Generalization of FlowAfterFree #15343
Conversation
…eFree and UseAfterFree queries now enforce dominance.
|
@MathiasVP , I have some concerns in how I'm doing dominance checks, in that they are not optimized with any special annotations. I wonder if at scale this means dominance would be computed universally before joined with source/sinks. |
Yes, I don't the approach you have here is how we should do it. With this approach we're:
If you don't mind, I'll push a commit with some of the changes I think is necessary? |
|
I've opened microsoft#39 for you to take a look at. |
* C++: Change the interface of 'FlowAfterFree' so that the module it takes a single module as a parameter. * C++: Add another predicate to the module signature. * C++: Convert the use-after-free and double-free libraries to use new interface. * C++: Accept test changes.
I've accepted this. Let's role with it! |
* C++: Change the interface of 'FlowAfterFree' so that the module it takes a single module as a parameter. * C++: Add another predicate to the module signature. * C++: Convert the use-after-free and double-free libraries to use new interface. * C++: Accept test changes.
|
Note. I added missing deallocation functions as part of this PR just now, but for some reason it is showing the entire file changed rather than a few of the definitions for deallocation were added to. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…ery can be expanded easily.
…and consistent libraries.
|
I think I've fixed the CI errors here: microsoft#40. Basically, CI checks that everything "reachable" from a query file has QLDocs added to it. The solution to that CI check failing is always to either:
And in microsoft#40 I've done a bit of both. |
cpp/ql/lib/semmle/code/cpp/security/flowafterfree/UseAfterFree.qll
Outdated
Show resolved
Hide resolved
Updating FlowAfterFree to not enforce dominance of source/sink, now enforced by the instantiations of this module.