Merge pull request #473 from jketema/flowstate-fix

Use an IPA type for flow states
github · Dec 12, 2023 · d9f0911 · d9f0911
2 parents bce37ac + 8d026b0
commit d9f0911
Showing 1 changed file with 11 additions and 15 deletions.
diff --git a/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql b/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql
@@ -42,28 +42,24 @@ class ReallocationFunction extends AllocationFunction {
   ReallocationFunction() { exists(this.getReallocPtrArg()) }
 }
 
-/**
- * A data-flow state for a pointer which has not been reallocated.
- */
-class IndirectCastDefaultFlowState extends DataFlow::FlowState {
-  IndirectCastDefaultFlowState() { this = "IndirectCastDefaultFlowState" }
-}
-
-/**
- * A data-flow state for a pointer which has been reallocated but
- * has not yet been zeroed with a memset call.
- */
-class IndirectCastReallocatedFlowState extends DataFlow::FlowState {
-  IndirectCastReallocatedFlowState() { this = "IndirectCastReallocatedFlowState" }
-}
+newtype IndirectCastFlowState =
+  /**
+   * A data-flow state for a pointer which has not been reallocated.
+   */
+  IndirectCastDefaultFlowState() or
+  /**
+   * A data-flow state for a pointer which has been reallocated but
+   * has not yet been zeroed with a memset call.
+   */
+  IndirectCastReallocatedFlowState()
 
 /**
  * A data-flow configuration to track the flow from cast expressions to either
  * other cast expressions or to dereferences of pointers reallocated with a call
  * to `realloc` but not cleared via a function call to `memset`.
  */
 module IndirectCastConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowState;
+  class FlowState = IndirectCastFlowState;
 
   predicate isSource(DataFlow::Node source, FlowState state) {
     state instanceof IndirectCastDefaultFlowState and