modify arguments check logic

Paul1nh0 · web-flow · commit 5a1dc61d9d36 · 2022-03-23T11:20:08.000+08:00
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
@@ -23,16 +23,18 @@ class CopyFromUserFunctionCall extends FunctionCall {
     not this.getArgument(1) instanceof AddressOfExpr
   }
 
-  predicate hasSameArguments(CopyFromUserFunctionCall another) {
-    globalValueNumber(this.getArgument(0)) = globalValueNumber(another.getArgument(0)) and
+  //root cause of double-fetech issue is read from
+  //the same user mode memory twice, so it makes
+  //sense that only check user mode pointer
+  predicate readFromSameUserModePointer(CopyFromUserFunctionCall another) {
     globalValueNumber(this.getArgument(1)) = globalValueNumber(another.getArgument(1))
   }
 }
 
 from CopyFromUserFunctionCall p1, CopyFromUserFunctionCall p2
 where
   not p1 = p2 and
-  p1.hasSameArguments(p2) and
+  p1.readFromSameUserModePointer(p2) and
   exists(IfStmt ifStmt |
     p1.getBasicBlock().getAFalseSuccessor*() = ifStmt.getBasicBlock() and
     ifStmt.getBasicBlock().getAFalseSuccessor*() = p2.getBasicBlock()
