File tree Expand file tree Collapse file tree 1 file changed +15
-1
lines changed
cpp/ql/src/semmle/code/cpp/models/implementations Expand file tree Collapse file tree 1 file changed +15
-1
lines changed Original file line number Diff line number Diff line change 11import semmle.code.cpp.models.interfaces.Allocation
2+ import semmle.code.cpp.models.interfaces.ArrayFunction
3+ import semmle.code.cpp.models.interfaces.DataFlow
4+ import semmle.code.cpp.models.interfaces.Taint
25
36/**
47 * A `strdup` style allocation function.
58 */
6- class StrdupFunction extends AllocationFunction {
9+ class StrdupFunction extends AllocationFunction , ArrayFunction , DataFlowFunction {
710 StrdupFunction ( ) {
811 exists ( string name |
912 hasGlobalOrStdName ( name ) and
@@ -28,4 +31,15 @@ class StrdupFunction extends AllocationFunction {
2831 )
2932 )
3033 }
34+
35+ override predicate hasArrayInput ( int bufParam ) { bufParam = 0 }
36+
37+ override predicate hasArrayWithNullTerminator ( int bufParam ) { bufParam = 0 }
38+
39+ override predicate hasDataFlow ( FunctionInput input , FunctionOutput output ) {
40+ // These always copy the full value of the input buffer to the result
41+ // buffer
42+ input .isParameterDeref ( 0 ) and
43+ output .isReturnValueDeref ( )
44+ }
3145}
You can’t perform that action at this time.
0 commit comments