Skip to content

Commit 200545d

Browse files
committed
CPP: Add detail to the model.
1 parent 77a3778 commit 200545d

File tree

3 files changed

+8
-2
lines changed

3 files changed

+8
-2
lines changed

cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideE
4444
getParameter(bufParam).getUnspecifiedType() instanceof PointerType
4545
}
4646

47+
override predicate hasArrayWithNullTerminator(int bufParam) {
48+
getParameter(bufParam).getUnspecifiedType() instanceof PointerType
49+
}
50+
4751
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
4852
exists(ParameterIndex i |
4953
input.isParameter(i) and

cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,6 @@
66
| test.cpp:24:35:24:40 | call to malloc | This allocation does not include space to null-terminate the string. |
77
| test.cpp:63:28:63:33 | call to malloc | This allocation does not include space to null-terminate the string. |
88
| test.cpp:71:28:71:33 | call to malloc | This allocation does not include space to null-terminate the string. |
9+
| test.cpp:79:28:79:33 | call to malloc | This allocation does not include space to null-terminate the string. |
10+
| test.cpp:89:35:89:40 | call to malloc | This allocation does not include space to null-terminate the string. |
911
| test.cpp:106:24:106:48 | new[] | This allocation does not include space to null-terminate the string. |

cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ void bad6(char *str, char *dest) {
7575
}
7676

7777
void bad7(char *str, char *str2) {
78-
// BAD -- zero-termination proved by strcmp [NOT DETECTED]
78+
// BAD -- zero-termination proved by strcmp
7979
char *buffer = (char *)malloc(strlen(str));
8080
decode(buffer, str);
8181
if (strcmp(buffer, str2) == 0) {
@@ -85,7 +85,7 @@ void bad7(char *str, char *str2) {
8585
}
8686

8787
void bad8(wchar_t *str) {
88-
// BAD -- zero-termination proved by wcslen [NOT DETECTED]
88+
// BAD -- zero-termination proved by wcslen
8989
wchar_t *wbuffer = (wchar_t *)malloc(wcslen(str));
9090
wdecode(wbuffer, str);
9191
if (wcslen(wbuffer) == 0) {

0 commit comments

Comments
 (0)