File tree Expand file tree Collapse file tree 1 file changed +2
-0
lines changed
cpp/ql/src/semmle/code/cpp/security Expand file tree Collapse file tree 1 file changed +2
-0
lines changed Original file line number Diff line number Diff line change @@ -63,6 +63,7 @@ predicate missingGuardAgainstOverflow(Operation e, VariableAccess use) {
6363 exists ( LocalScopeVariable v | use .getTarget ( ) = v |
6464 // overflow possible if large
6565 ( e instanceof AddExpr and not guardedLesser ( e , varUse ( v ) ) ) or
66+ ( e instanceof AssignAddExpr and not guardedLesser ( e , varUse ( v ) ) ) or
6667 ( e instanceof IncrementOperation and not guardedLesser ( e , varUse ( v ) ) and v .getType ( ) .getUnspecifiedType ( ) instanceof IntegralType ) or
6768 // overflow possible if large or small
6869 ( e instanceof MulExpr and
@@ -76,6 +77,7 @@ predicate missingGuardAgainstUnderflow(Operation e, VariableAccess use) {
7677 exists ( LocalScopeVariable v | use .getTarget ( ) = v |
7778 // underflow possible if use is left operand and small
7879 ( use = e .( SubExpr ) .getLeftOperand ( ) and not guardedGreater ( e , varUse ( v ) ) ) or
80+ ( use = e .( AssignSubExpr ) .getLValue ( ) and not guardedGreater ( e , varUse ( v ) ) ) or
7981 // underflow possible if small
8082 ( e instanceof DecrementOperation and not guardedGreater ( e , varUse ( v ) ) and v .getType ( ) .getUnspecifiedType ( ) instanceof IntegralType ) or
8183 // underflow possible if large or small
You can’t perform that action at this time.
0 commit comments