C++: Make the two queries more alike.

geoffw0 · geoffw0 · commit 7db2b2ce37eb · 2020-10-20T17:46:47.000+01:00
diff --git a/cpp/ql/src/Critical/SizeCheck.ql b/cpp/ql/src/Critical/SizeCheck.ql
@@ -15,12 +15,7 @@
 import cpp
 
 class Allocation extends FunctionCall {
-  Allocation() {
-    exists(string name |
-      this.getTarget().hasGlobalOrStdName(name) and
-      (name = "malloc" or name = "calloc" or name = "realloc")
-    )
-  }
+  Allocation() { this.getTarget().hasGlobalOrStdName(["malloc", "calloc", "realloc"]) }
 
   private string getName() { this.getTarget().hasGlobalOrStdName(result) }
 
diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -44,16 +44,21 @@ predicate baseType(Allocation alloc, Type base) {
   )
 }
 
+predicate decideOnSize(Type t, int size) {
+  // If the codebase has more than one type with the same name, it can have more than one size.
+  size = min(t.getSize())
+}
+
 from Allocation alloc, Type base, int basesize, int allocated
 where
   baseType(alloc, base) and
   allocated = alloc.getSize() and
+  decideOnSize(base, basesize) and
   // If the codebase has more than one type with the same name, check if any matches
   not exists(int size | base.getSize() = size |
     size = 0 or
     (allocated / size) * size = allocated
-  ) and
-  basesize = min(base.getSize())
+  ) 
 select alloc,
   "Allocated memory (" + allocated.toString() + " bytes) is not a multiple of the size of '" +
     base.getName() + "' (" + basesize.toString() + " bytes)."
