C++: Add qhelp to new query.

Author: MathiasVP

cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.cpp

@@ -0,0 +1,9 @@
+int f(char * s, unsigned size) {
+	char* buf = (char*)malloc(size);
+
+	strncpy(buf, s, size + 1); // wrong: copy may exceed size of buf
+
+	for (int i = 0; i <= size; i++) { // wrong: upper limit that is higher than size of buf
+		cout << buf[i];
+	}
+}

cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.qhelp

@@ -0,0 +1,29 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>You must ensure that you do not exceed the size of an allocation during write and read operations.
+If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow.
+Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.
+</p>
+
+</overview>
+<recommendation>
+<p>
+Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur.
+</p>
+
+</recommendation>
+<example><sample src="OverrunWriteProductFlow.cpp" />
+
+
+
+</example>
+<references>
+
+<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
+<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method &amp; Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
+
+</references>
+</qhelp>