Skip to content

Commit 0601afa

Browse files
d10cd10c
committed
C++: ConstantSizeArrayOffByOne
1 parent e34b169 commit 0601afa

1 file changed

Lines changed: 7 additions & 5 deletions

File tree

cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -184,16 +184,18 @@ module ArrayAddressToDerefConfig implements DataFlow::StateConfigSig {
184184
)
185185
}
186186

187-
predicate observeDiffInformedIncrementalMode() {
188-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@199:8:199:10), Column 5 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:53:201:53), Column 7 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:69:201:73)
189-
}
187+
predicate observeDiffInformedIncrementalMode() { any() }
190188

191189
Location getASelectedSourceLocation(DataFlow::Node source) {
192-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@199:8:199:10), Column 5 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:53:201:53), Column 7 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:69:201:73)
190+
exists(Variable v | result = v.getLocation() | isSourceImpl(source, v))
193191
}
194192

195193
Location getASelectedSinkLocation(DataFlow::Node sink) {
196-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@199:8:199:10), Column 5 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:53:201:53), Column 7 does not select a source or sink originating from the flow call on line 194 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql@201:69:201:73)
194+
exists(PointerArithmeticInstruction pai, Instruction deref |
195+
result = [pai, deref].getLocation() and
196+
isInvalidPointerDerefSink2(sink, deref, _) and
197+
isSink(sink, ArrayAddressToDerefConfig::TOverflowArithmetic(pai))
198+
)
197199
}
198200
}
199201

0 commit comments

Comments
 (0)