File tree Expand file tree Collapse file tree
cpp/ql/test/library-tests/dataflow/dataflow-tests Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2828| test.cpp:24:10:24:11 | t2 | test.cpp:23:23:23:24 | t1 |
2929| test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... |
3030| test.cpp:24:10:24:11 | t2 | test.cpp:26:8:26:9 | t1 |
31+ | test.cpp:430:48:430:54 | source1 | test.cpp:432:17:432:23 | source1 |
32+ | test.cpp:431:12:431:13 | 0 | test.cpp:432:11:432:13 | tmp |
33+ | test.cpp:436:53:436:59 | source1 | test.cpp:439:17:439:23 | source1 |
34+ | test.cpp:436:66:436:66 | b | test.cpp:441:7:441:7 | b |
35+ | test.cpp:437:12:437:13 | 0 | test.cpp:438:19:438:21 | tmp |
36+ | test.cpp:437:12:437:13 | 0 | test.cpp:439:11:439:13 | tmp |
37+ | test.cpp:437:12:437:13 | 0 | test.cpp:439:33:439:35 | tmp |
38+ | test.cpp:437:12:437:13 | 0 | test.cpp:440:8:440:10 | tmp |
39+ | test.cpp:437:12:437:13 | 0 | test.cpp:442:10:442:12 | tmp |
Original file line number Diff line number Diff line change @@ -423,3 +423,35 @@ class FlowThroughFields {
423423 sink (field); // tainted
424424 }
425425};
426+
427+ typedef unsigned long size_t ;
428+ void *memcpy (void *dest, const void *src, size_t count);
429+
430+ void flowThroughMemcpy_ssa_with_local_flow (int source1) {
431+ int tmp = 0 ;
432+ memcpy (&tmp, &source1, sizeof tmp);
433+ sink (tmp); // tainted (FALSE NEGATIVE)
434+ }
435+
436+ void flowThroughMemcpy_blockvar_with_local_flow (int source1, int b) {
437+ int tmp = 0 ;
438+ int *capture = &tmp;
439+ memcpy (&tmp, &source1, sizeof tmp);
440+ sink (tmp); // tainted (FALSE NEGATIVE)
441+ if (b) {
442+ sink (tmp); // different sub-basic-block
443+ }
444+ }
445+
446+ void cleanedByMemcpy_ssa (int clean1) {
447+ int tmp;
448+ memcpy (&tmp, &clean1, sizeof tmp);
449+ sink (tmp); // clean
450+ }
451+
452+ void cleanedByMemcpy_blockvar (int clean1) {
453+ int tmp;
454+ int *capture = &tmp;
455+ memcpy (&tmp, &clean1, sizeof tmp);
456+ sink (tmp); // clean (FALSE POSITIVE)
457+ }
Original file line number Diff line number Diff line change 2727| test.cpp:366:7:366:7 | x | test.cpp:362:4:362:9 | call to source |
2828| test.cpp:397:10:397:18 | globalVar | test.cpp:395:17:395:22 | call to source |
2929| test.cpp:423:10:423:14 | field | test.cpp:421:13:421:18 | call to source |
30+ | test.cpp:449:8:449:10 | tmp | test.cpp:447:7:447:9 | tmp |
31+ | test.cpp:456:8:456:10 | tmp | test.cpp:453:7:453:9 | tmp |
3032| true_upon_entry.cpp:21:8:21:8 | x | true_upon_entry.cpp:17:11:17:16 | call to source |
3133| true_upon_entry.cpp:29:8:29:8 | x | true_upon_entry.cpp:27:9:27:14 | call to source |
3234| true_upon_entry.cpp:39:8:39:8 | x | true_upon_entry.cpp:33:11:33:16 | call to source |
Original file line number Diff line number Diff line change 99| test.cpp:136:27:136:32 | test.cpp:140:22:140:23 | AST only |
1010| test.cpp:395:17:395:22 | test.cpp:397:10:397:18 | AST only |
1111| test.cpp:421:13:421:18 | test.cpp:423:10:423:14 | AST only |
12+ | test.cpp:447:7:447:9 | test.cpp:449:8:449:10 | AST only |
13+ | test.cpp:453:7:453:9 | test.cpp:456:8:456:10 | AST only |
1214| true_upon_entry.cpp:9:11:9:16 | true_upon_entry.cpp:13:8:13:8 | IR only |
1315| true_upon_entry.cpp:62:11:62:16 | true_upon_entry.cpp:66:8:66:8 | IR only |
1416| true_upon_entry.cpp:98:11:98:16 | true_upon_entry.cpp:105:8:105:8 | IR only |
Original file line number Diff line number Diff line change 11| test.cpp:75:7:75:8 | u1 | test.cpp:76:8:76:9 | u1 |
22| test.cpp:83:7:83:8 | u2 | test.cpp:84:13:84:14 | u2 |
33| test.cpp:83:7:83:8 | u2 | test.cpp:85:8:85:9 | u2 |
4+ | test.cpp:447:7:447:9 | tmp | test.cpp:448:11:448:13 | tmp |
5+ | test.cpp:447:7:447:9 | tmp | test.cpp:449:8:449:10 | tmp |
6+ | test.cpp:453:7:453:9 | tmp | test.cpp:454:19:454:21 | tmp |
7+ | test.cpp:453:7:453:9 | tmp | test.cpp:455:11:455:13 | tmp |
8+ | test.cpp:453:7:453:9 | tmp | test.cpp:456:8:456:10 | tmp |
You can’t perform that action at this time.
0 commit comments