update Miniz

am0o0 · am0o0 · commit 065c52761510 · 2023-07-04T07:19:33.000+10:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409-DecompressionBomb/DecompressionBombsLibMiniz.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409-DecompressionBomb/DecompressionBombsLibMiniz.ql
@@ -15,11 +15,17 @@ import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
 import semmle.code.cpp.security.FlowSources
 
+/**
+ * A Pointer Variable is used in Flow source
+ */
+private class PointerVar extends VariableAccess {
+  PointerVar() { this.getType() instanceof PointerType }
+}
 /**
  * A unsigned char Variable is used in Flow source
  */
 private class Uint8Var extends VariableAccess {
-  Uint8Var() { this.getType().stripType().resolveTypedefs() instanceof UnsignedCharType }
+  Uint8Var() { this.getType().stripType().resolveTypedefs*() instanceof UnsignedCharType }
 }
 
 /**
@@ -33,7 +39,7 @@ private class MzStreampVar extends VariableAccess {
  * A Char Variable is used in Flow source
  */
 private class CharVar extends VariableAccess {
-  CharVar() { this.getType().stripType() instanceof CharType }
+  CharVar() { this.getType().stripType().resolveTypedefs*() instanceof CharType }
 }
 
 /**
@@ -71,7 +77,10 @@ private class MzZipReaderExtract extends Function {
   MzZipReaderExtract() {
     this.hasGlobalName([
         "mz_zip_reader_extract_file_to_heap", "mz_zip_reader_extract_to_heap",
-        "mz_zip_reader_extract_to_callback"
+        "mz_zip_reader_extract_to_callback", "mz_zip_reader_extract_file_to_callback",
+        "mz_zip_reader_extract_to_mem", "mz_zip_reader_extract_file_to_mem",
+        "mz_zip_reader_extract_iter_read", "mz_zip_reader_extract_to_file",
+        "mz_zip_reader_extract_file_to_file"
       ])
   }
 }
@@ -111,6 +120,9 @@ module MinizTaintConfig implements DataFlow::StateConfigSig {
     source.asExpr() instanceof Uint8Var and
     state = ""
     or
+    source.asExpr() instanceof PointerVar and
+    state = ""
+    or
     source.asExpr() instanceof CharVar and
     state = ""
     or
