Module AllocationSizeOverflow

Provides extension points for customizing the taint-tracking configuration for reasoning about allocation-size overflow.

Import path

import semmle.go.security.AllocationSizeOverflowCustomizations

Predicates

additionalStep

Holds if the value of pred can flow into succ in one step, either through a call to len or through an arithmetic operation (other than remainder).

Classes

AllocationSize	A data-flow node that represents the size argument of an allocation, such as the `n` in `make([]byte, n)`.
AllocationSizeCheckBarrier	A check of the allocation size, acting as a guard to prevent allocation-size overflow.
DefaultSink	An arithmetic operation that might overflow, and whose result is used to compute an allocation size.
FileReadSource	A call to a function that reads from the file system or a stream, considered as a source of taint.
LengthCheckSanitizer	A length check, acting as a guard to prevent allocation-size overflow.
MarshalingSource	A call to a marshaling function, considered as a source of taint.
OverflowProneOperand	A data-flow node that is an operand to an operation that may overflow.
Sanitizer	A sanitizer node that prevents allocation-size overflow.
Sink	A data-flow node where an overflow might occur, and whose result is used to compute an allocation size.
Source	A source of data that might cause an allocation-size overflow.
WidenTo64BitSanitizer	A conversion to a 64-bit type, acting as a sanitizer to mitigate the risk of allocation-size overflow.