Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DCL30-C: Replace implementation with cpp/return-stack-allocated-memory #495

Open
lcartey opened this issue Jan 19, 2024 · 0 comments
Open

DCL30-C: Replace implementation with cpp/return-stack-allocated-memory #495

lcartey opened this issue Jan 19, 2024 · 0 comments
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-High

Comments

@lcartey
Copy link
Collaborator

lcartey commented Jan 19, 2024

Affected rules

  • DCL30-C

Description

There have recently been improvements to the C++ standard query for returning stack allocated memory:
https://github.com/github/codeql/blob/4de19b3ec97d4379ef5988bda591d749e1cd0f99/cpp/ql/src/Likely%20Bugs/Memory%20Management/ReturnStackAllocatedMemory.ql#L7

We should adopt this new and improved query which improves both false positive and false negative rates.
@lcartey lcartey added false positive/false negative An issue related to observed false positives or false negatives. Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address Impact-High labels Jan 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-High
Projects
Coding Standards Public Development Board
Status: Triaged
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lcartey