Add files via upload

ihsinme · web-flow · commit 0c7381a3b0de · 2020-12-26T20:45:11.000+03:00
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
@@ -0,0 +1,3 @@
+| test.c:10:29:10:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
+| test.c:39:29:39:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
+| test.c:83:29:83:35 | call to realloc | possible loss of original pointer on unsuccessful call realloc |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.qlref b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/test.c b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/test.c
@@ -0,0 +1,108 @@
+#define size_t int
+#define NULL ((void*)0)
+
+
+unsigned char * badResize0(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * goodResize0(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: this way we will exclude possible memory leak 
+	unsigned char * tmp;
+	if (currentSize < newSize)
+	{
+		tmp = (unsigned char *)realloc(buffer, newSize);
+	}
+	if (tmp == NULL)
+	{
+		free(buffer);
+		return NULL;
+	} 
+	else
+		buffer = tmp;
+	return buffer;
+}
+unsigned char * badResize1(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	if(!buffer)
+		exit(0);
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize1(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	if(!buffer)
+		exit(0);
+	return buffer;
+}
+unsigned char * noBadResize1e(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	if(buffer)
+		return buffer;
+	else
+		exit(0);
+}
+unsigned char * noBadResize1o(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		if(buffer = (unsigned char *)realloc(buffer, newSize))
+			exit(0);
+	}
+	return buffer;
+}
+unsigned char * badResize2(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	assert(buffer!=0);
+	// BAD: on unsuccessful call to realloc, we will lose a pointer to a valid memory block
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize2(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+		assert(buffer!=0);
+	}
+	return buffer;
+}
+
+unsigned char * noBadResize2e(unsigned char * buffer,size_t currentSize,size_t newSize)
+{
+	// GOOD: program to end
+	if (currentSize < newSize)
+	{
+		buffer = (unsigned char *)realloc(buffer, newSize);
+	}
+	assert(buffer!=0);
+	return buffer;
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+\| test.c:10:29:10:35 \| call to realloc \| possible loss of original pointer on unsuccessful call realloc \|`
	`2`	`+\| test.c:39:29:39:35 \| call to realloc \| possible loss of original pointer on unsuccessful call realloc \|`
	`3`	`+\| test.c:83:29:83:35 \| call to realloc \| possible loss of original pointer on unsuccessful call realloc \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql`