CodeQL library for C/C++
codeql/cpp-all 0.12.12-dev (changelog, source)
Index
Search

Predicate operationIsOffBy

Holds if allocation is the result of an allocation that flows to the left-hand side of pai, and where the right-hand side of pai is an offset such that the result of pai points to an out-of-bounds pointer.

Furthermore, derefSource is at least as large as pai and flows to derefSink before being dereferenced by operation (which is either a StoreInstruction or LoadInstruction). The result is that operation dereferences a pointer that’s “off by delta” number of elements.

Import path

import semmle.code.cpp.security.InvalidPointerDereference.InvalidPointerToDereference
predicate operationIsOffBy(Node allocation, PointerArithmeticInstruction pai, Node derefSource, Node derefSink, string description, Node operation, int delta)