CodeQL library for C/C++

Module Buffer

Import path

import semmle.code.cpp.commons.Buffer



Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.


Provides classes and predicates for working with C/C++ code.



Get the size in bytes of the buffer pointed to by an expression (if this can be determined).


Holds if v is a member variable of c that looks like it might be variable sized in practice. For example: struct myStruct { // c int amount; char data[1]; // v }; This requires that v is an array of size 0 or 1, and v is the last member of c. In addition, if the size of the structure is taken, there must be at least one instance where a c pointer is allocated with additional space. For example, holds for c if it occurs as malloc(sizeof(c) + 100 * sizeof(char)) but not if it only ever occurs as malloc(sizeof(c))