Update strtok param indices in OutOfBounds library

Nikita Kraiouchkine · Nikita Kraiouchkine · commit e9dd4a8dbc26 · 2023-04-06T00:33:29.000+02:00
diff --git a/c/common/src/codingstandards/c/OutOfBounds.qll b/c/common/src/codingstandards/c/OutOfBounds.qll
@@ -82,9 +82,10 @@ module OOB {
       dst = -1 and
       src = [0, 1]
       or
-      name = "strtok" and
-      dst = 0 and
-      src = 1
+      // do not specify a src and dst to avoid buffer size assumptions
+      name = ["strtok", "strtok_r"] and
+      dst = -1 and
+      src = [0, 1]
     )
   }
 
@@ -479,6 +480,18 @@ module OOB {
     }
   }
 
+  /**
+   * A `BufferAccessLibraryFunction` modelling `strtok`
+   */
+  class StrtokLibraryFunction extends BufferAccessLibraryFunction {
+    StrtokLibraryFunction() { this.getName() = getNameOrInternalName(["strtok", "strtok_r"]) }
+
+    override predicate getAPermissiblyNullParameterIndex(int i) {
+      // `strtok` does not require a non-null `str` parameter
+      i = 0
+    }
+  }
+
   /**
    * An construction of a pointer to a buffer.
    */
