CPP: Add query for CWE-570 detect and handle memory allocation errors. #5010
Conversation
|
Information about the found and accepted fix in the project: |
Hi, this looks like an interesting query for spotting simple errors in the use of new. As always I appreciate that you have included tests and qhelp. I think the query logic could be cleaner in a few places, but the comments make it fairly clear what is going on.
I intend to try this query out on LGTM and see what kinds of results we get. Based on what you're trying to do, I hope the results will be quite good. :)
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...rc/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.qhelp
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Outdated
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
...l/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
Show resolved
Hide resolved
|
thanks for your comments. |
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
|
I would like to hear your opinion. |
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Outdated
Show resolved
Hide resolved
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Outdated
Show resolved
Hide resolved
.../src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.cpp
Show resolved
Hide resolved
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
|
The checks have raised a couple of issues:
i.e. the query file needs autoformatting.
I think the |
In this query I am trying to find situations of incorrect handling of memory allocation using the new operator.
This error is quite common in projects and can lead to a violation of the logic of the program or to an unhandled crash.
of course, we can consider any selection without processing to be incorrect, but in this request I am considering exactly the situation of confusion. when the developer confused what kind of processing to apply. this allows us to understand that he tried to handle the case when the memory will not be allocated, but did not handle it correctly.
this is my first test file in C ++, it turned out to be rather weak, in the future I will think about improving it.