Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 520ff39

Browse files
geoffw0geoffw0
committed
C++: Update MemoryMayNotBeFreed.ql similarly.
1 parent 9a944a9 commit 520ff39

1 file changed

Lines changed: 6 additions & 10 deletions

File tree

cpp/ql/src/Critical/MemoryMayNotBeFreed.ql

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ predicate mayCallFunction(Expr call, Function f) {
2424

2525
predicate allocCallOrIndirect(Expr e) {
2626
// direct alloc call
27-
isAllocationExpr(e) and
27+
e.(AllocationExpr).requiresDealloc() and
28+
not exists(e.(NewOrNewArrayExpr).getPlacementPointer()) and
2829
// We are only interested in alloc calls that are
2930
// actually freed somehow, as MemoryNeverFreed
3031
// will catch those that aren't.
@@ -53,8 +54,7 @@ predicate allocCallOrIndirect(Expr e) {
5354
* can cause memory leaks.
5455
*/
5556
predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode verified) {
56-
reallocCall.getTarget().hasGlobalOrStdName("realloc") and
57-
reallocCall.getArgument(0) = v.getAnAccess() and
57+
reallocCall.(AllocationExpr).getReallocPtr() = v.getAnAccess() and
5858
(
5959
exists(Variable newV, ControlFlowNode node |
6060
// a realloc followed by a null check at 'node' (return the non-null
@@ -71,23 +71,19 @@ predicate verifiedRealloc(FunctionCall reallocCall, Variable v, ControlFlowNode
7171
or
7272
// a realloc(ptr, 0), which always succeeds and frees
7373
// (return the realloc itself)
74-
reallocCall.getArgument(1).getValue() = "0" and
74+
reallocCall.(AllocationExpr).getReallocPtr().getValue() = "0" and
7575
verified = reallocCall
7676
)
7777
}
7878

7979
predicate freeCallOrIndirect(ControlFlowNode n, Variable v) {
8080
// direct free call
81-
freeCall(n, v.getAnAccess()) and
82-
not n.(FunctionCall).getTarget().hasGlobalOrStdName("realloc")
81+
n.(DeallocationExpr).getFreedExpr() = v.getAnAccess() and
82+
not exists(n.(AllocationExpr).getReallocPtr())
8383
or
8484
// verified realloc call
8585
verifiedRealloc(_, v, n)
8686
or
87-
n.(DeleteExpr).getExpr() = v.getAnAccess()
88-
or
89-
n.(DeleteArrayExpr).getExpr() = v.getAnAccess()
90-
or
9187
exists(FunctionCall midcall, Function mid, int arg |
9288
// indirect free call
9389
n.(Call).getArgument(arg) = v.getAnAccess() and

0 commit comments

Comments
 (0)