Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6fc4154

Browse files
geoffw0geoffw0
committed
CPP: Autoformat.
1 parent c73d3eb commit 6fc4154

5 files changed

Lines changed: 126 additions & 143 deletions

File tree

cpp/ql/src/Critical/OverflowCalculated.ql

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@ import semmle.code.cpp.dataflow.DataFlow
1515
import semmle.code.cpp.models.interfaces.Allocation
1616

1717
predicate spaceProblem(FunctionCall append, string msg) {
18-
exists(AllocationExpr malloc, StrlenCall strlen, AddExpr add, FunctionCall insert, Variable buffer |
18+
exists(
19+
AllocationExpr malloc, StrlenCall strlen, AddExpr add, FunctionCall insert, Variable buffer
20+
|
1921
add.getAChild() = strlen and
2022
exists(add.getAChild().getValue()) and
2123
DataFlow::localExprFlow(add, malloc.getSizeExpr()) and

cpp/ql/src/semmle/code/cpp/commons/Alloc.qll

Lines changed: 6 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,35 +4,27 @@ import semmle.code.cpp.models.interfaces.Deallocation
44

55
/**
66
* A library routine that allocates memory.
7-
*
7+
*
88
* DEPRECATED: Use the `MallocFunction` class instead of this predicate.
99
*/
10-
deprecated predicate allocationFunction(Function f) {
11-
f instanceof AllocationFunction
12-
}
10+
deprecated predicate allocationFunction(Function f) { f instanceof AllocationFunction }
1311

1412
/**
1513
* A call to a library routine that allocates memory.
1614
*
1715
* DEPRECATED: Use `AllocationExpr` instead (this also includes `new` expressions).
1816
*/
19-
deprecated predicate allocationCall(FunctionCall fc) {
20-
fc instanceof AllocationExpr
21-
}
17+
deprecated predicate allocationCall(FunctionCall fc) { fc instanceof AllocationExpr }
2218

2319
/**
2420
* A library routine that frees memory.
2521
*/
26-
predicate freeFunction(Function f, int argNum) {
27-
argNum = f.(DeallocationFunction).getFreedArg()
28-
}
22+
predicate freeFunction(Function f, int argNum) { argNum = f.(DeallocationFunction).getFreedArg() }
2923

3024
/**
3125
* A call to a library routine that frees memory.
3226
*/
33-
predicate freeCall(FunctionCall fc, Expr arg) {
34-
arg = fc.(DeallocationExpr).getFreedExpr()
35-
}
27+
predicate freeCall(FunctionCall fc, Expr arg) { arg = fc.(DeallocationExpr).getFreedExpr() }
3628

3729
/**
3830
* Is e some kind of allocation or deallocation (`new`, `alloc`, `realloc`, `delete`, `free` etc)?
@@ -69,6 +61,4 @@ deprecated predicate isFixedSizeAllocationExpr(Expr allocExpr, int size) {
6961
*
7062
* DEPRECATED: Use `DeallocationExpr` instead.
7163
*/
72-
deprecated predicate isDeallocationExpr(Expr e) {
73-
e instanceof DeallocationExpr
74-
}
64+
deprecated predicate isDeallocationExpr(Expr e) { e instanceof DeallocationExpr }

cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll

Lines changed: 108 additions & 103 deletions
Original file line numberDiff line numberDiff line change
@@ -10,62 +10,78 @@ class MallocAllocationFunction extends AllocationFunction {
1010
MallocAllocationFunction() {
1111
exists(string name |
1212
hasGlobalOrStdName(name) and
13-
(
14-
// malloc(size)
15-
(name = "malloc" and sizeArg = 0)
16-
)
13+
// malloc(size)
14+
(name = "malloc" and sizeArg = 0)
1715
or
1816
hasGlobalName(name) and
1917
(
2018
// ExAllocatePool(type, size)
21-
(name = "ExAllocatePool" and sizeArg = 1) or
19+
name = "ExAllocatePool" and sizeArg = 1
20+
or
2221
// ExAllocatePool(type, size, tag)
23-
(name = "ExAllocatePoolWithTag" and sizeArg = 1) or
22+
name = "ExAllocatePoolWithTag" and sizeArg = 1
23+
or
2424
// ExAllocatePoolWithTagPriority(type, size, tag, priority)
25-
(name = "ExAllocatePoolWithTagPriority" and sizeArg = 1) or
25+
name = "ExAllocatePoolWithTagPriority" and sizeArg = 1
26+
or
2627
// ExAllocatePoolWithQuota(type, size)
27-
(name = "ExAllocatePoolWithQuota" and sizeArg = 1) or
28+
name = "ExAllocatePoolWithQuota" and sizeArg = 1
29+
or
2830
// ExAllocatePoolWithQuotaTag(type, size, tag)
29-
(name = "ExAllocatePoolWithQuotaTag" and sizeArg = 1) or
31+
name = "ExAllocatePoolWithQuotaTag" and sizeArg = 1
32+
or
3033
// IoAllocateMdl(address, size, flag, flag, irp)
31-
(name = "IoAllocateMdl" and sizeArg = 1) or
34+
name = "IoAllocateMdl" and sizeArg = 1
35+
or
3236
// IoAllocateErrorLogEntry(object, size)
33-
(name = "IoAllocateErrorLogEntry" and sizeArg = 1) or
37+
name = "IoAllocateErrorLogEntry" and sizeArg = 1
38+
or
3439
// MmAllocateContiguousMemory(size, maxaddress)
35-
(name = "MmAllocateContiguousMemory" and sizeArg = 0) or
40+
name = "MmAllocateContiguousMemory" and sizeArg = 0
41+
or
3642
// MmAllocateContiguousNodeMemory(size, minaddress, maxaddress, bound, flag, prefer)
37-
(name = "MmAllocateContiguousNodeMemory" and sizeArg = 0) or
43+
name = "MmAllocateContiguousNodeMemory" and sizeArg = 0
44+
or
3845
// MmAllocateContiguousMemorySpecifyCache(size, minaddress, maxaddress, bound, type)
39-
(name = "MmAllocateContiguousMemorySpecifyCache" and sizeArg = 0) or
46+
name = "MmAllocateContiguousMemorySpecifyCache" and sizeArg = 0
47+
or
4048
// MmAllocateContiguousMemorySpecifyCacheNode(size, minaddress, maxaddress, bound, type, prefer)
41-
(name = "MmAllocateContiguousMemorySpecifyCacheNode" and sizeArg = 0) or
49+
name = "MmAllocateContiguousMemorySpecifyCacheNode" and sizeArg = 0
50+
or
4251
// MmAllocateNonCachedMemory(size)
43-
(name = "MmAllocateNonCachedMemory" and sizeArg = 0) or
52+
name = "MmAllocateNonCachedMemory" and sizeArg = 0
53+
or
4454
// MmAllocateMappingAddress(size, tag)
45-
(name = "MmAllocateMappingAddress" and sizeArg = 0) or
55+
name = "MmAllocateMappingAddress" and sizeArg = 0
56+
or
4657
// MmAllocatePagesForMdl(minaddress, maxaddress, skip, size)
47-
(name = "MmAllocatePagesForMdl" and sizeArg = 3) or
58+
name = "MmAllocatePagesForMdl" and sizeArg = 3
59+
or
4860
// MmAllocatePagesForMdlEx(minaddress, maxaddress, skip, size, type, flags)
49-
(name = "MmAllocatePagesForMdlEx" and sizeArg = 3) or
61+
name = "MmAllocatePagesForMdlEx" and sizeArg = 3
62+
or
5063
// MmAllocateNodePagesForMdlEx(minaddress, maxaddress, skip, size, type, prefer, flags)
51-
(name = "MmAllocateNodePagesForMdlEx" and sizeArg = 3) or
64+
name = "MmAllocateNodePagesForMdlEx" and sizeArg = 3
65+
or
5266
// LocalAlloc(flags, size)
53-
(name = "LocalAlloc" and sizeArg = 1) or
67+
name = "LocalAlloc" and sizeArg = 1
68+
or
5469
// GlobalAlloc(flags, size)
55-
(name = "GlobalAlloc" and sizeArg = 1) or
70+
name = "GlobalAlloc" and sizeArg = 1
71+
or
5672
// HeapAlloc(heap, flags, size)
57-
(name = "HeapAlloc" and sizeArg = 2) or
73+
name = "HeapAlloc" and sizeArg = 2
74+
or
5875
// VirtualAlloc(address, size, type, flag)
59-
(name = "VirtualAlloc" and sizeArg = 1) or
76+
name = "VirtualAlloc" and sizeArg = 1
77+
or
6078
// CoTaskMemAlloc(size)
61-
(name = "CoTaskMemAlloc" and sizeArg = 0)
79+
name = "CoTaskMemAlloc" and sizeArg = 0
6280
)
6381
)
6482
}
6583

66-
override int getSizeArg() {
67-
result = sizeArg
68-
}
84+
override int getSizeArg() { result = sizeArg }
6985
}
7086

7187
/**
@@ -84,13 +100,9 @@ class CallocAllocationFunction extends AllocationFunction {
84100
)
85101
}
86102

87-
override int getSizeArg() {
88-
result = sizeArg
89-
}
103+
override int getSizeArg() { result = sizeArg }
90104

91-
override int getSizeMult() {
92-
result = multArg
93-
}
105+
override int getSizeMult() { result = multArg }
94106
}
95107

96108
/**
@@ -101,34 +113,32 @@ class ReallocAllocationFunction extends AllocationFunction {
101113
int sizeArg;
102114
int reallocArg;
103115

104-
ReallocAllocationFunction() { exists(string name |
105-
hasGlobalOrStdName(name) and
106-
(
116+
ReallocAllocationFunction() {
117+
exists(string name |
118+
hasGlobalOrStdName(name) and
107119
// realloc(ptr, size)
108120
(name = "realloc" and sizeArg = 1 and reallocArg = 0)
121+
or
122+
hasGlobalName(name) and
123+
(
124+
// LocalReAlloc(ptr, size, flags)
125+
name = "LocalReAlloc" and sizeArg = 1 and reallocArg = 0
126+
or
127+
// GlobalReAlloc(ptr, size, flags)
128+
name = "GlobalReAlloc" and sizeArg = 1 and reallocArg = 0
129+
or
130+
// HeapReAlloc(heap, flags, ptr, size)
131+
name = "HeapReAlloc" and sizeArg = 3 and reallocArg = 2
132+
or
133+
// CoTaskMemRealloc(ptr, size)
134+
name = "CoTaskMemRealloc" and sizeArg = 1 and reallocArg = 0
135+
)
109136
)
110-
or
111-
hasGlobalName(name) and
112-
(
113-
// LocalReAlloc(ptr, size, flags)
114-
(name = "LocalReAlloc" and sizeArg = 1 and reallocArg = 0) or
115-
// GlobalReAlloc(ptr, size, flags)
116-
(name = "GlobalReAlloc" and sizeArg = 1 and reallocArg = 0) or
117-
// HeapReAlloc(heap, flags, ptr, size)
118-
(name = "HeapReAlloc" and sizeArg = 3 and reallocArg = 2) or
119-
// CoTaskMemRealloc(ptr, size)
120-
(name = "CoTaskMemRealloc" and sizeArg = 1 and reallocArg = 0)
121-
)
122-
)
123137
}
124138

125-
override int getSizeArg() {
126-
result = sizeArg
127-
}
139+
override int getSizeArg() { result = sizeArg }
128140

129-
override int getReallocPtrArg() {
130-
result = reallocArg
131-
}
141+
override int getReallocPtrArg() { result = reallocArg }
132142
}
133143

134144
/**
@@ -141,33 +151,44 @@ class StrdupAllocationFunction extends AllocationFunction {
141151
hasGlobalOrStdName(name) and
142152
(
143153
// strdup(str)
144-
name = "strdup" or
154+
name = "strdup"
155+
or
145156
// wcsdup(str)
146157
name = "wcsdup"
147158
)
148159
or
149160
hasGlobalName(name) and
150161
(
151162
// _strdup(str)
152-
name = "_strdup" or
163+
name = "_strdup"
164+
or
153165
// _wcsdup(str)
154-
name = "_wcsdup" or
166+
name = "_wcsdup"
167+
or
155168
// _mbsdup(str)
156-
name = "_mbsdup" or
169+
name = "_mbsdup"
170+
or
157171
// ExAllocateFromLookasideListEx(list)
158-
name = "ExAllocateFromLookasideListEx" or
172+
name = "ExAllocateFromLookasideListEx"
173+
or
159174
// ExAllocateFromPagedLookasideList(list)
160-
name = "ExAllocateFromPagedLookasideList" or
175+
name = "ExAllocateFromPagedLookasideList"
176+
or
161177
// ExAllocateFromNPagedLookasideList(list)
162-
name = "ExAllocateFromNPagedLookasideList" or
178+
name = "ExAllocateFromNPagedLookasideList"
179+
or
163180
// ExAllocateTimer(callback, context, attributes)
164-
name = "ExAllocateTimer" or
181+
name = "ExAllocateTimer"
182+
or
165183
// IoAllocateWorkItem(object)
166-
name = "IoAllocateWorkItem" or
184+
name = "IoAllocateWorkItem"
185+
or
167186
// MmMapLockedPagesWithReservedMapping(address, tag, list, type)
168-
name = "MmMapLockedPagesWithReservedMapping" or
187+
name = "MmMapLockedPagesWithReservedMapping"
188+
or
169189
// MmMapLockedPages(list, mode)
170-
name = "MmMapLockedPages" or
190+
name = "MmMapLockedPages"
191+
or
171192
// MmMapLockedPagesSpecifyCache(list, mode, type, address, flag, flag)
172193
name = "MmMapLockedPagesSpecifyCache"
173194
)
@@ -183,70 +204,54 @@ class CallAllocationExpr extends AllocationExpr, FunctionCall {
183204

184205
CallAllocationExpr() {
185206
target = getTarget() and
186-
// realloc(ptr, 0) only frees the pointer
187-
not (
188-
exists(target.getReallocPtrArg()) and
189-
getArgument(target.getSizeArg()).getValue().toInt() = 0
190-
)
207+
// realloc(ptr, 0) only frees the pointer
208+
not (
209+
exists(target.getReallocPtrArg()) and
210+
getArgument(target.getSizeArg()).getValue().toInt() = 0
211+
)
191212
}
192213

193-
override Expr getSizeExpr() {
194-
result = getArgument(target.getSizeArg())
195-
}
214+
override Expr getSizeExpr() { result = getArgument(target.getSizeArg()) }
196215

197216
override int getSizeMult() {
198-
// malloc with multiplier argument that is a constant
217+
// malloc with multiplier argument that is a constant
199218
result = getArgument(target.getSizeMult()).getValue().toInt()
200219
or
201220
// malloc with no multiplier argument
202-
(
203-
not exists(target.getSizeMult()) and
204-
result = 1
205-
)
221+
not exists(target.getSizeMult()) and
222+
result = 1
206223
}
207224

208-
override int getSizeBytes() {
209-
result = getSizeExpr().getValue().toInt() * getSizeMult()
210-
}
225+
override int getSizeBytes() { result = getSizeExpr().getValue().toInt() * getSizeMult() }
211226

212-
override Expr getReallocPtr() {
213-
result = getArgument(target.getReallocPtrArg())
214-
}
227+
override Expr getReallocPtr() { result = getArgument(target.getReallocPtrArg()) }
215228
}
216229

217230
/**
218231
* An allocation expression that is a `new` expression.
219232
*/
220233
class NewAllocationExpr extends AllocationExpr, NewExpr {
221-
NewAllocationExpr() {
222-
this instanceof NewExpr
223-
}
234+
NewAllocationExpr() { this instanceof NewExpr }
224235

225-
override int getSizeBytes() {
226-
result = getAllocatedType().getSize()
227-
}
236+
override int getSizeBytes() { result = getAllocatedType().getSize() }
228237
}
229238

230239
/**
231240
* An allocation expression that is a `new []` expression.
232241
*/
233242
class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr {
234-
NewArrayAllocationExpr() {
235-
this instanceof NewArrayExpr
236-
}
243+
NewArrayAllocationExpr() { this instanceof NewArrayExpr }
237244

238245
override Expr getSizeExpr() {
239-
// new array expr with variable size
240-
result = getExtent()
246+
// new array expr with variable size
247+
result = getExtent()
241248
}
242249

243250
override int getSizeMult() {
244-
// new array expr with variable size
245-
exists(getExtent()) and
246-
result = getAllocatedElementType().getSize()
251+
// new array expr with variable size
252+
exists(getExtent()) and
253+
result = getAllocatedElementType().getSize()
247254
}
248255

249-
override int getSizeBytes() {
250-
result = getAllocatedType().getSize()
251-
}
256+
override int getSizeBytes() { result = getAllocatedType().getSize() }
252257
}

0 commit comments

Comments
 (0)