Skip to content

Commit 0ebd7d0

Browse files
rdmarsh2rdmarsh2
committed
C++: respond to PR comments
1 parent e4d0e74 commit 0ebd7d0

File tree

2 files changed

+13
-14
lines changed

2 files changed

+13
-14
lines changed

cpp/ql/lib/experimental/semmle/code/cpp/dataflow/ProductFlow.qll

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -52,10 +52,6 @@ module ProductFlow {
5252
override predicate isSink(DataFlow::Node sink) {
5353
exists(Configuration conf | conf.isSinkPair(_, sink))
5454
}
55-
56-
override int explorationLimit() {
57-
result = 10
58-
}
5955
}
6056

6157
predicate reachablePair1(
@@ -67,7 +63,7 @@ module ProductFlow {
6763
exists(DataFlow::PathNode mid1 |
6864
reachablePair1(conf, source1, source2, mid1, node2) and
6965
mid1.getASuccessor() = node1 and
70-
mid1.getNode().getFunction() = node1.getNode().getFunction()
66+
mid1.getNode().getEnclosingCallable() = node1.getNode().getEnclosingCallable()
7167
)
7268
}
7369

@@ -80,7 +76,7 @@ module ProductFlow {
8076
exists(DataFlow2::PathNode mid2 |
8177
reachablePair2(conf, source1, source2, node1, mid2) and
8278
mid2.getASuccessor() = node2 and
83-
mid2.getNode().getFunction() = node2.getNode().getFunction()
79+
mid2.getNode().getEnclosingCallable() = node2.getNode().getEnclosingCallable()
8480
)
8581
}
8682

@@ -92,10 +88,10 @@ module ProductFlow {
9288
reachablePair2(conf, source1, source2, mid1, mid2) and
9389
mid1.getASuccessor() = node1 and
9490
mid2.getASuccessor() = node2 and
95-
mid1.getNode().getFunction() = funcMid and // TODO: recursive function weirdness?
96-
mid2.getNode().getFunction() = funcMid and
97-
node1.getNode().getFunction() = func and
98-
node2.getNode().getFunction() = func and
91+
mid1.getNode().getEnclosingCallable() = funcMid and // TODO: recursive function weirdness?
92+
mid2.getNode().getEnclosingCallable() = funcMid and
93+
node1.getNode().getEnclosingCallable() = func and
94+
node2.getNode().getEnclosingCallable() = func and
9995
funcMid != func
10096
)
10197
}

cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@ class StringSizeConfiguration extends ProductFlow::Configuration {
1010

1111
override predicate isSourcePair(DataFlow::Node bufSource, DataFlow::Node sizeSource) {
1212
exists(
13-
GVN sizeGVN // TODO: use-use flow instead of GVN
13+
GVN sizeGvn // TODO: use-use flow instead of GVN
1414
|
15-
bufSource.asConvertedExpr().(AllocationExpr).getSizeExpr() = sizeGVN.getAnExpr() and
16-
sizeSource.asConvertedExpr() = sizeGVN.getAnExpr()
15+
bufSource.asConvertedExpr().(AllocationExpr).getSizeExpr() = sizeGvn.getAnExpr() and
16+
sizeSource.asConvertedExpr() = sizeGvn.getAnExpr()
1717
)
1818
}
1919

@@ -26,6 +26,9 @@ class StringSizeConfiguration extends ProductFlow::Configuration {
2626
}
2727
}
2828

29-
from StringSizeConfiguration conf, DataFlow::PathNode source1, DataFlow2::PathNode source2, DataFlow::PathNode sink1, DataFlow2::PathNode sink2
29+
// we don't actually check correctness yet. Right now the query just finds relevant source/sink pairs.
30+
from
31+
StringSizeConfiguration conf, DataFlow::PathNode source1, DataFlow2::PathNode source2,
32+
DataFlow::PathNode sink1, DataFlow2::PathNode sink2
3033
where conf.hasFlowPath(source1, source2, sink1, sink2)
3134
select source1, source2, sink1, sink2

0 commit comments

Comments
 (0)