Skip to content

C++: Add a taint model for realloc #14637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 31, 2023
Merged

C++: Add a taint model for realloc #14637

merged 6 commits into from
Oct 31, 2023

Conversation

MathiasVP
Copy link
Contributor

This should fix some missing results that @jketema was observing on MRVA 🤞

@MathiasVP MathiasVP requested a review from a team as a code owner October 30, 2023 17:08
@github-actions github-actions bot added the C++ label Oct 30, 2023
geoffw0
geoffw0 previously approved these changes Oct 30, 2023
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@geoffw0
Copy link
Contributor

geoffw0 commented Oct 30, 2023

(we should probably wait for the MRVA run to finish before merging)

@MathiasVP
Copy link
Contributor Author

(we should probably wait for the MRVA run to finish before merging)

Indeed, I'll check up on DCA tomorrow morning before I merge this. I have a feeling this will create some new results on taint-tracking queries.

@geoffw0
Copy link
Contributor

geoffw0 commented Oct 30, 2023

Ping me if you'd like an opinion / second opinion on any affected results.

@MathiasVP
Copy link
Contributor Author

The new flow exposed some FPs on the cpp/potential-system-data-exposure query on SAMATE caused by the lack of any barriers in the query. I've added the minimum set of barriers that makes SAMATE happy in 4a1bf95.

geoffw0
geoffw0 approved these changes Oct 31, 2023
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM. 👍

cpp/ql/lib/semmle/code/cpp/models/implementations/Memset.qll
this.hasGlobalOrStdOrBslName("memset")
or
this.hasGlobalOrStdName("wmemset")
or
this.hasGlobalName([bzero(), "__builtin_memset", "__builtin_memset_chk"])
this.hasGlobalName([
bzero(), "__builtin_memset", "__builtin_memset_chk", "RtlZeroMemory", "RtlSecureZeroMemory"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Notably on some build configurations RtlSecureZeroMemory is a macro, but it's a macro for memset and that is modelled already.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. Not in Samate, though 😂!

@MathiasVP
Copy link
Contributor Author

The two lost results changes on vim is due to the default value for fieldFlowBranchLimit. Bumping the limit to 3 gives us back the two results. I'm not worried about this since this is losing 2 out of ~1500 results on that query on vim. So I think this is good to go 🎉

MathiasVP added a commit to MathiasVP/codeql-coding-standards that referenced this pull request Oct 31, 2023
@MathiasVP
C++: Accept test changes after github/codeql/pull/14637.
7fb2329
@MathiasVP MathiasVP mentioned this pull request Oct 31, 2023
Merged
30 tasks
MathiasVP added a commit to MathiasVP/codeql-coding-standards that referenced this pull request Oct 31, 2023
@MathiasVP
C++: Accept test changes after github/codeql/pull/14637.
dad044e
@MathiasVP MathiasVP merged commit b79a5fe into github:main Oct 31, 2023
jketema added a commit to github/codeql-coding-standards that referenced this pull request Oct 31, 2023
@jketema
Merge pull request #419 from MathiasVP/accept-test-regression-after-r…
470f3fa 
…ealloc-taintflow

C++: Accept test changes after github/codeql/pull/14637
@MathiasVP MathiasVP mentioned this pull request Oct 31, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees
No one assigned
Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MathiasVP @geoffw0