Skip to content

Commit 1455e8b

Browse files
MathiasVPMathiasVP
committed
C++: Convert all '<'s to '<='s.
1 parent dcc1429 commit 1455e8b

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/AllocationToInvalidPointer.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -105,14 +105,14 @@ private module SizeBarrier {
105105
}
106106

107107
/**
108-
* Holds if `left < right + k` holds if `g` evaluates to `testIsTrue`.
108+
* Holds if `left <= right + k` holds if `g` evaluates to `testIsTrue`.
109109
*/
110110
additional predicate isSink(
111111
DataFlow::Node left, DataFlow::Node right, IRGuardCondition g, int k, boolean testIsTrue
112112
) {
113113
// The sink is any "large" side of a relational comparison. i.e., the `right` expression
114-
// in a guard such as `left < right + k`.
115-
g.comparesLt(left.asOperand(), right.asOperand(), k, true, testIsTrue)
114+
// in a guard such as `left <= right + k`.
115+
g.comparesLt(left.asOperand(), right.asOperand(), k + 1, true, testIsTrue)
116116
}
117117

118118
predicate isSink(DataFlow::Node sink) { isSink(_, sink, _, _, _) }
@@ -123,12 +123,12 @@ private module SizeBarrier {
123123
private int getAFlowStateForNode(DataFlow::Node node) {
124124
exists(DataFlow::Node source |
125125
flow(source, node) and
126-
hasSize(_, source, result)
126+
hasSize(_, source, result + 1)
127127
)
128128
}
129129

130130
/**
131-
* Holds if `left < nRight + k` holds if `g` evaluates to `edge`.
131+
* Holds if `left <= nRight + k` holds if `g` evaluates to `edge`.
132132
*/
133133
private predicate operandGuardChecks(
134134
IRGuardCondition g, Operand left, DataFlow::Node right, int k, boolean edge
@@ -152,10 +152,10 @@ private module SizeBarrier {
152152
// result <= value + delta (by 1.)
153153
// <= right + k + delta (by 2.)
154154
operandGuardChecks(pragma[only_bind_into](g), pragma[only_bind_into](left), right,
155-
pragma[only_bind_into](k + 1), pragma[only_bind_into](edge)) and
155+
pragma[only_bind_into](k), pragma[only_bind_into](edge)) and
156156
bounded(result, value.getAnInstruction(), delta) and
157157
g.controls(result.getBlock(), edge) and
158-
k + 1 <= getAFlowStateForNode(right)
158+
k <= getAFlowStateForNode(right)
159159
)
160160
}
161161

0 commit comments

Comments
 (0)