Skip to content

Commit 2f63ab0

Browse files
author
Dave Bartolomeo
authored
Merge pull request #2150 from rdmarsh2/rdmarsh/cpp/ir-buffer-read-call-se
C++: buffer read side effects on unmodeled funcs
2 parents d03aeca + 9477bd5 commit 2f63ab0

File tree

6 files changed

+106
-104
lines changed

6 files changed

+106
-104
lines changed

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -447,20 +447,26 @@ class TranslatedSideEffect extends TranslatedElement, TTranslatedArgumentSideEff
447447
}
448448

449449
override CppType getInstructionOperandType(InstructionTag tag, TypedOperandTag operandTag) {
450-
exists(Type operandType |
450+
if hasSpecificReadSideEffect(any(Opcode::BufferReadSideEffect op))
451+
then
452+
result = getUnknownType() and
451453
tag instanceof OnlyInstructionTag and
452-
operandType = arg.getType().getUnspecifiedType().(DerivedType).getBaseType() and
453454
operandTag instanceof SideEffectOperandTag
454-
or
455-
tag instanceof OnlyInstructionTag and
456-
operandType = arg.getType().getUnspecifiedType() and
457-
not operandType instanceof DerivedType and
458-
operandTag instanceof SideEffectOperandTag
459-
|
460-
// If the type we select is an incomplete type (e.g. a forward-declared `struct`), there will
461-
// not be a `CppType` that represents that type. In that case, fall back to `UnknownCppType`.
462-
result = getTypeForPRValueOrUnknown(operandType)
463-
)
455+
else
456+
exists(Type operandType |
457+
tag instanceof OnlyInstructionTag and
458+
operandType = arg.getType().getUnspecifiedType().(DerivedType).getBaseType() and
459+
operandTag instanceof SideEffectOperandTag
460+
or
461+
tag instanceof OnlyInstructionTag and
462+
operandType = arg.getType().getUnspecifiedType() and
463+
not operandType instanceof DerivedType and
464+
operandTag instanceof SideEffectOperandTag
465+
|
466+
// If the type we select is an incomplete type (e.g. a forward-declared `struct`), there will
467+
// not be a `CppType` that represents that type. In that case, fall back to `UnknownCppType`.
468+
result = getTypeForPRValueOrUnknown(operandType)
469+
)
464470
}
465471

466472
predicate hasSpecificWriteSideEffect(Opcode op) {
@@ -510,7 +516,7 @@ class TranslatedSideEffect extends TranslatedElement, TTranslatedArgumentSideEff
510516
)
511517
or
512518
not call.getTarget() instanceof SideEffectFunction and
513-
op instanceof Opcode::IndirectReadSideEffect
519+
op instanceof Opcode::BufferReadSideEffect
514520
}
515521

516522
override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {

0 commit comments

Comments
 (0)