Skip to content

Commit fe2a3c4

Browse files
jeongsoolee09jeongsoolee09
committed
First working draft
1 parent e2c5870 commit fe2a3c4

File tree

2 files changed

+11
-11
lines changed

2 files changed

+11
-11
lines changed

cpp/misra/src/rules/RULE-8-7-1/PointerArithmeticFormsAnInvalidPointer.ql

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,11 @@ class ArrayAllocation extends TArrayAllocation {
105105
result = this.asStackAllocation().getLocation() or
106106
result = this.asDynamicAllocation().getLocation()
107107
}
108+
109+
DataFlow::Node getNode() {
110+
result.asExpr() = this.asStackAllocation().getInitExpr() or
111+
result.asConvertedExpr() = this.asDynamicAllocation()
112+
}
108113
}
109114

110115
class PointerFormation extends TPointerFormation {
@@ -147,21 +152,16 @@ class PointerFormation extends TPointerFormation {
147152

148153
module TrackArrayConfig implements DataFlow::ConfigSig {
149154
predicate isSource(DataFlow::Node node) {
150-
/* 1. Declaring / Initializing an array-type variable */
151-
exists(ArrayAllocation arrayAllocation |
152-
node.asExpr() = arrayAllocation.asStackAllocation().getInitExpr()
153-
)
154-
or
155-
/* 2. Allocating dynamic memory as an array */
156-
none() // TODO
155+
exists(ArrayAllocation arrayAllocation | node = arrayAllocation.getNode())
157156
}
158157

159158
predicate isSink(DataFlow::Node node) {
160159
exists(PointerFormation pointerFormation | node = pointerFormation.getNode())
161160
}
162161
}
163162

164-
module TrackArray = DataFlow::Global<TrackArrayConfig>;
163+
import semmle.code.cpp.dataflow.new.TaintTracking
164+
module TrackArray = TaintTracking::Global<TrackArrayConfig>;
165165

166166
private predicate arrayDeclarationAndAccess(
167167
DataFlow::Node arrayDeclarationNode, DataFlow::Node pointerFormationNode

cpp/misra/test/rules/RULE-8-7-1/test.cpp

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -72,11 +72,11 @@ int main(int argc, char *argv[]) {
7272
num_of_elements_realloc = 6;
7373
}
7474

75-
int *array_malloc = (int *)std::malloc(num_of_elements_malloc * sizeof(int));
76-
int *array_calloc = (int *)std::calloc(num_of_elements_calloc, sizeof(int));
75+
int *array_malloc = (int *)malloc(num_of_elements_malloc * sizeof(int));
76+
int *array_calloc = (int *)calloc(num_of_elements_calloc, sizeof(int));
7777

7878
int *array_realloc =
79-
(int *)std::realloc(array_malloc, num_of_elements_realloc * sizeof(int));
79+
(int *)realloc(array_malloc, num_of_elements_realloc * sizeof(int));
8080

8181
f1(array_malloc);
8282
f2(array_malloc);

0 commit comments

Comments
 (0)