From nobody Sat Feb  7 18:29:13 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+96700+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+96700+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.microsoft.com
ARC-Seal: i=1; a=rsa-sha256; t=1669743236; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UDrEWII2A6uQCEe/ceN7F9hCxsfGGjP+rYElkt67pNEcIYXoWDUU7wPW62vREMOlCiMGF5fI0Uw1CfZQY9UuRuKeAfBOHTI6U2Fe18cB/1K0GZvuHdLAKg01waGjdy9nE3UE8YRX1Epqd79JHMEEcPlHHajnpSbrbgSeT5x3IWM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1669743236;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=S0GcLku9qoytVFhsdVTZWCfmfR+c/k6VgghF6vjXqF4=;
	b=l90/Qgxuz/UXhDWQcIoEiM7d7JztbPsIX4REPacUrdmYVHXiT2BW56uJL3tNVauTrwodBipRoYDApdVf3CE4zZppMMz5cos7vjx3z1y0JiJsntK8MYxk7k/ohLeeSPm57d46H7rM+lMT5SK7PNcdbG0thVY4pHkAbywvD02zCoM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+96700+1787277+3901457@groups.io;
	dmarc=fail header.from=<mikuback@linux.microsoft.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1669743236283817.1704159888749;
 Tue, 29 Nov 2022 09:33:56 -0800 (PST)
Return-Path: <bounce+27952+96700+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id x1u3YY1788612xcZYUKKBdHx;
 Tue, 29 Nov 2022 09:33:55 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.157040.1669743234254459992
 for <devel@edk2.groups.io>;
 Tue, 29 Nov 2022 09:33:54 -0800
X-Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 632E720B717A;
	Tue, 29 Nov 2022 09:33:53 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 632E720B717A
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Michael D Kinney <michael.d.kinney@intel.com>
Subject: [edk2-devel] [PATCH v2 12/12] .github/codeql/edk2.qls: Enable CWE
 120, 787, and 805 queries
Date: Tue, 29 Nov 2022 12:32:46 -0500
Message-Id: <20221129173246.2182-13-mikuback@linux.microsoft.com>
In-Reply-To: <20221129173246.2182-1-mikuback@linux.microsoft.com>
References: <20221129173246.2182-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
X-Gm-Message-State: vvlzXR4WkNq5qMLy4vVskFK7x1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1669743235;
 bh=i/l75sEDRsKZakBzpZlijjFqa/a/9r+22Loocpm8rYk=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=oWBL3COWBYBfVCxmenCxfqzEeSp8AwGNxEoSG9a1R78K/ZxLSl89VWTTZm8JpESmmRg
 x1VvQKK0AREkRHhPSCbetmnAIztUiIF8hB8nCWCITxNhAvHUADxSqPXJ9W7JPPTh4Kpc1
 8nv0k5SOf3SocfTBlJil01NifGrXUkyRN08=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1669743237041100001
Content-Type: text/plain; charset="utf-8"

From: Michael Kubacki <michael.kubacki@microsoft.com>

As recommended by CodeQL this change replaces
cpp/potential-buffer-overflow with cpp/overrunning-write-with-float
and cpp/overrunning-write.

Enables:

1. cpp/overrunning-write
   - @name Likely overrunning write
   - @description Buffer write operations that do not control the length
                  data written may overflow
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision high
   - @id cpp/very-likely-overrunning-write
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805
2. cpp/overrunning-write-with-float
   - @name Potentially overrunning write with float to string conversion
   - @description Buffer write operations that do not control the length
                  of data written may overflow when floating point inputs
                  take extreme values.
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision medium
   - @id cpp/overrunning-write-with-float
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805
3. cpp/very-likely-overrunning-write
   - @name Likely overrunning write
   - @description Buffer write operations that do not control the length
                  of data written may overflow
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision high
   - @id cpp/very-likely-overrunning-write
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805

- CWEs:
  - https://cwe.mitre.org/data/definitions/120.html
  - https://cwe.mitre.org/data/definitions/787.html
  - https://cwe.mitre.org/data/definitions/805.html

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .github/codeql/edk2.qls | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls
index dc2d87764e93..9bea9ba01f24 100644
--- a/.github/codeql/edk2.qls
+++ b/.github/codeql/edk2.qls
@@ -14,8 +14,11 @@
     id: cpp/infinite-loop-with-unsatisfiable-exit-condition
 - include:
     id: cpp/overflow-buffer
+- include:
+    id: cpp/overrunning-write
+- include:
+    id: cpp/overrunning-write-with-float
 - include:
     id: cpp/pointer-overflow-check
 - include:
-    id: cpp/potential-buffer-overflow
-
+    id: cpp/very-likely-overrunning-write
--=20
2.28.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96700): https://edk2.groups.io/g/devel/message/96700
Mute This Topic: https://groups.io/mt/95339722/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-