Skip to content

Commit 94fd67c

Browse files
StevenArztStevenArzt
authored
Merge pull request #701 from MarcMil/fixnull
Fix null
2 parents 8ffb9b6 + 738c1ee commit 94fd67c

File tree

1 file changed

+26
-16
lines changed

1 file changed

+26
-16
lines changed

soot-infoflow/src/soot/jimple/infoflow/problems/rules/backward/BackwardsArrayPropagationRule.java

Lines changed: 26 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,18 @@
11
package soot.jimple.infoflow.problems.rules.backward;
22

3-
import soot.*;
4-
import soot.jimple.*;
3+
import java.util.Collection;
4+
import java.util.HashSet;
5+
import java.util.Set;
6+
7+
import soot.SootMethod;
8+
import soot.Type;
9+
import soot.Value;
10+
import soot.jimple.ArrayRef;
11+
import soot.jimple.AssignStmt;
12+
import soot.jimple.Constant;
13+
import soot.jimple.LengthExpr;
14+
import soot.jimple.NewArrayExpr;
15+
import soot.jimple.Stmt;
516
import soot.jimple.infoflow.InfoflowManager;
617
import soot.jimple.infoflow.aliasing.Aliasing;
718
import soot.jimple.infoflow.data.Abstraction;
@@ -12,10 +23,6 @@
1223
import soot.jimple.infoflow.typing.TypeUtils;
1324
import soot.jimple.infoflow.util.ByReferenceBoolean;
1425

15-
import java.util.Collection;
16-
import java.util.HashSet;
17-
import java.util.Set;
18-
1926
/**
2027
* Rule for propagating array accesses
2128
*
@@ -24,7 +31,8 @@
2431
*/
2532
public class BackwardsArrayPropagationRule extends AbstractTaintPropagationRule {
2633

27-
public BackwardsArrayPropagationRule(InfoflowManager manager, Abstraction zeroValue, TaintPropagationResults results) {
34+
public BackwardsArrayPropagationRule(InfoflowManager manager, Abstraction zeroValue,
35+
TaintPropagationResults results) {
2836
super(manager, zeroValue, results);
2937
}
3038

@@ -58,7 +66,8 @@ public Collection<Abstraction> propagateNormalFlow(Abstraction d1, Abstraction s
5866
// y = new A[i] && y length tainted -> i tainted
5967
else if (rightVal instanceof NewArrayExpr && getManager().getConfig().getEnableArraySizeTainting()) {
6068
NewArrayExpr newArrayExpr = (NewArrayExpr) rightVal;
61-
if (!(newArrayExpr.getSize() instanceof Constant) && source.getAccessPath().getArrayTaintType() != ArrayTaintType.Contents
69+
if (!(newArrayExpr.getSize() instanceof Constant)
70+
&& source.getAccessPath().getArrayTaintType() != ArrayTaintType.Contents
6271
&& aliasing.mayAlias(source.getAccessPath().getPlainValue(), leftVal)) {
6372
// Create the new taint abstraction
6473
AccessPath ap = getManager().getAccessPathFactory().createAccessPath(newArrayExpr.getSize(), true);
@@ -76,17 +85,19 @@ else if (rightVal instanceof ArrayRef) {
7685
AccessPath ap;
7786
if (getManager().getConfig().getImplicitFlowMode().trackArrayAccesses()) {
7887
ap = getManager().getAccessPathFactory().createAccessPath(rightIndex, false);
79-
newAbs = source.deriveNewAbstraction(ap, assignStmt);
80-
res.add(newAbs);
88+
if (ap != null) {
89+
newAbs = source.deriveNewAbstraction(ap, assignStmt);
90+
res.add(newAbs);
91+
}
8192
}
8293
// taint whole array
8394
// We add one layer
8495
Type baseType = source.getAccessPath().getBaseType();
8596
Type targetType = TypeUtils.buildArrayOrAddDimension(baseType, baseType.getArrayType());
8697

8798
// Create the new taint abstraction
88-
ap = getManager().getAccessPathFactory().copyWithNewValue(source.getAccessPath(), rightBase,
89-
targetType, false, true, ArrayTaintType.Contents);
99+
ap = getManager().getAccessPathFactory().copyWithNewValue(source.getAccessPath(), rightBase, targetType,
100+
false, true, ArrayTaintType.Contents);
90101

91102
newAbs = source.deriveNewAbstraction(ap, assignStmt);
92103
}
@@ -100,8 +111,7 @@ else if (rightVal instanceof ArrayRef) {
100111
res.add(newAbs);
101112

102113
if (aliasing.canHaveAliases(assignStmt, leftVal, newAbs))
103-
aliasing.computeAliases(d1, assignStmt, leftVal, res, manager.getICFG().getMethodOf(assignStmt),
104-
newAbs);
114+
aliasing.computeAliases(d1, assignStmt, leftVal, res, manager.getICFG().getMethodOf(assignStmt), newAbs);
105115

106116
return res;
107117
}
@@ -119,8 +129,8 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac
119129
}
120130

121131
@Override
122-
public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> callerD1s, Abstraction calleeD1, Abstraction source, Stmt stmt,
123-
Stmt retSite, Stmt callSite, ByReferenceBoolean killAll) {
132+
public Collection<Abstraction> propagateReturnFlow(Collection<Abstraction> callerD1s, Abstraction calleeD1,
133+
Abstraction source, Stmt stmt, Stmt retSite, Stmt callSite, ByReferenceBoolean killAll) {
124134
return null;
125135
}
126136

0 commit comments

Comments
 (0)