Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 281b56b

Browse files
geoffw0geoffw0
committed
C++: Add comments to the Allocation and Deallocation libraries indicating where the functions come from.
1 parent 998eaf9 commit 281b56b

2 files changed

Lines changed: 36 additions & 3 deletions

File tree

cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,19 +14,24 @@ private class MallocAllocationFunction extends AllocationFunction {
1414
int sizeArg;
1515

1616
MallocAllocationFunction() {
17+
// --- C library allocation
1718
hasGlobalOrStdName("malloc") and // malloc(size)
1819
sizeArg = 0
1920
or
2021
hasGlobalName([
22+
// --- Windows Memory Management for Windows Drivers
2123
"MmAllocateContiguousMemory", // MmAllocateContiguousMemory(size, maxaddress)
2224
"MmAllocateContiguousNodeMemory", // MmAllocateContiguousNodeMemory(size, minaddress, maxaddress, bound, flag, prefer)
2325
"MmAllocateContiguousMemorySpecifyCache", // MmAllocateContiguousMemorySpecifyCache(size, minaddress, maxaddress, bound, type)
2426
"MmAllocateContiguousMemorySpecifyCacheNode", // MmAllocateContiguousMemorySpecifyCacheNode(size, minaddress, maxaddress, bound, type, prefer)
2527
"MmAllocateNonCachedMemory", // MmAllocateNonCachedMemory(size)
2628
"MmAllocateMappingAddress", // MmAllocateMappingAddress(size, tag)
29+
// --- Windows COM allocation
2730
"CoTaskMemAlloc", // CoTaskMemAlloc(size)
31+
// --- Linux kernel memory allocator
2832
"kmem_alloc", // kmem_alloc(size, flags)
2933
"kmem_zalloc", // kmem_zalloc(size, flags)
34+
// --- OpenSSL memory allocation
3035
"CRYPTO_malloc", // CRYPTO_malloc(size_t num, const char *file, int line)
3136
"CRYPTO_zalloc", // CRYPTO_zalloc(size_t num, const char *file, int line)
3237
"CRYPTO_secure_malloc", // CRYPTO_secure_malloc(size_t num, const char *file, int line)
@@ -35,15 +40,18 @@ private class MallocAllocationFunction extends AllocationFunction {
3540
sizeArg = 0
3641
or
3742
hasGlobalName([
43+
// --- Windows Memory Management for Windows Drivers
3844
"ExAllocatePool", // ExAllocatePool(type, size)
3945
"ExAllocatePoolWithTag", // ExAllocatePool(type, size, tag)
4046
"ExAllocatePoolWithTagPriority", // ExAllocatePoolWithTagPriority(type, size, tag, priority)
4147
"ExAllocatePoolWithQuota", // ExAllocatePoolWithQuota(type, size)
4248
"ExAllocatePoolWithQuotaTag", // ExAllocatePoolWithQuotaTag(type, size, tag)
4349
"IoAllocateMdl", // IoAllocateMdl(address, size, flag, flag, irp)
4450
"IoAllocateErrorLogEntry", // IoAllocateErrorLogEntry(object, size)
51+
// --- Windows Global / Local legacy allocation
4552
"LocalAlloc", // LocalAlloc(flags, size)
4653
"GlobalAlloc", // GlobalAlloc(flags, size)
54+
// --- Windows System Services allocation
4755
"VirtualAlloc" // VirtualAlloc(address, size, type, flag)
4856
]) and
4957
sizeArg = 1
@@ -52,6 +60,7 @@ private class MallocAllocationFunction extends AllocationFunction {
5260
sizeArg = 2
5361
or
5462
hasGlobalName([
63+
// --- Windows Memory Management for Windows Drivers
5564
"MmAllocatePagesForMdl", // MmAllocatePagesForMdl(minaddress, maxaddress, skip, size)
5665
"MmAllocatePagesForMdlEx", // MmAllocatePagesForMdlEx(minaddress, maxaddress, skip, size, type, flags)
5766
"MmAllocateNodePagesForMdlEx" // MmAllocateNodePagesForMdlEx(minaddress, maxaddress, skip, size, type, prefer, flags)
@@ -71,6 +80,7 @@ private class AllocaAllocationFunction extends AllocationFunction {
7180

7281
AllocaAllocationFunction() {
7382
hasGlobalName([
83+
// --- stack allocation
7484
"alloca", // // alloca(size)
7585
"__builtin_alloca" // __builtin_alloca(size)
7686
]) and
@@ -91,6 +101,7 @@ private class CallocAllocationFunction extends AllocationFunction {
91101
int multArg;
92102

93103
CallocAllocationFunction() {
104+
// --- C library allocation
94105
hasGlobalOrStdName("calloc") and // calloc(num, size)
95106
sizeArg = 1 and
96107
multArg = 0
@@ -110,14 +121,18 @@ private class ReallocAllocationFunction extends AllocationFunction {
110121
int reallocArg;
111122

112123
ReallocAllocationFunction() {
124+
// --- C library allocation
113125
hasGlobalOrStdName("realloc") and // realloc(ptr, size)
114126
sizeArg = 1 and
115127
reallocArg = 0
116128
or
117129
hasGlobalName([
130+
// --- Windows Global / Local legacy allocation
118131
"LocalReAlloc", // LocalReAlloc(ptr, size, flags)
119132
"GlobalReAlloc", // GlobalReAlloc(ptr, size, flags)
133+
// --- Windows COM allocation
120134
"CoTaskMemRealloc", // CoTaskMemRealloc(ptr, size)
135+
// --- OpenSSL memory allocation
121136
"CRYPTO_realloc" // CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
122137
]) and
123138
sizeArg = 1 and
@@ -140,6 +155,7 @@ private class ReallocAllocationFunction extends AllocationFunction {
140155
private class SizelessAllocationFunction extends AllocationFunction {
141156
SizelessAllocationFunction() {
142157
hasGlobalName([
158+
// --- Windows Memory Management for Windows Drivers
143159
"ExAllocateFromLookasideListEx", // ExAllocateFromLookasideListEx(list)
144160
"ExAllocateFromPagedLookasideList", // ExAllocateFromPagedLookasideList(list)
145161
"ExAllocateFromNPagedLookasideList", // ExAllocateFromNPagedLookasideList(list)
@@ -148,6 +164,7 @@ private class SizelessAllocationFunction extends AllocationFunction {
148164
"MmMapLockedPagesWithReservedMapping", // MmMapLockedPagesWithReservedMapping(address, tag, list, type)
149165
"MmMapLockedPages", // MmMapLockedPages(list, mode)
150166
"MmMapLockedPagesSpecifyCache", // MmMapLockedPagesSpecifyCache(list, mode, type, address, flag, flag)
167+
// --- NetBSD pool manager
151168
"pool_get", // pool_get(pool, flags)
152169
"pool_cache_get" // pool_cache_get(pool, flags)
153170
])

cpp/ql/src/semmle/code/cpp/models/implementations/Deallocation.qll

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,21 +14,37 @@ private class StandardDeallocationFunction extends DeallocationFunction {
1414

1515
StandardDeallocationFunction() {
1616
exists(string name |
17-
hasGlobalName(["free", "realloc", "CRYPTO_free", "CRYPTO_secure_free"]) and
17+
hasGlobalName([
18+
// --- C library allocation
19+
"free", "realloc",
20+
// --- OpenSSL memory allocation
21+
"CRYPTO_free", "CRYPTO_secure_free"]
22+
) and
1823
freedArg = 0
1924
or
2025
hasGlobalOrStdName([
26+
// --- Windows Memory Management for Windows Drivers
2127
"ExFreePoolWithTag", "ExDeleteTimer", "IoFreeMdl", "IoFreeWorkItem",
2228
"IoFreeErrorLogEntry", "MmFreeContiguousMemory", "MmFreeContiguousMemorySpecifyCache",
2329
"MmFreeNonCachedMemory", "MmFreeMappingAddress", "MmFreePagesFromMdl",
24-
"MmUnmapReservedMapping", "MmUnmapLockedPages", "LocalFree", "GlobalFree", "VirtualFree",
25-
"CoTaskMemFree", "SysFreeString", "LocalReAlloc", "GlobalReAlloc", "CoTaskMemRealloc",
30+
"MmUnmapReservedMapping", "MmUnmapLockedPages",
31+
// --- Windows Global / Local legacy allocation
32+
"LocalFree", "GlobalFree", "LocalReAlloc", "GlobalReAlloc",
33+
// --- Windows System Services allocation
34+
"VirtualFree",
35+
// --- Windows COM allocation
36+
"CoTaskMemFree", "CoTaskMemRealloc",
37+
// --- Windows Automation
38+
"SysFreeString",
39+
// --- Linux kernel memory allocator
2640
"kmem_free"
2741
]) and
2842
freedArg = 0
2943
or
3044
hasGlobalOrStdName([
45+
// --- Windows Memory Management for Windows Drivers
3146
"ExFreeToLookasideListEx", "ExFreeToPagedLookasideList", "ExFreeToNPagedLookasideList",
47+
// --- NetBSD pool manager
3248
"pool_put", "pool_cache_put"
3349
]) and
3450
freedArg = 1

0 commit comments

Comments
 (0)