-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Expand file tree
/
Copy pathInconsistentNullnessTesting.ql
More file actions
23 lines (22 loc) · 1.04 KB
/
InconsistentNullnessTesting.ql
File metadata and controls
23 lines (22 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
/**
* @name Inconsistent null check of pointer
* @description A dereferenced pointer is not checked for nullness in this location, but it is checked in other locations. Dereferencing a null pointer leads to undefined results.
* @kind problem
* @id cpp/inconsistent-nullness-testing
* @problem.severity warning
* @tags reliability
* security
* external/cwe/cwe-476
*/
import cpp
from LocalScopeVariable v, ControlFlowNode def,
VariableAccess checked, VariableAccess unchecked
where checked = v.getAnAccess() and dereferenced(checked)
and unchecked = v.getAnAccess() and dereferenced(unchecked)
and definitionUsePair(v, def, checked)
and definitionUsePair(v, def, unchecked)
and checkedValid(v, checked)
and not(checkedValid(v, unchecked))
and not(unchecked.getParent+() instanceof SizeofOperator)
and forall(ControlFlowNode other | definitionUsePair(v, other, checked) | definitionUsePair(v, other, unchecked))
select unchecked, "This dereference is not guarded by a non-null check, whereas other dereferences are guarded"