Skip to content

Commit e30ac42

Browse files
geoffw0geoffw0
committed
Merge branch 'main' into typegetname
2 parents c8f5ada + cb55b10 commit e30ac42

File tree

111 files changed

+9171
-384
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

111 files changed

+9171
-384
lines changed

.bazelversion

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
6.1.2
1+
6.3.1

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -429,5 +429,22 @@ module MergePathGraph3<
429429
/**
430430
* Provides the query predicates needed to include a graph in a path-problem query.
431431
*/
432-
module PathGraph = Merged::PathGraph;
432+
module PathGraph implements PathGraphSig<PathNode> {
433+
/** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
434+
query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
435+
436+
/** Holds if `n` is a node in the graph of data flow path explanations. */
437+
query predicate nodes(PathNode n, string key, string val) {
438+
Merged::PathGraph::nodes(n, key, val)
439+
}
440+
441+
/**
442+
* Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
443+
* a subpath between `par` and `ret` with the connecting edges `arg -> par` and
444+
* `ret -> out` is summarized as the edge `arg -> out`.
445+
*/
446+
query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
447+
Merged::PathGraph::subpaths(arg, par, ret, out)
448+
}
449+
}
433450
}

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -429,5 +429,22 @@ module MergePathGraph3<
429429
/**
430430
* Provides the query predicates needed to include a graph in a path-problem query.
431431
*/
432-
module PathGraph = Merged::PathGraph;
432+
module PathGraph implements PathGraphSig<PathNode> {
433+
/** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
434+
query predicate edges(PathNode a, PathNode b) { Merged::PathGraph::edges(a, b) }
435+
436+
/** Holds if `n` is a node in the graph of data flow path explanations. */
437+
query predicate nodes(PathNode n, string key, string val) {
438+
Merged::PathGraph::nodes(n, key, val)
439+
}
440+
441+
/**
442+
* Holds if `(arg, par, ret, out)` forms a subpath-tuple, that is, flow through
443+
* a subpath between `par` and `ret` with the connecting edges `arg -> par` and
444+
* `ret -> out` is summarized as the edge `arg -> out`.
445+
*/
446+
query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) {
447+
Merged::PathGraph::subpaths(arg, par, ret, out)
448+
}
449+
}
433450
}

cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/InvalidPointerToDereference.qll

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -171,11 +171,9 @@ private predicate invalidPointerToDerefSource(
171171
// `deltaDerefSourceAndPai` is the constant difference between the pointer-arithmetic instruction
172172
// and the instruction computing the address for which we will search for a dereference.
173173
AllocToInvalidPointer::pointerAddInstructionHasBounds(allocSource, pai, _, rhsSizeDelta) and
174-
// pai <= derefSource + deltaDerefSourceAndPai and deltaDerefSourceAndPai <= 0 is equivalent to
175-
// derefSource >= pai + deltaDerefSourceAndPai and deltaDerefSourceAndPai >= 0
176-
bounded1(pai, derefSource.asInstruction(), deltaDerefSourceAndPai) and
177-
deltaDerefSourceAndPai <= 0 and
178-
// TODO: This condition will go away once #13725 is merged, and then we can make `Barrier2`
174+
bounded2(derefSource.asInstruction(), pai, deltaDerefSourceAndPai) and
175+
deltaDerefSourceAndPai >= 0 and
176+
// TODO: This condition will go away once #13725 is merged, and then we can make `SizeBarrier`
179177
// private to `AllocationToInvalidPointer.qll`.
180178
not derefSource.getBasicBlock() =
181179
AllocToInvalidPointer::SizeBarrier::getABarrierBlock(rhsSizeDelta)

cpp/ql/lib/semmle/code/cpp/security/InvalidPointerDereference/RangeAnalysisUtil.qll

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,5 +35,14 @@ bindingset[i]
3535
pragma[inline_late]
3636
predicate bounded1(Instruction i, Instruction b, int delta) { boundedImpl(i, b, delta) }
3737

38+
/**
39+
* Holds if `i <= b + delta`.
40+
*
41+
* This predicate enforces a join-order that ensures that `b` has already been bound.
42+
*/
43+
bindingset[b]
44+
pragma[inline_late]
45+
predicate bounded2(Instruction i, Instruction b, int delta) { boundedImpl(i, b, delta) }
46+
3847
/** Holds if `i <= b + delta`. */
3948
predicate bounded = boundedImpl/3;

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,53 +132,102 @@ edges
132132
| test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | ... = ... |
133133
| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... |
134134
| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... |
135+
| test.cpp:355:14:355:27 | new[] | test.cpp:357:24:357:30 | ... + ... |
136+
| test.cpp:355:14:355:27 | new[] | test.cpp:357:24:357:30 | ... + ... |
135137
| test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | * ... |
136138
| test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | * ... |
137139
| test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... |
138140
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... |
139141
| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... |
140142
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... |
141143
| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... |
144+
| test.cpp:357:24:357:30 | ... + ... | test.cpp:357:24:357:30 | ... + ... |
145+
| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | * ... |
146+
| test.cpp:357:24:357:30 | ... + ... | test.cpp:358:14:358:26 | * ... |
147+
| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | * ... |
148+
| test.cpp:357:24:357:30 | ... + ... | test.cpp:359:14:359:32 | * ... |
142149
| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... |
143150
| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... |
151+
| test.cpp:377:14:377:27 | new[] | test.cpp:381:5:381:9 | ... ++ |
152+
| test.cpp:377:14:377:27 | new[] | test.cpp:381:5:381:9 | ... ++ |
144153
| test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | * ... |
145154
| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... |
146155
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... |
147156
| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... |
157+
| test.cpp:381:5:381:9 | ... ++ | test.cpp:381:5:381:9 | ... ++ |
158+
| test.cpp:381:5:381:9 | ... ++ | test.cpp:384:13:384:16 | * ... |
148159
| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... |
149160
| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... |
161+
| test.cpp:410:14:410:27 | new[] | test.cpp:413:5:413:8 | ... ++ |
162+
| test.cpp:410:14:410:27 | new[] | test.cpp:413:5:413:8 | ... ++ |
150163
| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... |
151164
| test.cpp:411:15:411:23 | & ... | test.cpp:411:15:411:23 | & ... |
152165
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... |
153166
| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... |
167+
| test.cpp:413:5:413:8 | ... ++ | test.cpp:413:5:413:8 | ... ++ |
168+
| test.cpp:413:5:413:8 | ... ++ | test.cpp:415:7:415:15 | ... = ... |
169+
| test.cpp:413:5:413:8 | ... ++ | test.cpp:415:7:415:15 | ... = ... |
154170
| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... |
155171
| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... |
172+
| test.cpp:421:14:421:27 | new[] | test.cpp:424:5:424:8 | ... ++ |
173+
| test.cpp:421:14:421:27 | new[] | test.cpp:424:5:424:8 | ... ++ |
156174
| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... |
157175
| test.cpp:422:15:422:23 | & ... | test.cpp:422:15:422:23 | & ... |
158176
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... |
159177
| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... |
178+
| test.cpp:424:5:424:8 | ... ++ | test.cpp:424:5:424:8 | ... ++ |
179+
| test.cpp:424:5:424:8 | ... ++ | test.cpp:426:7:426:15 | ... = ... |
180+
| test.cpp:424:5:424:8 | ... ++ | test.cpp:426:7:426:15 | ... = ... |
160181
| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... |
161182
| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... |
183+
| test.cpp:432:14:432:27 | new[] | test.cpp:436:5:436:8 | ... ++ |
184+
| test.cpp:432:14:432:27 | new[] | test.cpp:436:5:436:8 | ... ++ |
162185
| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... |
163186
| test.cpp:433:15:433:23 | & ... | test.cpp:433:15:433:23 | & ... |
164187
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... |
165188
| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... |
189+
| test.cpp:436:5:436:8 | ... ++ | test.cpp:436:5:436:8 | ... ++ |
190+
| test.cpp:436:5:436:8 | ... ++ | test.cpp:438:7:438:15 | ... = ... |
191+
| test.cpp:436:5:436:8 | ... ++ | test.cpp:438:7:438:15 | ... = ... |
166192
| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... |
167193
| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... |
194+
| test.cpp:444:14:444:27 | new[] | test.cpp:448:5:448:8 | ... ++ |
195+
| test.cpp:444:14:444:27 | new[] | test.cpp:448:5:448:8 | ... ++ |
168196
| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... |
169197
| test.cpp:445:15:445:23 | & ... | test.cpp:445:15:445:23 | & ... |
170198
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... |
171199
| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... |
200+
| test.cpp:448:5:448:8 | ... ++ | test.cpp:448:5:448:8 | ... ++ |
201+
| test.cpp:448:5:448:8 | ... ++ | test.cpp:450:7:450:15 | ... = ... |
202+
| test.cpp:448:5:448:8 | ... ++ | test.cpp:450:7:450:15 | ... = ... |
172203
| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... |
173204
| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... |
205+
| test.cpp:480:14:480:27 | new[] | test.cpp:484:5:484:8 | ... ++ |
206+
| test.cpp:480:14:480:27 | new[] | test.cpp:484:5:484:8 | ... ++ |
174207
| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... |
175208
| test.cpp:481:15:481:23 | & ... | test.cpp:481:15:481:23 | & ... |
176209
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... |
177210
| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... |
211+
| test.cpp:484:5:484:8 | ... ++ | test.cpp:484:5:484:8 | ... ++ |
212+
| test.cpp:484:5:484:8 | ... ++ | test.cpp:486:7:486:15 | ... = ... |
213+
| test.cpp:484:5:484:8 | ... ++ | test.cpp:486:7:486:15 | ... = ... |
178214
| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... |
179215
| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... |
180216
| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... |
217+
| test.cpp:652:14:652:27 | new[] | test.cpp:656:3:656:6 | ... ++ |
218+
| test.cpp:652:14:652:27 | new[] | test.cpp:656:3:656:6 | ... ++ |
219+
| test.cpp:652:14:652:27 | new[] | test.cpp:662:3:662:11 | ... = ... |
220+
| test.cpp:656:3:656:6 | ... ++ | test.cpp:656:3:656:6 | ... ++ |
221+
| test.cpp:656:3:656:6 | ... ++ | test.cpp:662:3:662:11 | ... = ... |
222+
| test.cpp:656:3:656:6 | ... ++ | test.cpp:662:3:662:11 | ... = ... |
181223
| test.cpp:667:14:667:31 | new[] | test.cpp:675:7:675:23 | ... = ... |
224+
| test.cpp:695:13:695:26 | new[] | test.cpp:698:5:698:10 | ... += ... |
225+
| test.cpp:698:5:698:10 | ... += ... | test.cpp:701:15:701:16 | * ... |
226+
| test.cpp:705:18:705:18 | q | test.cpp:705:18:705:18 | q |
227+
| test.cpp:705:18:705:18 | q | test.cpp:706:12:706:13 | * ... |
228+
| test.cpp:705:18:705:18 | q | test.cpp:706:12:706:13 | * ... |
229+
| test.cpp:711:13:711:26 | new[] | test.cpp:714:11:714:11 | q |
230+
| test.cpp:714:11:714:11 | q | test.cpp:705:18:705:18 | q |
182231
nodes
183232
| test.cpp:4:15:4:20 | call to malloc | semmle.label | call to malloc |
184233
| test.cpp:5:15:5:22 | ... + ... | semmle.label | ... + ... |
@@ -276,40 +325,66 @@ nodes
276325
| test.cpp:355:14:355:27 | new[] | semmle.label | new[] |
277326
| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... |
278327
| test.cpp:356:15:356:23 | ... + ... | semmle.label | ... + ... |
328+
| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... |
329+
| test.cpp:357:24:357:30 | ... + ... | semmle.label | ... + ... |
279330
| test.cpp:358:14:358:26 | * ... | semmle.label | * ... |
280331
| test.cpp:359:14:359:32 | * ... | semmle.label | * ... |
281332
| test.cpp:377:14:377:27 | new[] | semmle.label | new[] |
282333
| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
283334
| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
335+
| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ |
336+
| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ |
284337
| test.cpp:384:13:384:16 | * ... | semmle.label | * ... |
285338
| test.cpp:410:14:410:27 | new[] | semmle.label | new[] |
286339
| test.cpp:411:15:411:23 | & ... | semmle.label | & ... |
287340
| test.cpp:411:15:411:23 | & ... | semmle.label | & ... |
341+
| test.cpp:413:5:413:8 | ... ++ | semmle.label | ... ++ |
342+
| test.cpp:413:5:413:8 | ... ++ | semmle.label | ... ++ |
288343
| test.cpp:415:7:415:15 | ... = ... | semmle.label | ... = ... |
289344
| test.cpp:421:14:421:27 | new[] | semmle.label | new[] |
290345
| test.cpp:422:15:422:23 | & ... | semmle.label | & ... |
291346
| test.cpp:422:15:422:23 | & ... | semmle.label | & ... |
347+
| test.cpp:424:5:424:8 | ... ++ | semmle.label | ... ++ |
348+
| test.cpp:424:5:424:8 | ... ++ | semmle.label | ... ++ |
292349
| test.cpp:426:7:426:15 | ... = ... | semmle.label | ... = ... |
293350
| test.cpp:432:14:432:27 | new[] | semmle.label | new[] |
294351
| test.cpp:433:15:433:23 | & ... | semmle.label | & ... |
295352
| test.cpp:433:15:433:23 | & ... | semmle.label | & ... |
353+
| test.cpp:436:5:436:8 | ... ++ | semmle.label | ... ++ |
354+
| test.cpp:436:5:436:8 | ... ++ | semmle.label | ... ++ |
296355
| test.cpp:438:7:438:15 | ... = ... | semmle.label | ... = ... |
297356
| test.cpp:444:14:444:27 | new[] | semmle.label | new[] |
298357
| test.cpp:445:15:445:23 | & ... | semmle.label | & ... |
299358
| test.cpp:445:15:445:23 | & ... | semmle.label | & ... |
359+
| test.cpp:448:5:448:8 | ... ++ | semmle.label | ... ++ |
360+
| test.cpp:448:5:448:8 | ... ++ | semmle.label | ... ++ |
300361
| test.cpp:450:7:450:15 | ... = ... | semmle.label | ... = ... |
301362
| test.cpp:480:14:480:27 | new[] | semmle.label | new[] |
302363
| test.cpp:481:15:481:23 | & ... | semmle.label | & ... |
303364
| test.cpp:481:15:481:23 | & ... | semmle.label | & ... |
365+
| test.cpp:484:5:484:8 | ... ++ | semmle.label | ... ++ |
366+
| test.cpp:484:5:484:8 | ... ++ | semmle.label | ... ++ |
304367
| test.cpp:486:7:486:15 | ... = ... | semmle.label | ... = ... |
305368
| test.cpp:543:14:543:27 | new[] | semmle.label | new[] |
306369
| test.cpp:548:5:548:19 | ... = ... | semmle.label | ... = ... |
307370
| test.cpp:554:14:554:27 | new[] | semmle.label | new[] |
308371
| test.cpp:559:5:559:19 | ... = ... | semmle.label | ... = ... |
309372
| test.cpp:642:14:642:31 | new[] | semmle.label | new[] |
310373
| test.cpp:647:5:647:19 | ... = ... | semmle.label | ... = ... |
374+
| test.cpp:652:14:652:27 | new[] | semmle.label | new[] |
375+
| test.cpp:656:3:656:6 | ... ++ | semmle.label | ... ++ |
376+
| test.cpp:656:3:656:6 | ... ++ | semmle.label | ... ++ |
377+
| test.cpp:662:3:662:11 | ... = ... | semmle.label | ... = ... |
311378
| test.cpp:667:14:667:31 | new[] | semmle.label | new[] |
312379
| test.cpp:675:7:675:23 | ... = ... | semmle.label | ... = ... |
380+
| test.cpp:695:13:695:26 | new[] | semmle.label | new[] |
381+
| test.cpp:698:5:698:10 | ... += ... | semmle.label | ... += ... |
382+
| test.cpp:701:15:701:16 | * ... | semmle.label | * ... |
383+
| test.cpp:705:18:705:18 | q | semmle.label | q |
384+
| test.cpp:705:18:705:18 | q | semmle.label | q |
385+
| test.cpp:706:12:706:13 | * ... | semmle.label | * ... |
386+
| test.cpp:711:13:711:26 | new[] | semmle.label | new[] |
387+
| test.cpp:714:11:714:11 | q | semmle.label | q |
313388
subpaths
314389
#select
315390
| test.cpp:6:14:6:15 | * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size |
@@ -343,4 +418,7 @@ subpaths
343418
| test.cpp:548:5:548:19 | ... = ... | test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:543:14:543:27 | new[] | new[] | test.cpp:548:8:548:14 | src_pos | src_pos |
344419
| test.cpp:559:5:559:19 | ... = ... | test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:554:14:554:27 | new[] | new[] | test.cpp:559:8:559:14 | src_pos | src_pos |
345420
| test.cpp:647:5:647:19 | ... = ... | test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:642:14:642:31 | new[] | new[] | test.cpp:647:8:647:14 | src_pos | src_pos |
421+
| test.cpp:662:3:662:11 | ... = ... | test.cpp:652:14:652:27 | new[] | test.cpp:662:3:662:11 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:652:14:652:27 | new[] | new[] | test.cpp:653:19:653:22 | size | size |
346422
| test.cpp:675:7:675:23 | ... = ... | test.cpp:667:14:667:31 | new[] | test.cpp:675:7:675:23 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:667:14:667:31 | new[] | new[] | test.cpp:675:10:675:18 | ... ++ | ... ++ |
423+
| test.cpp:701:15:701:16 | * ... | test.cpp:695:13:695:26 | new[] | test.cpp:701:15:701:16 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:695:13:695:26 | new[] | new[] | test.cpp:696:19:696:22 | size | size |
424+
| test.cpp:706:12:706:13 | * ... | test.cpp:711:13:711:26 | new[] | test.cpp:706:12:706:13 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:711:13:711:26 | new[] | new[] | test.cpp:712:19:712:22 | size | size |

0 commit comments

Comments
 (0)