Skip to content

Commit 939a836

Browse files
committed
CPP: Add some comments.
1 parent f85889d commit 939a836

1 file changed

Lines changed: 11 additions & 0 deletions

File tree

cpp/ql/src/Critical/OverflowDestination.ql

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,13 @@
1313
import cpp
1414
import semmle.code.cpp.pointsto.PointsTo
1515

16+
/**
17+
* Holds if `fc` is a call to a copy operation where the size argument contains
18+
* a reference to the source argument. For example:
19+
* ```
20+
* memcpy(dest, src, sizeof(src));
21+
* ```
22+
*/
1623
predicate sourceSized(FunctionCall fc)
1724
{
1825
exists(string name |
@@ -22,9 +29,13 @@ predicate sourceSized(FunctionCall fc)
2229
exists(Expr dest, Expr src, Expr size, Variable v |
2330
fc.getArgument(0) = dest and fc.getArgument(1) = src and fc.getArgument(2) = size and
2431
src = v.getAnAccess() and size.getAChild+() = v.getAnAccess() and
32+
33+
// exception: `dest` is also referenced in the size argument
2534
not exists(Variable other |
2635
dest = other.getAnAccess() and size.getAChild+() = other.getAnAccess())
2736
and
37+
38+
// exception: `src` and `dest` are both arrays of the same type and size
2839
not exists(ArrayType srctype, ArrayType desttype |
2940
dest.getType().getUnderlyingType() = desttype and
3041
src.getType().getUnderlyingType() = srctype and

0 commit comments

Comments
 (0)