We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 65e471f commit 868da83Copy full SHA for 868da83
1 file changed
ql_demos/cpp/XNU_NFS_Boot_CVE-2018-4136_CVE-2018-4160/BCopyNegativeSize.ql
@@ -17,16 +17,16 @@ class MyCfg extends TaintTracking::Configuration {
17
this = "MyCfg"
18
}
19
20
+ override predicate isSource(DataFlow::Node source) {
21
+ source.asExpr().(FunctionCall).getTarget().getName() = "mbuf_data"
22
+ }
23
+
24
override predicate isSink(DataFlow::Node sink) {
25
exists (FunctionCall call
26
| sink.asExpr() = call.getArgument(2) and
27
call.getTarget().getName() = "__builtin___memmove_chk" and
28
lowerBound(sink.asExpr()) < 0)
29
-
- override predicate isSource(DataFlow::Node source) {
- source.asExpr().(FunctionCall).getTarget().getName() = "mbuf_data"
- }
30
31
32
from DataFlow::PathNode sink, DataFlow::PathNode source, MyCfg cfg
0 commit comments