@@ -42,28 +42,24 @@ class ReallocationFunction extends AllocationFunction {
4242ReallocationFunction ( ) { exists ( this .getReallocPtrArg ( ) ) }
4343}
4444
45- /**
46- * A data-flow state for a pointer which has not been reallocated.
47- */
48- class IndirectCastDefaultFlowState extends DataFlow:: FlowState {
49- IndirectCastDefaultFlowState ( ) { this = "IndirectCastDefaultFlowState" }
50- }
51-
52- /**
53- * A data-flow state for a pointer which has been reallocated but
54- * has not yet been zeroed with a memset call.
55- */
56- class IndirectCastReallocatedFlowState extends DataFlow:: FlowState {
57- IndirectCastReallocatedFlowState ( ) { this = "IndirectCastReallocatedFlowState" }
58- }
45+ newtype IndirectCastFlowState =
46+ /**
47+ * A data-flow state for a pointer which has not been reallocated.
48+ */
49+ IndirectCastDefaultFlowState ( ) or
50+ /**
51+ * A data-flow state for a pointer which has been reallocated but
52+ * has not yet been zeroed with a memset call.
53+ */
54+ IndirectCastReallocatedFlowState ( )
5955
6056/**
6157 * A data-flow configuration to track the flow from cast expressions to either
6258 * other cast expressions or to dereferences of pointers reallocated with a call
6359 * to `realloc` but not cleared via a function call to `memset`.
6460 */
6561module IndirectCastConfigimplements DataFlow:: StateConfigSig {
66- class FlowState = DataFlow :: FlowState ;
62+ class FlowState = IndirectCastFlowState ;
6763
6864predicate isSource ( DataFlow:: Node source , FlowState state ) {
6965state instanceof IndirectCastDefaultFlowState and