Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C++: Improve and promote cpp/overflow-buffer #18837

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

C++: Improve and promote cpp/overflow-buffer #18837

wants to merge 7 commits into from

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Feb 21, 2025

Improve and promote "Call to memory access function may overflow buffer" (cpp/overflow-buffer).

  • fix an issue where references to array expressions inside offsetof expressions were being misinterpreted as accesses.
  • promote the query onto security-extended (by increasing the severity to warning and setting the precision to medium).
  • added some test cases along the way, inspired by real world results / FPs found using MRVA.
    • I actually found three classes of false positives in the real world results, but only decided to fix one of them. For the other two, I believe it will be more challenging to determine which are TP vs FP cases. If we want to promote the query to high precision (code scanning suite) at some point, we will probably need to do something with these.

@geoffw0 geoffw0 added the C++ label Feb 21, 2025
@Copilot Copilot bot review requested due to automatic review settings February 21, 2025 19:10
@geoffw0 geoffw0 requested a review from a team as a code owner February 21, 2025 19:10
Copilot
Copilot AI reviewed Feb 21, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR improves and promotes the "Call to memory access function may overflow buffer" query by fixing its handling of array expressions within offsetof and adjusting its severity and precision for the security-extended suite.

  • Updated change note in cpp/ql/src documenting the security-extended promotion of cpp/overflow-buffer.
  • Added a change note in cpp/ql/lib for fixing the getBufferSize predicate issue.

Reviewed Changes

File Description
cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md Added change note to promote cpp/overflow-buffer to security-extended.
cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md Documented the fix for getBufferSize misinterpreting array expressions.

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@geoffw0