Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2a4fba0

Browse files
geoffw0geoffw0
committed
C++: Use [,] more in models.
1 parent 254072d commit 2a4fba0

11 files changed

Lines changed: 171 additions & 377 deletions

File tree

cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll

Lines changed: 79 additions & 161 deletions
Original file line numberDiff line numberDiff line change
@@ -14,95 +14,49 @@ private class MallocAllocationFunction extends AllocationFunction {
1414
int sizeArg;
1515

1616
MallocAllocationFunction() {
17-
exists(string name |
18-
hasGlobalOrStdName(name) and
19-
// malloc(size)
20-
(name = "malloc" and sizeArg = 0)
21-
or
22-
hasGlobalName(name) and
23-
(
24-
// ExAllocatePool(type, size)
25-
name = "ExAllocatePool" and sizeArg = 1
26-
or
27-
// ExAllocatePool(type, size, tag)
28-
name = "ExAllocatePoolWithTag" and sizeArg = 1
29-
or
30-
// ExAllocatePoolWithTagPriority(type, size, tag, priority)
31-
name = "ExAllocatePoolWithTagPriority" and sizeArg = 1
32-
or
33-
// ExAllocatePoolWithQuota(type, size)
34-
name = "ExAllocatePoolWithQuota" and sizeArg = 1
35-
or
36-
// ExAllocatePoolWithQuotaTag(type, size, tag)
37-
name = "ExAllocatePoolWithQuotaTag" and sizeArg = 1
38-
or
39-
// IoAllocateMdl(address, size, flag, flag, irp)
40-
name = "IoAllocateMdl" and sizeArg = 1
41-
or
42-
// IoAllocateErrorLogEntry(object, size)
43-
name = "IoAllocateErrorLogEntry" and sizeArg = 1
44-
or
45-
// MmAllocateContiguousMemory(size, maxaddress)
46-
name = "MmAllocateContiguousMemory" and sizeArg = 0
47-
or
48-
// MmAllocateContiguousNodeMemory(size, minaddress, maxaddress, bound, flag, prefer)
49-
name = "MmAllocateContiguousNodeMemory" and sizeArg = 0
50-
or
51-
// MmAllocateContiguousMemorySpecifyCache(size, minaddress, maxaddress, bound, type)
52-
name = "MmAllocateContiguousMemorySpecifyCache" and sizeArg = 0
53-
or
54-
// MmAllocateContiguousMemorySpecifyCacheNode(size, minaddress, maxaddress, bound, type, prefer)
55-
name = "MmAllocateContiguousMemorySpecifyCacheNode" and sizeArg = 0
56-
or
57-
// MmAllocateNonCachedMemory(size)
58-
name = "MmAllocateNonCachedMemory" and sizeArg = 0
59-
or
60-
// MmAllocateMappingAddress(size, tag)
61-
name = "MmAllocateMappingAddress" and sizeArg = 0
62-
or
63-
// MmAllocatePagesForMdl(minaddress, maxaddress, skip, size)
64-
name = "MmAllocatePagesForMdl" and sizeArg = 3
65-
or
66-
// MmAllocatePagesForMdlEx(minaddress, maxaddress, skip, size, type, flags)
67-
name = "MmAllocatePagesForMdlEx" and sizeArg = 3
68-
or
69-
// MmAllocateNodePagesForMdlEx(minaddress, maxaddress, skip, size, type, prefer, flags)
70-
name = "MmAllocateNodePagesForMdlEx" and sizeArg = 3
71-
or
72-
// LocalAlloc(flags, size)
73-
name = "LocalAlloc" and sizeArg = 1
74-
or
75-
// GlobalAlloc(flags, size)
76-
name = "GlobalAlloc" and sizeArg = 1
77-
or
78-
// HeapAlloc(heap, flags, size)
79-
name = "HeapAlloc" and sizeArg = 2
80-
or
81-
// VirtualAlloc(address, size, type, flag)
82-
name = "VirtualAlloc" and sizeArg = 1
83-
or
84-
// CoTaskMemAlloc(size)
85-
name = "CoTaskMemAlloc" and sizeArg = 0
86-
or
87-
// kmem_alloc(size, flags)
88-
name = "kmem_alloc" and sizeArg = 0
89-
or
90-
// kmem_zalloc(size, flags)
91-
name = "kmem_zalloc" and sizeArg = 0
92-
or
93-
// CRYPTO_malloc(size_t num, const char *file, int line)
94-
name = "CRYPTO_malloc" and sizeArg = 0
95-
or
96-
// CRYPTO_zalloc(size_t num, const char *file, int line)
97-
name = "CRYPTO_zalloc" and sizeArg = 0
98-
or
99-
// CRYPTO_secure_malloc(size_t num, const char *file, int line)
100-
name = "CRYPTO_secure_malloc" and sizeArg = 0
101-
or
102-
// CRYPTO_secure_zalloc(size_t num, const char *file, int line)
103-
name = "CRYPTO_secure_zalloc" and sizeArg = 0
104-
)
105-
)
17+
hasGlobalOrStdName("malloc") and // malloc(size)
18+
sizeArg = 0
19+
or
20+
hasGlobalName([
21+
"MmAllocateContiguousMemory", // MmAllocateContiguousMemory(size, maxaddress)
22+
"MmAllocateContiguousNodeMemory", // MmAllocateContiguousNodeMemory(size, minaddress, maxaddress, bound, flag, prefer)
23+
"MmAllocateContiguousMemorySpecifyCache", // MmAllocateContiguousMemorySpecifyCache(size, minaddress, maxaddress, bound, type)
24+
"MmAllocateContiguousMemorySpecifyCacheNode", // MmAllocateContiguousMemorySpecifyCacheNode(size, minaddress, maxaddress, bound, type, prefer)
25+
"MmAllocateNonCachedMemory", // MmAllocateNonCachedMemory(size)
26+
"MmAllocateMappingAddress", // MmAllocateMappingAddress(size, tag)
27+
"CoTaskMemAlloc", // CoTaskMemAlloc(size)
28+
"kmem_alloc", // kmem_alloc(size, flags)
29+
"kmem_zalloc", // kmem_zalloc(size, flags)
30+
"CRYPTO_malloc", // CRYPTO_malloc(size_t num, const char *file, int line)
31+
"CRYPTO_zalloc", // CRYPTO_zalloc(size_t num, const char *file, int line)
32+
"CRYPTO_secure_malloc", // CRYPTO_secure_malloc(size_t num, const char *file, int line)
33+
"CRYPTO_secure_zalloc" // CRYPTO_secure_zalloc(size_t num, const char *file, int line)
34+
]) and
35+
sizeArg = 0
36+
or
37+
hasGlobalName([
38+
"ExAllocatePool", // ExAllocatePool(type, size)
39+
"ExAllocatePoolWithTag", // ExAllocatePool(type, size, tag)
40+
"ExAllocatePoolWithTagPriority", // ExAllocatePoolWithTagPriority(type, size, tag, priority)
41+
"ExAllocatePoolWithQuota", // ExAllocatePoolWithQuota(type, size)
42+
"ExAllocatePoolWithQuotaTag", // ExAllocatePoolWithQuotaTag(type, size, tag)
43+
"IoAllocateMdl", // IoAllocateMdl(address, size, flag, flag, irp)
44+
"IoAllocateErrorLogEntry", // IoAllocateErrorLogEntry(object, size)
45+
"LocalAlloc", // LocalAlloc(flags, size)
46+
"GlobalAlloc", // GlobalAlloc(flags, size)
47+
"VirtualAlloc" // VirtualAlloc(address, size, type, flag)
48+
]) and
49+
sizeArg = 1
50+
or
51+
hasGlobalName(["HeapAlloc"]) and // HeapAlloc(heap, flags, size)
52+
sizeArg = 2
53+
or
54+
hasGlobalName([
55+
"MmAllocatePagesForMdl", // MmAllocatePagesForMdl(minaddress, maxaddress, skip, size)
56+
"MmAllocatePagesForMdlEx", // MmAllocatePagesForMdlEx(minaddress, maxaddress, skip, size, type, flags)
57+
"MmAllocateNodePagesForMdlEx" // MmAllocateNodePagesForMdlEx(minaddress, maxaddress, skip, size, type, prefer, flags)
58+
]) and
59+
sizeArg = 3
10660
}
10761

10862
override int getSizeArg() { result = sizeArg }
@@ -116,16 +70,11 @@ private class AllocaAllocationFunction extends AllocationFunction {
11670
int sizeArg;
11771

11872
AllocaAllocationFunction() {
119-
exists(string name |
120-
hasGlobalName(name) and
121-
(
122-
// alloca(size)
123-
name = "alloca" and sizeArg = 0
124-
or
125-
// __builtin_alloca(size)
126-
name = "__builtin_alloca" and sizeArg = 0
127-
)
128-
)
73+
hasGlobalName([
74+
"alloca", // // alloca(size)
75+
"__builtin_alloca" // __builtin_alloca(size)
76+
]) and
77+
sizeArg = 0
12978
}
13079

13180
override int getSizeArg() { result = sizeArg }
@@ -142,11 +91,9 @@ private class CallocAllocationFunction extends AllocationFunction {
14291
int multArg;
14392

14493
CallocAllocationFunction() {
145-
exists(string name |
146-
hasGlobalOrStdName(name) and
147-
// calloc(num, size)
148-
(name = "calloc" and sizeArg = 1 and multArg = 0)
149-
)
94+
hasGlobalOrStdName("calloc") and // calloc(num, size)
95+
sizeArg = 1 and
96+
multArg = 0
15097
}
15198

15299
override int getSizeArg() { result = sizeArg }
@@ -163,29 +110,22 @@ private class ReallocAllocationFunction extends AllocationFunction {
163110
int reallocArg;
164111

165112
ReallocAllocationFunction() {
166-
exists(string name |
167-
hasGlobalOrStdName(name) and
168-
// realloc(ptr, size)
169-
(name = "realloc" and sizeArg = 1 and reallocArg = 0)
170-
or
171-
hasGlobalName(name) and
172-
(
173-
// LocalReAlloc(ptr, size, flags)
174-
name = "LocalReAlloc" and sizeArg = 1 and reallocArg = 0
175-
or
176-
// GlobalReAlloc(ptr, size, flags)
177-
name = "GlobalReAlloc" and sizeArg = 1 and reallocArg = 0
178-
or
179-
// HeapReAlloc(heap, flags, ptr, size)
180-
name = "HeapReAlloc" and sizeArg = 3 and reallocArg = 2
181-
or
182-
// CoTaskMemRealloc(ptr, size)
183-
name = "CoTaskMemRealloc" and sizeArg = 1 and reallocArg = 0
184-
or
185-
// CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
186-
name = "CRYPTO_realloc" and sizeArg = 1 and reallocArg = 0
187-
)
188-
)
113+
hasGlobalOrStdName("realloc") and // realloc(ptr, size)
114+
sizeArg = 1 and
115+
reallocArg = 0
116+
or
117+
hasGlobalName([
118+
"LocalReAlloc", // LocalReAlloc(ptr, size, flags)
119+
"GlobalReAlloc", // GlobalReAlloc(ptr, size, flags)
120+
"CoTaskMemRealloc", // CoTaskMemRealloc(ptr, size)
121+
"CRYPTO_realloc" // CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
122+
]) and
123+
sizeArg = 1 and
124+
reallocArg = 0
125+
or
126+
hasGlobalName("HeapReAlloc") and // HeapReAlloc(heap, flags, ptr, size)
127+
sizeArg = 3 and
128+
reallocArg = 2
189129
}
190130

191131
override int getSizeArg() { result = sizeArg }
@@ -199,40 +139,18 @@ private class ReallocAllocationFunction extends AllocationFunction {
199139
*/
200140
private class SizelessAllocationFunction extends AllocationFunction {
201141
SizelessAllocationFunction() {
202-
exists(string name |
203-
hasGlobalName(name) and
204-
(
205-
// ExAllocateFromLookasideListEx(list)
206-
name = "ExAllocateFromLookasideListEx"
207-
or
208-
// ExAllocateFromPagedLookasideList(list)
209-
name = "ExAllocateFromPagedLookasideList"
210-
or
211-
// ExAllocateFromNPagedLookasideList(list)
212-
name = "ExAllocateFromNPagedLookasideList"
213-
or
214-
// ExAllocateTimer(callback, context, attributes)
215-
name = "ExAllocateTimer"
216-
or
217-
// IoAllocateWorkItem(object)
218-
name = "IoAllocateWorkItem"
219-
or
220-
// MmMapLockedPagesWithReservedMapping(address, tag, list, type)
221-
name = "MmMapLockedPagesWithReservedMapping"
222-
or
223-
// MmMapLockedPages(list, mode)
224-
name = "MmMapLockedPages"
225-
or
226-
// MmMapLockedPagesSpecifyCache(list, mode, type, address, flag, flag)
227-
name = "MmMapLockedPagesSpecifyCache"
228-
or
229-
// pool_get(pool, flags)
230-
name = "pool_get"
231-
or
232-
// pool_cache_get(pool, flags)
233-
name = "pool_cache_get"
234-
)
235-
)
142+
hasGlobalName([
143+
"ExAllocateFromLookasideListEx", // ExAllocateFromLookasideListEx(list)
144+
"ExAllocateFromPagedLookasideList", // ExAllocateFromPagedLookasideList(list)
145+
"ExAllocateFromNPagedLookasideList", // ExAllocateFromNPagedLookasideList(list)
146+
"ExAllocateTimer", // ExAllocateTimer(callback, context, attributes)
147+
"IoAllocateWorkItem", // IoAllocateWorkItem(object)
148+
"MmMapLockedPagesWithReservedMapping", // MmMapLockedPagesWithReservedMapping(address, tag, list, type)
149+
"MmMapLockedPages", // MmMapLockedPages(list, mode)
150+
"MmMapLockedPagesSpecifyCache", // MmMapLockedPagesSpecifyCache(list, mode, type, address, flag, flag)
151+
"pool_get", // pool_get(pool, flags)
152+
"pool_cache_get" // pool_cache_get(pool, flags)
153+
])
236154
}
237155
}
238156

cpp/ql/src/semmle/code/cpp/models/implementations/Deallocation.qll

Lines changed: 20 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -14,75 +14,27 @@ private class StandardDeallocationFunction extends DeallocationFunction {
1414

1515
StandardDeallocationFunction() {
1616
exists(string name |
17-
hasGlobalName(name) and
18-
(
19-
name = "free" and freedArg = 0
20-
or
21-
name = "realloc" and freedArg = 0
22-
or
23-
name = "CRYPTO_free" and freedArg = 0
24-
or
25-
name = "CRYPTO_secure_free" and freedArg = 0
26-
)
17+
hasGlobalName(["free", "realloc", "CRYPTO_free", "CRYPTO_secure_free"]) and
18+
freedArg = 0
2719
or
28-
hasGlobalOrStdName(name) and
29-
(
30-
name = "ExFreePoolWithTag" and freedArg = 0
31-
or
32-
name = "ExFreeToLookasideListEx" and freedArg = 1
33-
or
34-
name = "ExFreeToPagedLookasideList" and freedArg = 1
35-
or
36-
name = "ExFreeToNPagedLookasideList" and freedArg = 1
37-
or
38-
name = "ExDeleteTimer" and freedArg = 0
39-
or
40-
name = "IoFreeMdl" and freedArg = 0
41-
or
42-
name = "IoFreeWorkItem" and freedArg = 0
43-
or
44-
name = "IoFreeErrorLogEntry" and freedArg = 0
45-
or
46-
name = "MmFreeContiguousMemory" and freedArg = 0
47-
or
48-
name = "MmFreeContiguousMemorySpecifyCache" and freedArg = 0
49-
or
50-
name = "MmFreeNonCachedMemory" and freedArg = 0
51-
or
52-
name = "MmFreeMappingAddress" and freedArg = 0
53-
or
54-
name = "MmFreePagesFromMdl" and freedArg = 0
55-
or
56-
name = "MmUnmapReservedMapping" and freedArg = 0
57-
or
58-
name = "MmUnmapLockedPages" and freedArg = 0
59-
or
60-
name = "LocalFree" and freedArg = 0
61-
or
62-
name = "GlobalFree" and freedArg = 0
63-
or
64-
name = "HeapFree" and freedArg = 2
65-
or
66-
name = "VirtualFree" and freedArg = 0
67-
or
68-
name = "CoTaskMemFree" and freedArg = 0
69-
or
70-
name = "SysFreeString" and freedArg = 0
71-
or
72-
name = "LocalReAlloc" and freedArg = 0
73-
or
74-
name = "GlobalReAlloc" and freedArg = 0
75-
or
76-
name = "HeapReAlloc" and freedArg = 2
77-
or
78-
name = "CoTaskMemRealloc" and freedArg = 0
79-
or
80-
name = "kmem_free" and freedArg = 0
81-
or
82-
name = "pool_put" and freedArg = 1
83-
or
84-
name = "pool_cache_put" and freedArg = 1
85-
)
20+
hasGlobalOrStdName([
21+
"ExFreePoolWithTag", "ExDeleteTimer", "IoFreeMdl", "IoFreeWorkItem",
22+
"IoFreeErrorLogEntry", "MmFreeContiguousMemory", "MmFreeContiguousMemorySpecifyCache",
23+
"MmFreeNonCachedMemory", "MmFreeMappingAddress", "MmFreePagesFromMdl",
24+
"MmUnmapReservedMapping", "MmUnmapLockedPages", "LocalFree", "GlobalFree", "VirtualFree",
25+
"CoTaskMemFree", "SysFreeString", "LocalReAlloc", "GlobalReAlloc", "CoTaskMemRealloc",
26+
"kmem_free"
27+
]) and
28+
freedArg = 0
29+
or
30+
hasGlobalOrStdName([
31+
"ExFreeToLookasideListEx", "ExFreeToPagedLookasideList", "ExFreeToNPagedLookasideList",
32+
"pool_put", "pool_cache_put"
33+
]) and
34+
freedArg = 1
35+
or
36+
hasGlobalOrStdName(["HeapFree", "HeapReAlloc"]) and
37+
freedArg = 2
8638
)
8739
}
8840

cpp/ql/src/semmle/code/cpp/models/implementations/Iterator.qll

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,7 @@ private class IteratorTraits extends Class {
3131
*/
3232
private class IteratorByTypedefs extends Iterator, Class {
3333
IteratorByTypedefs() {
34-
this.getAMember().(TypedefType).hasName("difference_type") and
35-
this.getAMember().(TypedefType).hasName("value_type") and
36-
this.getAMember().(TypedefType).hasName("pointer") and
37-
this.getAMember().(TypedefType).hasName("reference") and
38-
this.getAMember().(TypedefType).hasName("iterator_category") and
34+
this.getAMember().(TypedefType).hasName(["difference_type", "value_type", "pointer", "reference", "iterator_category"]) and
3935
not this.hasQualifiedName("std", "iterator_traits")
4036
}
4137
}

cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,8 @@ import semmle.code.cpp.models.interfaces.SideEffect
1515
private class MemsetFunction extends ArrayFunction, DataFlowFunction, AliasFunction,
1616
SideEffectFunction {
1717
MemsetFunction() {
18-
hasGlobalName("memset") or
19-
hasGlobalName("wmemset") or
20-
hasGlobalName("bzero") or
21-
hasGlobalName("__builtin_memset") or
22-
hasGlobalName("__builtin_memset_chk") or
23-
hasQualifiedName("std", "memset") or
24-
hasQualifiedName("std", "wmemset")
18+
hasGlobalName(["memset", "wmemset", "bzero", "__builtin_memset", "__builtin_memset_chk"]) or
19+
hasQualifiedName("std", ["memset", "wmemset"])
2520
}
2621

2722
override predicate hasArrayOutput(int bufParam) { bufParam = 0 }

0 commit comments

Comments
 (0)