New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C++: Promote cpp/invalid-pointer-deref out of experimental
#14006
base: main
Are you sure you want to change the base?
C++: Promote cpp/invalid-pointer-deref out of experimental
#14006
Conversation
|
QHelp previews: cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.qhelpInvalid pointer dereferenceThe program performs an out-of-bounds read or write operation, which can cause program instability. In addition, attackers may take advantage of the situation, and implement techniques to use this vulnerability to execute arbitrary code. RecommendationEnsure that pointer dereferences are properly guarded to ensure that they cannot be used to read or write past the end of the allocation. ExampleThe first example allocates a buffer of size void *malloc(unsigned);
unsigned get_size();
void write_data(const unsigned char*, const unsigned char*);
int main(int argc, char* argv[]) {
unsigned size = get_size();
{
unsigned char *begin = (unsigned char*)malloc(size);
if(!begin) return -1;
unsigned char* end = begin + size;
write_data(begin, end);
*end = '\0'; // BAD: Out-of-bounds write
}
{
unsigned char *begin = (unsigned char*)malloc(size);
if(!begin) return -1;
unsigned char* end = begin + size;
write_data(begin, end);
*(end - 1) = '\0'; // GOOD: writing to the last byte
}
}References
|
c026232
to
2154be0
Compare
e24fbbc
to
e776178
Compare
|
I'll review this for Docs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM ✨
Made a few comments and suggestions. Feel free to ignore the ones you don't agree with 😅
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This PR moves the
cpp/invalid-pointer-derefquery out of experimental and into thesecurity-extendedsuite.Documentation friends: I've added a bunch of unnecessary whitespace in e776178 that will ensure the relevant files show up in the diff. Once you're done reviewing the files I'll remove the whitespace again.