github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

https://codeql.github.com

MIT License

7.67k stars 1.54k forks source link

LGTM.com - false positive - asm is not handled #2595

Closed K2 closed 4 years ago

K2 commented 4 years ago

Description of the false positive

asm is breaking various queries. Return value tracking should be pretty easy to add. :)

#ifdef IA32_RND
unsigned int get_count()
{
   __asm__("rdtsc");
}
#endif

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/K2/ADMMutate/snapshot/70daec90a876c317b0d873b68f6abb3fdcf3bfd9/files/ADMmuteng.c?sort=name&dir=ASC&mode=heatmap#x5e9b386724327054:1

K2 commented 4 years ago

Another example;

https://lgtm.com/projects/g/K2/ADMMutate/snapshot/70daec90a876c317b0d873b68f6abb3fdcf3bfd9/files/exp.c?sort=name&dir=ASC&mode=heatmap#xa80047b3e6d8d810:1

long get_esp() { __asm__("movl %esp,%eax"); }

geoffw0 commented 4 years ago

Hi @K2,

Analysing assembly language code is beyond the scope of this query, so I've created https://github.com/Semmle/ql/pull/2598 to add an exclusion for functions containing asm to the query. This should resolve the two false positive results you've linked to.

geoffw0 commented 4 years ago

2598 has been merged, the fix should be reflected on LGTM within about two weeks.

github / codeql

LGTM.com - false positive - __asm__ is not handled #2595

Another example;

2598 has been merged, the fix should be reflected on LGTM within about two weeks.

LGTM.com - false positive - asm is not handled #2595