Commit57b2067

committed

Improve 18-1, void* casts and FPs where lowerBound appears incorrect

1 parenta5eb426 commit57b2067Copy full SHA for 57b2067

File tree

3 files changed

+17

-4

lines changed

change_notes
- 2025-1-04-misra-c-technical-corrigenda-2.md
cpp/common
- src/codingstandards/cpp/rules/donotusepointerarithmetictoaddressdifferentarrays
  - DoNotUsePointerArithmeticToAddressDifferentArrays.qll
- test/rules/donotusepointerarithmetictoaddressdifferentarrays
  - test.cpp

3 files changed

+17

-4

lines changed

`‎change_notes/2025-1-04-misra-c-technical-corrigenda-2.md‎`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4,8 +4,9 @@`
`4`	`4`	- Disallow`+` and`-` operations with an essentially char type and other types larger than int type.
`5`	`5`	`- Note, this change affects the essential type of such expressions, which may affect other essential types rules.`
`6`	`6`	-`RULE-18-1`,`M5-0-16` -`PointerAndDerivedPointerMustAddressSameArray.ql`,`PointerAndDerivedPointerAccessDifferentArray.ql`:
`7`		`-- Treat casts to byte pointers as pointers to arrays of the size of the pointed-to type`
	`7`	`+- Treat casts to byte pointers as pointers to arrays of the size of the pointed-to type.`
`8`	`8`	`- Fix typo in report message, "passed" replaced with "past."`
	`9`	`+- Suppress results where range analysis appears potentially unreliable.`
`9`	`10`	-`RULE-21-10`,`RULE-25-5-3`,`ENV34-C` -`CallToSetlocaleInvalidatesOldPointers.ql`,`CallToSetlocaleInvalidatesOldPointersMisra.ql`,`DoNotStorePointersReturnedByEnvFunctions.ql`:
`10`	`11`	- Report usage of returned pointers from`asctime`,`ctime`, during a call to either of the former.
`11`	`12`	- Report usage of returned pointers from`gmtime`,`localtime`, during a call to either of the former.

`‎cpp/common/src/codingstandards/cpp/rules/donotusepointerarithmetictoaddressdifferentarrays/DoNotUsePointerArithmeticToAddressDifferentArrays.qll‎`

Lines changed: 9 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ import codingstandards.cpp.Customizations`
`9`	`9`	`import codingstandards.cpp.Exclusions`
`10`	`10`	`import semmle.code.cpp.dataflow.new.DataFlow`
`11`	`11`	`import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis`
	`12`	`+import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils`
`12`	`13`	`import codeql.util.Boolean`
`13`	`14`
`14`	`15`	`abstractclassDoNotUsePointerArithmeticToAddressDifferentArraysSharedQueryextendsQuery{}`
`@@ -68,11 +69,13 @@ int elementSize(Type type, Boolean deref) {`
`68`	`69`	* length depends on `elementSize()` of the original pointed-to type.
`69`	`70`	`*/`
`70`	`71`	`classCastedToBytePointerextendsArrayLikeAccess,Conversion{`
	`72`	`+/** The sizeof() the pointed-to type */`
`71`	`73`	`intsize;`
`72`	`74`
`73`	`75`	`CastedToBytePointer(){`
`74`	`76`	`getType().(PointerType).getBaseType().getSize()=1and`
`75`		`-size=elementSize(getExpr().getType(),true)`
	`77`	`+size=elementSize(getExpr().getType(),true)and`
	`78`	`+size>1`
`76`	`79`	`}`
`77`	`80`
`78`	`81`	`overrideElementgetElement(){result=this}`
`@@ -138,7 +141,7 @@ module ArrayToArrayExprFlow = DataFlow::Global<ArrayToArrayExprConfig>;`
`138`	`141`
`139`	`142`	/** Holds if the address taken expression `addressOf` takes the address of an array element at `index` of `array`. */
`140`	`143`	`predicatepointerOperandCreation(AddressOfExpraddressOf,ArrayLikeAccessarray,intindex){`
`141`		`-exists(ArrayExprae\|`
	`144`	`+exists(ArrayExprae,ExprarrayOffset\|`
`142`	`145`	`(`
`143`	`146`	`ArrayToArrayExprFlow::flow(array.getNode(), DataFlow::exprNode(ae.getArrayBase()))and`
`144`	`147`	`arrayinstanceofArrayVariableAccess`
`@@ -149,7 +152,10 @@ predicate pointerOperandCreation(AddressOfExpr addressOf, ArrayLikeAccess array,`
`149`	`152`	// flow() may hold for `ArrayVariableAccess` in the above, even though they aren't sources
`150`	`153`	`arrayinstanceofCastedToBytePointer`
`151`	`154`	`)and`
`152`		`-index=lowerBound(ae.getArrayOffset().getFullyConverted())and`
	`155`	`+arrayOffset=ae.getArrayOffset().getFullyConverted()and`
	`156`	`+index=lowerBound(arrayOffset)and`
	`157`	`+// This case typically indicates range analysis has gone wrong:`
	`158`	`+notindex=exprMaxVal(arrayOffset)and`
`153`	`159`	`addressOf.getOperand()=ae`
`154`	`160`	`)`
`155`	`161`	`}`

`‎cpp/common/test/rules/donotusepointerarithmetictoaddressdifferentarrays/test.cpp‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,4 +39,10 @@ void f1() {`
`39`	`39`	`long p21 = (long )&l1;`
`40`	`40`	`void *p22 = &p21[0];// COMPLIANT`
`41`	`41`	`void *p23 = &p21[100];// NON_COMPLIANT[FALSE_NEGATIVE]`
	`42`	`+`
	`43`	`+// Void pointers have size zero and can't be analyzed.`
	`44`	`+void *p24 =0;`
	`45`	`+unsignedchar* p25 = (unsignedchar*)p24;`
	`46`	`+void *p26 = &p25[100];// COMPLIANT`
	`47`	`+`
`42`	`48`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit57b2067

File tree

3 files changed

3 files changed

`‎change_notes/2025-1-04-misra-c-technical-corrigenda-2.md‎`

`‎cpp/common/src/codingstandards/cpp/rules/donotusepointerarithmetictoaddressdifferentarrays/DoNotUsePointerArithmeticToAddressDifferentArrays.qll‎`

`‎cpp/common/test/rules/donotusepointerarithmetictoaddressdifferentarrays/test.cpp‎`

0 commit comments