[zlaski/memset-model] Add AliasFunction as base class of MemsetFunction; override predicates parameterNeverEscapes, parameterEscapesOnlyViaReturn and parameterIsAlwaysReturned.

zlaski-semmle · zlaski-semmle · commit ae169e9c33ea · 2019-09-30T10:44:12.000-07:00
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll
@@ -1,11 +1,12 @@
 import semmle.code.cpp.Function
 import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
+import semmle.code.cpp.models.interfaces.Alias
 
 /**
  * The standard function `memset` and its assorted variants
  */
-class MemsetFunction extends ArrayFunction, DataFlowFunction {
+class MemsetFunction extends ArrayFunction, DataFlowFunction, AliasFunction {
   MemsetFunction() {
     hasGlobalName("memset") or
     hasGlobalName("wmemset") or
@@ -27,4 +28,16 @@ class MemsetFunction extends ArrayFunction, DataFlowFunction {
     bufParam = 0 and
     (if hasGlobalName("bzero") then countParam = 1 else countParam = 2)
   }
+  
+  override predicate parameterNeverEscapes(int index) {
+  	hasGlobalName("bzero") and index = 0
+  }
+  
+  override predicate parameterEscapesOnlyViaReturn(int index) {
+  	not hasGlobalName("bzero") and index = 0
+  }
+  
+  override predicate parameterIsAlwaysReturned(int index) {
+  	not hasGlobalName("bzero") and index = 0
+  }
 }
