File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed
cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change 2727 * Here, `deltaDerefSourceAndPai` is the constant difference between the source we track for finding a dereference and the
2828 * pointer-arithmetic instruction.
2929 *
30- * The set of sinks is defined to be any address operand `addr` that is non-strictly upper-bounded by the sink. That is,
31- * any dataflow node `n` such that `addr <= sink.asInstruction() + delta2` for some `delta2`. We call the instruction that
32- * consumes the address operand the "operation".
30+ * The set of sinks is defined as any dataflow node `n` such that `addr <= n.asInstruction() + deltaDerefSinkAndDerefAddress`
31+ * for some address operand `addr` and constant difference `deltaDerefSinkAndDerefAddress`. Since an address operand is
32+ * always consumed by an instruction that performs a dereference this lets us identify a "bad dereference". We call the
33+ * instruction that consumes the address operand the "operation".
3334 *
3435 * For example, consider the flow from `base + size` to `end` above. The sink is `end` on line 3 because that is a dataflow
3536 * node whose underlying instruction non-strictly upper bounds the address operand `p` in `use(*p)`. The load attached to `*p`
You can’t perform that action at this time.
0 commit comments