CPP: Unify and improve the MallocCall classes.

geoffw0 · geoffw0 · commit ca6ba36d875b · 2019-04-18T10:30:18.000+01:00
diff --git a/cpp/ql/src/Critical/OverflowCalculated.ql b/cpp/ql/src/Critical/OverflowCalculated.ql
@@ -13,7 +13,10 @@ import cpp
 
 class MallocCall extends FunctionCall
 {
-  MallocCall() { this.getTarget().hasQualifiedName("malloc") }
+  MallocCall() {
+  	this.getTarget().hasQualifiedName("malloc") or
+  	this.getTarget().hasQualifiedName("std::malloc")
+  }
 
   Expr getAllocatedSize() {
     if this.getArgument(0) instanceof VariableAccess then
diff --git a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@@ -15,8 +15,12 @@
  */
 import cpp
 
-class MallocCall extends FunctionCall {
-  MallocCall() { this.getTarget().hasGlobalName("malloc") }
+class MallocCall extends FunctionCall
+{
+  MallocCall() {
+  	this.getTarget().hasQualifiedName("malloc") or
+  	this.getTarget().hasQualifiedName("std::malloc")
+  }
 
   Expr getAllocatedSize() {
     if this.getArgument(0) instanceof VariableAccess then
diff --git a/cpp/ql/test/query-tests/Critical/OverflowCalculated/NoSpaceForZeroTerminator.expected b/cpp/ql/test/query-tests/Critical/OverflowCalculated/NoSpaceForZeroTerminator.expected
@@ -1,3 +1,5 @@
 | tests1.cpp:26:21:26:26 | call to malloc | This allocation does not include space to null-terminate the string. |
 | tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
 | tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
+| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
+| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |
diff --git a/cpp/ql/test/query-tests/Critical/OverflowCalculated/OverflowCalculated.expected b/cpp/ql/test/query-tests/Critical/OverflowCalculated/OverflowCalculated.expected
@@ -2,3 +2,5 @@
 | tests1.cpp:67:21:67:26 | call to malloc | This allocation does not include space to null-terminate the string. |
 | tests1.cpp:89:25:89:30 | call to malloc | This allocation does not include space to null-terminate the string. |
 | tests2.cpp:34:4:34:9 | call to strcat | This buffer only contains enough room for 'str1' (copied on line 33) |
+| tests3.cpp:25:21:25:31 | call to malloc | This allocation does not include space to null-terminate the string. |
+| tests3.cpp:30:21:30:31 | call to malloc | This allocation does not include space to null-terminate the string. |
diff --git a/cpp/ql/test/query-tests/Critical/OverflowCalculated/tests3.cpp b/cpp/ql/test/query-tests/Critical/OverflowCalculated/tests3.cpp
@@ -22,12 +22,12 @@ void tests3(int case_num)
 	switch (case_num)
 	{
 		case 1:
-			buffer = (char *)std::malloc(strlen(str3global)); // BAD [NOT DETECTED]
+			buffer = (char *)std::malloc(strlen(str3global)); // BAD
 			strcpy(buffer, str3global);
 			break;
 
 		case 2:
-			buffer = (char *)std::malloc(strlen(str3local)); // BAD [NOT DETECTED]
+			buffer = (char *)std::malloc(strlen(str3local)); // BAD
 			strcpy(buffer, str3local);
 			break;
 
