CPP: Generalize a little.

geoffw0 · geoffw0 · commit 73c7bc1db995 · 2019-07-04T17:27:40.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@@ -15,6 +15,7 @@
  */
 import cpp
 import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.models.implementations.Memcpy
 
 class MallocCall extends FunctionCall
 {
@@ -35,11 +36,12 @@ class MallocCall extends FunctionCall
 
 predicate terminationProblem(MallocCall malloc, string msg) {
   malloc.getAllocatedSize() instanceof StrlenCall and
-  not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc |
+  not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc, MemcpyFunction memcpy, int ix |
     DataFlow::localFlow(def, use) and
     def.asExpr() = malloc and
-    use.asExpr() = fc.getArgument(0) and
-    fc.getTarget().hasName("memcpy")
+    fc.getTarget() = memcpy and
+    memcpy.hasArrayOutput(ix) and
+    use.asExpr() = fc.getArgument(ix)
   ) and
   msg = "This allocation does not include space to null-terminate the string."
 }
