From nobody Sun Feb  8 12:19:41 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of groups.io designates
 66.175.222.108 as permitted sender) client-ip=66.175.222.108;
 envelope-from=bounce+27952+100113+1787277+3901457@groups.io;
 helo=mail02.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100113+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=linux.microsoft.com
ARC-Seal: i=1; a=rsa-sha256; t=1676303420; cv=none;
	d=zohomail.com; s=zohoarc;
	b=TsYrbApByYWN/CPw8K8TnBy3vrXRZdhk8A6CAKG3OgPdMLEFQiHsUsAI31wRluplsBOqtSPcbrrW96DEdfAdi0HmOp9LHZCwlYXJF8lbA3FDbpu/qu/LoYythUkNuS35iDRDo4pKDGky+qAx40LjDi9kaC4ArA6cS/hfPIJsdT0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1676303420;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=1u7k50KugXwpRiAszBwBVli9GC2c5aBSCaMWi8FF3tM=;
	b=ZHodLtjnOFEI06iRyvga1xhURgoxobAjb4GvDEnEZFeeyAYCPzJP4xjDMWfKtpVatWQ/Q7SQVL8K5ct4a+w2ELIN+95EkDIb+Nw2yPhf0eqAS+AXrIjYSp8pEHM58apDH31wkP/0eAFpmBtycskYPcWFWI29vdn9PJHNR6qpFwA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as
 permitted sender)
  smtp.mailfrom=bounce+27952+100113+1787277+3901457@groups.io;
	dmarc=fail header.from=<mikuback@linux.microsoft.com> (p=none dis=none)
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by
 mx.zohomail.com
	with SMTPS id 1676303420911174.96083704053092;
 Mon, 13 Feb 2023 07:50:20 -0800 (PST)
Return-Path: <bounce+27952+100113+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id IXgBYY1788612xYtTOHV9ZqS;
 Mon, 13 Feb 2023 07:50:20 -0800
X-Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web10.17822.1676303419923422675
 for <devel@edk2.groups.io>;
 Mon, 13 Feb 2023 07:50:20 -0800
X-Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 21B2C20C8B73;
	Mon, 13 Feb 2023 07:50:19 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 21B2C20C8B73
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.brogan@microsoft.com>,
	Michael Kubacki <mikuback@linux.microsoft.com>,
	Michael D Kinney <michael.d.kinney@intel.com>
Subject: [edk2-devel] [PATCH v3 12/12] .github/codeql/edk2.qls: Enable CWE
 120, 787, and 805 queries
Date: Mon, 13 Feb 2023 10:49:08 -0500
Message-Id: <20230213154908.1993-13-mikuback@linux.microsoft.com>
In-Reply-To: <20230213154908.1993-1-mikuback@linux.microsoft.com>
References: <20230213154908.1993-1-mikuback@linux.microsoft.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,mikuback@linux.microsoft.com
X-Gm-Message-State: cx5zhNCApwGRVlnLkm7J7Bqgx1787277AA=
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1676303420;
 bh=Zh2Xoh6a0/nFZQabHsiR953rXaFCuBG5PzTHa8MaDCA=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=aQn4VpUtlQ/4GOYmKVKScKOX8orYpv8/rtNX5/dYcytIUIT49vg5E1cN9RRM6Lh9boO
 KAw1fXQ4KcyBmgW4XssmpK0P/E/KjO63P2mbZyf5CVkWHWqaxlQSpz+FNC6a7axYDKUbO
 B71SHwPEr9ZPoREQzxMIGft4+fq0aTgyo04=
X-ZohoMail-DKIM: pass (identity @groups.io)
X-ZM-MESSAGEID: 1676303422956100002
Content-Type: text/plain; charset="utf-8"

From: Michael Kubacki <michael.kubacki@microsoft.com>

As recommended by CodeQL this change replaces
cpp/potential-buffer-overflow with cpp/overrunning-write-with-float
and cpp/overrunning-write.

Enables:

1. cpp/overrunning-write
   - @name Likely overrunning write
   - @description Buffer write operations that do not control the length
                  data written may overflow
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision high
   - @id cpp/very-likely-overrunning-write
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805
2. cpp/overrunning-write-with-float
   - @name Potentially overrunning write with float to string conversion
   - @description Buffer write operations that do not control the length
                  of data written may overflow when floating point inputs
                  take extreme values.
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision medium
   - @id cpp/overrunning-write-with-float
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805
3. cpp/very-likely-overrunning-write
   - @name Likely overrunning write
   - @description Buffer write operations that do not control the length
                  of data written may overflow
   - @kind problem
   - @problem.severity error
   - @security-severity 9.3
   - @precision high
   - @id cpp/very-likely-overrunning-write
   - @tags reliability
     - security
     - external/cwe/cwe-120
     - external/cwe/cwe-787
     - external/cwe/cwe-805

- CWEs:
  - https://cwe.mitre.org/data/definitions/120.html
  - https://cwe.mitre.org/data/definitions/787.html
  - https://cwe.mitre.org/data/definitions/805.html

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .github/codeql/edk2.qls | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls
index dc2d87764e93..9bea9ba01f24 100644
--- a/.github/codeql/edk2.qls
+++ b/.github/codeql/edk2.qls
@@ -14,8 +14,11 @@
     id: cpp/infinite-loop-with-unsatisfiable-exit-condition
 - include:
     id: cpp/overflow-buffer
+- include:
+    id: cpp/overrunning-write
+- include:
+    id: cpp/overrunning-write-with-float
 - include:
     id: cpp/pointer-overflow-check
 - include:
-    id: cpp/potential-buffer-overflow
-
+    id: cpp/very-likely-overrunning-write
--=20
2.28.0.windows.1



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100113): https://edk2.groups.io/g/devel/message/100113
Mute This Topic: https://groups.io/mt/96938324/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-