Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca6ba36

Browse files
committed
CPP: Unify and improve the MallocCall classes.
1 parent 1ba8364 commit ca6ba36

5 files changed

Lines changed: 16 additions & 5 deletions

File tree

cpp/ql/src/Critical/OverflowCalculated.ql

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,10 @@ import cpp
1313

1414
class MallocCall extends FunctionCall
1515
{
16-
MallocCall() { this.getTarget().hasQualifiedName("malloc") }
16+
MallocCall() {
17+
this.getTarget().hasQualifiedName("malloc") or
18+
this.getTarget().hasQualifiedName("std::malloc")
19+
}
1720

1821
Expr getAllocatedSize() {
1922
if this.getArgument(0) instanceof VariableAccess then

cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,12 @@
1515
*/
1616
import cpp
1717

18-
class MallocCall extends FunctionCall {
19-
MallocCall() { this.getTarget().hasGlobalName("malloc") }
18+
class MallocCall extends FunctionCall
19+
{
20+
MallocCall() {
21+
this.getTarget().hasQualifiedName("malloc") or
22+
this.getTarget().hasQualifiedName("std::malloc")
23+
}
2024

2125
Expr getAllocatedSize() {
2226
if this.getArgument(0) instanceof VariableAccess then
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
11
| tests1.cpp:26:21:26:26 | call to malloc | This allocation does not include space to null-terminate the string. |
22
| tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
33
| tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
4+
| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
5+
| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |

cpp/ql/test/query-tests/Critical/OverflowCalculated/OverflowCalculated.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,5 @@
22
| tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
33
| tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
44
| tests2.cpp:34:4:34:9 | call to strcat | This buffer only contains enough room for 'str1' (copied on line 33) |
5+
| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
6+
| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |

cpp/ql/test/query-tests/Critical/OverflowCalculated/tests3.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,12 @@ void tests3(int case_num)
2222
switch (case_num)
2323
{
2424
case 1:
25-
buffer = (char *)std::malloc(strlen(str3global)); // BAD [NOT DETECTED]
25+
buffer = (char *)std::malloc(strlen(str3global)); // BAD
2626
strcpy(buffer, str3global);
2727
break;
2828

2929
case 2:
30-
buffer = (char *)std::malloc(strlen(str3local)); // BAD [NOT DETECTED]
30+
buffer = (char *)std::malloc(strlen(str3local)); // BAD
3131
strcpy(buffer, str3local);
3232
break;
3333

0 commit comments

Comments
 (0)