C++: Add AllocationFunction/AllocationExpr.requiresDealloc().

geoffw0 · geoffw0 · commit a8c31c659070 · 2019-12-17T11:07:08.000Z
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll
@@ -78,12 +78,6 @@ class MallocAllocationFunction extends AllocationFunction {
         // CoTaskMemAlloc(size)
         name = "CoTaskMemAlloc" and sizeArg = 0
         or
-        // alloca(size)
-        name = "alloca" and sizeArg = 0
-        or
-        // __builtin_alloca(size)
-        name = "__builtin_alloca" and sizeArg = 0
-        or
         // kmem_alloc(size, flags)
         name = "kmem_alloc" and sizeArg = 0
         or
@@ -96,6 +90,31 @@ class MallocAllocationFunction extends AllocationFunction {
   override int getSizeArg() { result = sizeArg }
 }
 
+/**
+ * An allocation function (such as `alloca`) that does not require a
+ * corresponding free (and has an argument for the size in bytes).
+ */
+class AllocaAllocationFunction extends AllocationFunction {
+  int sizeArg;
+
+  AllocaAllocationFunction() {
+    exists(string name |
+      hasGlobalName(name) and
+      (
+        // alloca(size)
+        name = "alloca" and sizeArg = 0
+        or
+        // __builtin_alloca(size)
+        name = "__builtin_alloca" and sizeArg = 0
+      )
+    )
+  }
+
+  override int getSizeArg() { result = sizeArg }
+
+  predicate requiresDealloc() { none() }
+}
+
 /**
  * An allocation function (such as `calloc`) that has an argument for the size
  * and another argument for the size of those units (in bytes).
@@ -243,6 +262,8 @@ class CallAllocationExpr extends AllocationExpr, FunctionCall {
   override int getSizeBytes() { result = getSizeExpr().getValue().toInt() * getSizeMult() }
 
   override Expr getReallocPtr() { result = getArgument(target.getReallocPtrArg()) }
+
+  override predicate requiresDealloc() { target.requiresDealloc() }
 }
 
 /**
diff --git a/cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll b/cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll
@@ -33,6 +33,12 @@ abstract class AllocationFunction extends Function {
    * is a `realloc` function.
    */
   int getReallocPtrArg() { none() }
+
+  /**
+   * Whether or not this allocation requires a corresponding deallocation of
+   * some sort (most do, but `alloca` for example does not).
+   */
+  predicate requiresDealloc() { any() }
 }
 
 /**
@@ -63,4 +69,10 @@ abstract class AllocationExpr extends Expr {
    * this is a `realloc` function.
    */
   Expr getReallocPtr() { none() }
+
+  /**
+   * Whether or not this allocation requires a corresponding deallocation of
+   * some sort (most do, but `alloca` for example does not).
+   */
+  predicate requiresDealloc() { any() }
 }
