3
lines changed

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ class MultToAllocConfig extends DataFlow::Configuration {
2929

3030
override predicate isSink(DataFlow::Node node) {
3131
// something that affects an allocation size
32-
node.asExpr() = any(AllocationExpr ae).getSizeExpr().getAChild*()
32+
node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
3333
}
3434
}
3535

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ nodes
1313
| test.cpp:37:24:37:27 | size | semmle.label | size |
1414
| test.cpp:37:46:37:49 | size | semmle.label | size |
1515
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
16+
| test.cpp:45:36:45:40 | ... * ... | semmle.label | ... * ... |
17+
| test.cpp:46:36:46:40 | ... * ... | semmle.label | ... * ... |
1618
subpaths
1719
#select
1820
| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
@@ -22,3 +24,5 @@ subpaths
2224
| test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:30:27:30:31 | ... * ... | multiplication |
2325
| test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:31:27:31:31 | ... * ... | multiplication |
2426
| test.cpp:37:46:37:49 | size | test.cpp:45:36:45:40 | ... * ... | test.cpp:37:46:37:49 | size | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
27+
| test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | test.cpp:45:36:45:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:45:36:45:40 | ... * ... | multiplication |
28+
| test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | test.cpp:46:36:46:40 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:46:36:46:40 | ... * ... | multiplication |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/test.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,6 @@ void customAllocatorTests()
4242
int x = getAnInt();
4343
int y = getAnInt();
4444

45-
char *buffer1 = (char *)MyMalloc1(x * y); // BAD [NOT DETECTED]
46-
char *buffer2 = (char *)MyMalloc2(x * y); // BAD [NOT DETECTED]
45+
char *buffer1 = (char *)MyMalloc1(x * y); // BAD
46+
char *buffer2 = (char *)MyMalloc2(x * y); // BAD
4747
}

0 commit comments

Comments
 (0)