Merge pull request #1158 from geoffw0/moremsalloc

jbj · web-flow · commit debc441d03f7 · 2019-03-27T13:51:39.000+01:00
CPP: Add more allocation functions to Alloc.qll
diff --git a/change-notes/1.21/analysis-cpp.md b/change-notes/1.21/analysis-cpp.md
@@ -12,6 +12,8 @@
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
 | Mismatching new/free or malloc/delete (`cpp/new-free-mismatch`) | Fewer false positive results | Fixed an issue where functions were being identified as allocation functions inappropriately.  Also affects `cpp/new-array-delete-mismatch` and `cpp/new-delete-array-mismatch`. |
+| Memory may not be freed (`cpp/memory-may-not-be-freed`) | More correct results | Support added for more Microsoft-specific allocation functions, including `LocalAlloc`, `GlobalAlloc`, `HeapAlloc` and `CoTaskMemAlloc`. |
+| Memory is never freed (`cpp/memory-never-freed`) | More correct results | Support added for more Microsoft-specific allocation functions, including `LocalAlloc`, `GlobalAlloc`, `HeapAlloc` and `CoTaskMemAlloc`. |
 | Resource not released in destructor (`cpp/resource-not-released-in-destructor`) | Fewer false positive results | Resource allocation and deallocation functions are now determined more accurately. |
 
 ## Changes to QL libraries
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Alloc.qll b/cpp/ql/src/semmle/code/cpp/commons/Alloc.qll
@@ -39,7 +39,16 @@ predicate allocationFunction(Function f)
       name = "MmAllocateNodePagesForMdlEx" or
       name = "MmMapLockedPagesWithReservedMapping" or
       name = "MmMapLockedPages" or
-      name = "MmMapLockedPagesSpecifyCache"
+      name = "MmMapLockedPagesSpecifyCache" or
+      name = "LocalAlloc" or
+      name = "LocalReAlloc" or
+      name = "GlobalAlloc" or
+      name = "GlobalReAlloc" or
+      name = "HeapAlloc" or
+      name = "HeapReAlloc" or
+      name = "VirtualAlloc" or
+      name = "CoTaskMemAlloc" or
+      name = "CoTaskMemRealloc"
     )
   )
 }
@@ -81,7 +90,17 @@ predicate freeFunction(Function f, int argNum)
       (name = "MmFreeMappingAddress" and argNum = 0) or
       (name = "MmFreePagesFromMdl" and argNum = 0) or
       (name = "MmUnmapReservedMapping" and argNum = 0) or
-      (name = "MmUnmapLockedPages" and argNum = 0)
+      (name = "MmUnmapLockedPages" and argNum = 0) or
+      (name = "LocalFree" and argNum = 0) or
+      (name = "GlobalFree" and argNum = 0) or
+      (name = "HeapFree" and argNum = 2) or
+      (name = "VirtualFree" and argNum = 0) or
+      (name = "CoTaskMemFree" and argNum = 0) or
+      (name = "SysFreeString" and argNum = 0) or
+      (name = "LocalReAlloc" and argNum = 0) or
+      (name = "GlobalReAlloc" and argNum = 0) or
+      (name = "HeapReAlloc" and argNum = 2) or
+      (name = "CoTaskMemRealloc" and argNum = 0)
     )
   )
 }
