From 7658ebb4490ce80971d1427cb9b2f23380cec36d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 9 Jan 2026 12:00:51 +0000 Subject: [PATCH 1/3] Rust: Add spurious test case for rust/uncontrolled-allocation-size. --- .../UncontrolledAllocationSize.expected | 534 +++++++++--------- .../test/query-tests/security/CWE-770/main.rs | 3 + 2 files changed, 273 insertions(+), 264 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 24edd2ff7f50..ad50ebbcd490 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,166 +1,167 @@ #select -| main.rs:18:13:18:31 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:21:13:21:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:22:13:22:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:23:13:23:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:30:13:30:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:33:13:33:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:37:13:37:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:40:13:40:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:50:13:50:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:51:13:51:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:53:13:53:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:54:13:54:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:59:13:59:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:61:13:61:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:63:13:63:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:196:32:196:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:196:32:196:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:197:32:197:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:197:32:197:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:198:32:198:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:198:32:198:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:202:32:202:38 | realloc | main.rs:317:13:317:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:202:32:202:38 | realloc | main.rs:317:13:317:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:208:40:208:43 | grow | main.rs:317:13:317:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:213:36:213:41 | shrink | main.rs:317:13:317:26 | ...::args | main.rs:213:36:213:41 | shrink | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:317:13:317:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | +| main.rs:18:13:18:31 | ...::realloc | main.rs:320:13:320:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:88:13:88:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:96:17:96:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:102:17:102:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:103:17:103:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:109:17:109:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:111:17:111:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:146:17:146:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:148:17:148:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:152:13:152:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:155:13:155:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:162:17:162:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:169:17:169:33 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:177:13:177:29 | ...::alloc | main.rs:320:13:320:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:193:32:193:36 | alloc | main.rs:320:13:320:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:194:32:194:43 | alloc_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:194:32:194:43 | alloc_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:195:32:195:39 | allocate | main.rs:320:13:320:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:196:32:196:46 | allocate_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:196:32:196:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:197:32:197:39 | allocate | main.rs:320:13:320:26 | ...::args | main.rs:197:32:197:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:198:32:198:46 | allocate_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:198:32:198:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:202:32:202:38 | realloc | main.rs:320:13:320:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:202:32:202:38 | realloc | main.rs:320:13:320:26 | ...::args | main.rs:202:32:202:38 | realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:208:40:208:43 | grow | main.rs:320:13:320:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:210:40:210:50 | grow_zeroed | main.rs:320:13:320:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:213:36:213:41 | shrink | main.rs:320:13:320:26 | ...::args | main.rs:213:36:213:41 | shrink | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:219:13:219:24 | ...::malloc | main.rs:320:13:320:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:320:13:320:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:222:13:222:24 | ...::calloc | main.rs:320:13:320:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:223:13:223:24 | ...::calloc | main.rs:320:13:320:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:224:13:224:25 | ...::realloc | main.rs:320:13:320:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:242:16:242:24 | split_off | main.rs:320:13:320:26 | ...::args | main.rs:242:16:242:24 | split_off | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | +| main.rs:287:22:287:38 | ...::alloc | main.rs:311:25:311:38 | ...::args | main.rs:287:22:287:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:311:25:311:38 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | -| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:17 Sink:MaD:17 | +| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:18 Sink:MaD:18 | | main.rs:18:41:18:41 | v | main.rs:20:50:20:50 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:29:60:29:60 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:32:60:32:60 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:49:35:49 | v | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:42 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:43 | | main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance | | -| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | -| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | +| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:21:31:21:32 | l2 | main.rs:22:31:22:32 | l2 | provenance | | | main.rs:21:31:21:32 | l2 | main.rs:23:31:23:32 | l2 | provenance | | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | -| main.rs:22:31:22:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:28 | -| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:42 | -| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:23:31:23:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:28 | -| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:42 | -| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:36 | -| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:16 Sink:MaD:16 | +| main.rs:22:31:22:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:29 | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:43 | +| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:23:31:23:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:29 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:43 | +| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:37 | +| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:17 Sink:MaD:17 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | -| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | -| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | +| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | -| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:27 | -| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:45 | -| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | -| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:28 | +| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:46 | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | +| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | | main.rs:35:14:35:54 | ... + ... | main.rs:35:9:35:10 | s6 | provenance | | -| main.rs:35:15:35:49 | ... * ... | main.rs:35:14:35:54 | ... + ... | provenance | MaD:24 | +| main.rs:35:15:35:49 | ... * ... | main.rs:35:14:35:54 | ... + ... | provenance | MaD:25 | +| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:27 | | main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:26 | -| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:25 | -| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:44 | +| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:45 | | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | -| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | -| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | +| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:37:31:37:32 | l6 | main.rs:39:60:39:61 | l6 | provenance | | | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | -| main.rs:39:60:39:61 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:39 | -| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | -| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:39:60:39:61 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:40 | +| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | +| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:42 | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:43 | | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | -| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:42 | +| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:43 | | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | -| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:51:41:51:41 | v | main.rs:51:41:51:45 | ... + ... | provenance | MaD:24 | -| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:42 | -| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:38 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:42 | -| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:54:48:54:48 | v | main.rs:54:48:54:53 | ... * ... | provenance | MaD:27 | -| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:38 | +| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:51:41:51:41 | v | main.rs:51:41:51:45 | ... + ... | provenance | MaD:25 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:43 | +| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:39 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:43 | +| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:54:48:54:48 | v | main.rs:54:48:54:53 | ... * ... | provenance | MaD:28 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:39 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | -| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:41 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:42 | | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | -| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | -| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | +| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:62:24:62:25 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:65:31:65:32 | k1 | provenance | | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:42 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:43 | | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | -| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:30 | -| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:31 | +| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:25 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:31 | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:42 | +| main.rs:62:24:62:25 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:32 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:43 | | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | -| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:42 | -| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:32 | -| main.rs:65:31:65:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:33 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:42 | -| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:43 | +| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:33 | +| main.rs:65:31:65:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:34 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:43 | +| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:42 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:43 | | main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance | | -| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:42 | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:43 | | main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance | | -| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | -| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | | main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | | main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | @@ -170,66 +171,66 @@ edges | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | -| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:42 | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:43 | | main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance | | -| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:42 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:43 | | main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance | | -| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | -| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | -| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:42 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:43 | | main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance | | -| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | -| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:42 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:43 | | main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance | | -| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:47 | -| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:48 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:42 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:43 | | main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance | | -| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:46 | -| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:47 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:42 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:43 | | main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance | | -| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | -| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | -| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:183:29:183:36 | ...: usize | main.rs:202:48:202:48 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | -| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:42 | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:43 | | main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance | | -| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | -| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | +| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | +| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:11 Sink:MaD:11 | | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | -| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | | main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:12 Sink:MaD:12 | +| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:13 Sink:MaD:13 | | main.rs:194:45:194:46 | l2 | main.rs:195:41:195:42 | l2 | provenance | | -| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:5 Sink:MaD:5 | +| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:6 Sink:MaD:6 | | main.rs:195:41:195:42 | l2 | main.rs:196:48:196:49 | l2 | provenance | | -| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:6 Sink:MaD:6 | +| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | | main.rs:196:48:196:49 | l2 | main.rs:197:41:197:42 | l2 | provenance | | | main.rs:197:41:197:42 | l2 | main.rs:197:32:197:39 | allocate | provenance | MaD:1 Sink:MaD:1 | | main.rs:197:41:197:42 | l2 | main.rs:198:48:198:49 | l2 | provenance | | @@ -237,107 +238,110 @@ edges | main.rs:198:48:198:49 | l2 | main.rs:208:53:208:54 | l2 | provenance | | | main.rs:198:48:198:49 | l2 | main.rs:210:60:210:61 | l2 | provenance | | | main.rs:198:48:198:49 | l2 | main.rs:213:51:213:52 | l2 | provenance | | -| main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:7 Sink:MaD:7 | -| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:8 Sink:MaD:8 | -| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:9 Sink:MaD:9 | +| main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:8 Sink:MaD:8 | +| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | +| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:10 Sink:MaD:10 | | main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | -| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:20 Sink:MaD:20 | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:21 Sink:MaD:21 | | main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | -| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:18 Sink:MaD:18 | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:19 Sink:MaD:19 | | main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | -| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:19 Sink:MaD:19 | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:20 Sink:MaD:20 | | main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | -| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:19 Sink:MaD:19 | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:20 Sink:MaD:20 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | -| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:21 Sink:MaD:21 | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:22 Sink:MaD:22 | | main.rs:227:24:227:31 | ...: usize | main.rs:230:46:230:46 | v | provenance | | -| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:3 Sink:MaD:3 | +| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:4 Sink:MaD:4 | | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance | | -| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 | -| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:30 | user_input | provenance | | -| main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | -| main.rs:280:21:280:30 | user_input | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:43 | -| main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | -| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:27 | -| main.rs:280:21:280:48 | TryExpr | main.rs:280:21:280:77 | ... * ... | provenance | MaD:45 | -| main.rs:280:21:280:77 | ... * ... | main.rs:280:9:280:17 | num_bytes | provenance | | -| main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | | -| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:42 | -| main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance | | -| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | -| main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:22 | -| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:23 | -| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:40 | -| main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | -| main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | -| main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | | -| main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | | -| main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | -| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | -| main.rs:317:9:317:9 | v | main.rs:325:22:325:22 | v | provenance | | -| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:22 | -| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:23 | -| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:40 | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:43 | -| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:42 | -| main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | | -| main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | -| main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | -| main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | -| main.rs:323:27:323:27 | v | main.rs:183:29:183:36 | ...: usize | provenance | | -| main.rs:324:25:324:25 | v | main.rs:217:27:217:34 | ...: usize | provenance | | -| main.rs:325:22:325:22 | v | main.rs:227:24:227:31 | ...: usize | provenance | | +| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:5 Sink:MaD:5 | +| main.rs:231:42:231:42 | v | main.rs:242:26:242:26 | v | provenance | | +| main.rs:242:26:242:26 | v | main.rs:242:16:242:24 | split_off | provenance | MaD:3 Sink:MaD:3 | +| main.rs:282:24:282:41 | ...: String | main.rs:283:21:283:30 | user_input | provenance | | +| main.rs:283:9:283:17 | num_bytes | main.rs:285:54:285:62 | num_bytes | provenance | | +| main.rs:283:21:283:30 | user_input | main.rs:283:21:283:47 | user_input.parse() [Ok] | provenance | MaD:44 | +| main.rs:283:21:283:47 | user_input.parse() [Ok] | main.rs:283:21:283:48 | TryExpr | provenance | | +| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:28 | +| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:46 | +| main.rs:283:21:283:77 | ... * ... | main.rs:283:9:283:17 | num_bytes | provenance | | +| main.rs:285:9:285:14 | layout | main.rs:287:40:287:45 | layout | provenance | | +| main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | main.rs:285:18:285:75 | ... .unwrap() | provenance | MaD:43 | +| main.rs:285:18:285:75 | ... .unwrap() | main.rs:285:9:285:14 | layout | provenance | | +| main.rs:285:54:285:62 | num_bytes | main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | +| main.rs:287:40:287:45 | layout | main.rs:287:22:287:38 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:311:25:311:38 | ...::args | main.rs:311:25:311:40 | ...::args(...) [element] | provenance | Src:MaD:23 | +| main.rs:311:25:311:40 | ...::args(...) [element] | main.rs:311:25:311:47 | ... .nth(...) [Some] | provenance | MaD:24 | +| main.rs:311:25:311:47 | ... .nth(...) [Some] | main.rs:311:25:311:74 | ... .unwrap_or(...) | provenance | MaD:41 | +| main.rs:311:25:311:74 | ... .unwrap_or(...) | main.rs:282:24:282:41 | ...: String | provenance | | +| main.rs:320:9:320:9 | v | main.rs:323:34:323:34 | v | provenance | | +| main.rs:320:9:320:9 | v | main.rs:324:42:324:42 | v | provenance | | +| main.rs:320:9:320:9 | v | main.rs:325:36:325:36 | v | provenance | | +| main.rs:320:9:320:9 | v | main.rs:326:27:326:27 | v | provenance | | +| main.rs:320:9:320:9 | v | main.rs:327:25:327:25 | v | provenance | | +| main.rs:320:9:320:9 | v | main.rs:328:22:328:22 | v | provenance | | +| main.rs:320:13:320:26 | ...::args | main.rs:320:13:320:28 | ...::args(...) [element] | provenance | Src:MaD:23 | +| main.rs:320:13:320:28 | ...::args(...) [element] | main.rs:320:13:320:35 | ... .nth(...) [Some] | provenance | MaD:24 | +| main.rs:320:13:320:35 | ... .nth(...) [Some] | main.rs:320:13:320:65 | ... .unwrap_or(...) | provenance | MaD:41 | +| main.rs:320:13:320:65 | ... .unwrap_or(...) | main.rs:320:13:320:82 | ... .parse() [Ok] | provenance | MaD:44 | +| main.rs:320:13:320:82 | ... .parse() [Ok] | main.rs:320:13:320:91 | ... .unwrap() | provenance | MaD:43 | +| main.rs:320:13:320:91 | ... .unwrap() | main.rs:320:9:320:9 | v | provenance | | +| main.rs:323:34:323:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:324:42:324:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:325:36:325:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | +| main.rs:326:27:326:27 | v | main.rs:183:29:183:36 | ...: usize | provenance | | +| main.rs:327:25:327:25 | v | main.rs:217:27:217:34 | ...: usize | provenance | | +| main.rs:328:22:328:22 | v | main.rs:227:24:227:31 | ...: usize | provenance | | models | 1 | Sink: ::allocate; Argument[0]; alloc-layout | | 2 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | -| 3 | Sink: ::try_with_capacity_in; Argument[0]; alloc-layout | -| 4 | Sink: ::with_capacity_in; Argument[0]; alloc-layout | -| 5 | Sink: ::allocate; Argument[0]; alloc-layout | -| 6 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | -| 7 | Sink: ::grow; Argument[2]; alloc-layout | -| 8 | Sink: ::grow_zeroed; Argument[2]; alloc-layout | -| 9 | Sink: ::shrink; Argument[2]; alloc-layout | -| 10 | Sink: ::alloc; Argument[0]; alloc-size | -| 11 | Sink: ::alloc_zeroed; Argument[0]; alloc-layout | -| 12 | Sink: ::alloc_zeroed; Argument[0]; alloc-size | -| 13 | Sink: ::realloc; Argument[2]; alloc-layout | -| 14 | Sink: ::realloc; Argument[2]; alloc-size | -| 15 | Sink: alloc::alloc::alloc; Argument[0]; alloc-layout | -| 16 | Sink: alloc::alloc::alloc_zeroed; Argument[0]; alloc-layout | -| 17 | Sink: alloc::alloc::realloc; Argument[2]; alloc-size | -| 18 | Sink: libc::unix::aligned_alloc; Argument[1]; alloc-size | -| 19 | Sink: libc::unix::calloc; Argument[0,1]; alloc-size | -| 20 | Sink: libc::unix::malloc; Argument[0]; alloc-size | -| 21 | Sink: libc::unix::realloc; Argument[1]; alloc-size | -| 22 | Source: std::env::args; ReturnValue.Element; commandargs | -| 23 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value | -| 24 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint | -| 25 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0].Reference; ReturnValue; taint | -| 26 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint | -| 27 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint | -| 28 | Summary: ::align_to; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 29 | Summary: ::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 30 | Summary: ::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 31 | Summary: ::extend; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 32 | Summary: ::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 33 | Summary: ::extend_packed; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 34 | Summary: ::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 35 | Summary: ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | -| 36 | Summary: ::pad_to_align; Argument[self].Reference; ReturnValue; taint | -| 37 | Summary: ::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 38 | Summary: ::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 39 | Summary: ::size; Argument[self].Reference; ReturnValue; taint | -| 40 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | -| 41 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 42 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 43 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 44 | Summary: ::mul; Argument[0]; ReturnValue; taint | -| 45 | Summary: ::mul; Argument[self]; ReturnValue; taint | -| 46 | Summary: core::cmp::max; Argument[0]; ReturnValue; value | -| 47 | Summary: core::cmp::min; Argument[0]; ReturnValue; value | +| 3 | Sink: ::split_off; Argument[0]; alloc-layout | +| 4 | Sink: ::try_with_capacity_in; Argument[0]; alloc-layout | +| 5 | Sink: ::with_capacity_in; Argument[0]; alloc-layout | +| 6 | Sink: ::allocate; Argument[0]; alloc-layout | +| 7 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | +| 8 | Sink: ::grow; Argument[2]; alloc-layout | +| 9 | Sink: ::grow_zeroed; Argument[2]; alloc-layout | +| 10 | Sink: ::shrink; Argument[2]; alloc-layout | +| 11 | Sink: ::alloc; Argument[0]; alloc-size | +| 12 | Sink: ::alloc_zeroed; Argument[0]; alloc-layout | +| 13 | Sink: ::alloc_zeroed; Argument[0]; alloc-size | +| 14 | Sink: ::realloc; Argument[2]; alloc-layout | +| 15 | Sink: ::realloc; Argument[2]; alloc-size | +| 16 | Sink: alloc::alloc::alloc; Argument[0]; alloc-layout | +| 17 | Sink: alloc::alloc::alloc_zeroed; Argument[0]; alloc-layout | +| 18 | Sink: alloc::alloc::realloc; Argument[2]; alloc-size | +| 19 | Sink: libc::unix::aligned_alloc; Argument[1]; alloc-size | +| 20 | Sink: libc::unix::calloc; Argument[0,1]; alloc-size | +| 21 | Sink: libc::unix::malloc; Argument[0]; alloc-size | +| 22 | Sink: libc::unix::realloc; Argument[1]; alloc-size | +| 23 | Source: std::env::args; ReturnValue.Element; commandargs | +| 24 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value | +| 25 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint | +| 26 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0].Reference; ReturnValue; taint | +| 27 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint | +| 28 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint | +| 29 | Summary: ::align_to; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 30 | Summary: ::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 31 | Summary: ::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 32 | Summary: ::extend; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 33 | Summary: ::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 34 | Summary: ::extend_packed; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 35 | Summary: ::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 36 | Summary: ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 37 | Summary: ::pad_to_align; Argument[self].Reference; ReturnValue; taint | +| 38 | Summary: ::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 39 | Summary: ::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 40 | Summary: ::size; Argument[self].Reference; ReturnValue; taint | +| 41 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | +| 42 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 43 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 44 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 45 | Summary: ::mul; Argument[0]; ReturnValue; taint | +| 46 | Summary: ::mul; Argument[self]; ReturnValue; taint | +| 47 | Summary: core::cmp::max; Argument[0]; ReturnValue; value | +| 48 | Summary: core::cmp::min; Argument[0]; ReturnValue; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -543,33 +547,35 @@ nodes | main.rs:230:46:230:46 | v | semmle.label | v | | main.rs:231:13:231:40 | ...::with_capacity_in | semmle.label | ...::with_capacity_in | | main.rs:231:42:231:42 | v | semmle.label | v | -| main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | -| main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | -| main.rs:280:21:280:30 | user_input | semmle.label | user_input | -| main.rs:280:21:280:47 | user_input.parse() [Ok] | semmle.label | user_input.parse() [Ok] | -| main.rs:280:21:280:48 | TryExpr | semmle.label | TryExpr | -| main.rs:280:21:280:77 | ... * ... | semmle.label | ... * ... | -| main.rs:282:9:282:14 | layout | semmle.label | layout | -| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:282:18:282:75 | ... .unwrap() | semmle.label | ... .unwrap() | -| main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | -| main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:284:40:284:45 | layout | semmle.label | layout | -| main.rs:308:25:308:38 | ...::args | semmle.label | ...::args | -| main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:317:9:317:9 | v | semmle.label | v | -| main.rs:317:13:317:26 | ...::args | semmle.label | ...::args | -| main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:317:13:317:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:317:13:317:82 | ... .parse() [Ok] | semmle.label | ... .parse() [Ok] | -| main.rs:317:13:317:91 | ... .unwrap() | semmle.label | ... .unwrap() | -| main.rs:320:34:320:34 | v | semmle.label | v | -| main.rs:321:42:321:42 | v | semmle.label | v | -| main.rs:322:36:322:36 | v | semmle.label | v | -| main.rs:323:27:323:27 | v | semmle.label | v | -| main.rs:324:25:324:25 | v | semmle.label | v | -| main.rs:325:22:325:22 | v | semmle.label | v | +| main.rs:242:16:242:24 | split_off | semmle.label | split_off | +| main.rs:242:26:242:26 | v | semmle.label | v | +| main.rs:282:24:282:41 | ...: String | semmle.label | ...: String | +| main.rs:283:9:283:17 | num_bytes | semmle.label | num_bytes | +| main.rs:283:21:283:30 | user_input | semmle.label | user_input | +| main.rs:283:21:283:47 | user_input.parse() [Ok] | semmle.label | user_input.parse() [Ok] | +| main.rs:283:21:283:48 | TryExpr | semmle.label | TryExpr | +| main.rs:283:21:283:77 | ... * ... | semmle.label | ... * ... | +| main.rs:285:9:285:14 | layout | semmle.label | layout | +| main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:285:18:285:75 | ... .unwrap() | semmle.label | ... .unwrap() | +| main.rs:285:54:285:62 | num_bytes | semmle.label | num_bytes | +| main.rs:287:22:287:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:287:40:287:45 | layout | semmle.label | layout | +| main.rs:311:25:311:38 | ...::args | semmle.label | ...::args | +| main.rs:311:25:311:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:311:25:311:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:311:25:311:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:320:9:320:9 | v | semmle.label | v | +| main.rs:320:13:320:26 | ...::args | semmle.label | ...::args | +| main.rs:320:13:320:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:320:13:320:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:320:13:320:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:320:13:320:82 | ... .parse() [Ok] | semmle.label | ... .parse() [Ok] | +| main.rs:320:13:320:91 | ... .unwrap() | semmle.label | ... .unwrap() | +| main.rs:323:34:323:34 | v | semmle.label | v | +| main.rs:324:42:324:42 | v | semmle.label | v | +| main.rs:325:36:325:36 | v | semmle.label | v | +| main.rs:326:27:326:27 | v | semmle.label | v | +| main.rs:327:25:327:25 | v | semmle.label | v | +| main.rs:328:22:328:22 | v | semmle.label | v | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 1f549cb26757..e3034c9c28c5 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -238,6 +238,9 @@ unsafe fn test_vectors(v: usize) { v1.resize(v, 1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] v1.set_len(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let mut v2 = vec![1, 2, 3, 4, 5, 6]; + let _ = v2.split_off(v); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let l2 = std::alloc::Layout::new::<[u64; 200]>(); let m2 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); let _ = Vec::::from_parts(m2, v, 200); // $ MISSING: Alert[rust/uncontrolled-allocation-size] From 479c58bef56cf9940a56663c59996d5c266786cf Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 9 Jan 2026 16:54:32 +0000 Subject: [PATCH 2/3] Rust: Add a barrier. --- .../UncontrolledAllocationSizeExtensions.qll | 13 + .../UncontrolledAllocationSize.expected | 332 +++++++++--------- .../test/query-tests/security/CWE-770/main.rs | 2 +- 3 files changed, 177 insertions(+), 170 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index c6251563ea6f..e323f0d95445 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -63,4 +63,17 @@ module UncontrolledAllocationSize { branch = false ) } + + /** + * A barrier for uncontrolled allocation size flow into particular functions. + */ + private class ModelledBarrier extends Barrier { + ModelledBarrier() { + exists(MethodCall c | + c.getStaticTarget().getCanonicalPath() = + ["::split_off", "::split_off"] and + this.asExpr() = c.getAnArgument() + ) + } + } } diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index ad50ebbcd490..bc7e7fa79450 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -50,118 +50,117 @@ | main.rs:224:13:224:25 | ...::realloc | main.rs:320:13:320:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | | main.rs:230:13:230:44 | ...::try_with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:230:13:230:44 | ...::try_with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | | main.rs:231:13:231:40 | ...::with_capacity_in | main.rs:320:13:320:26 | ...::args | main.rs:231:13:231:40 | ...::with_capacity_in | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | -| main.rs:242:16:242:24 | split_off | main.rs:320:13:320:26 | ...::args | main.rs:242:16:242:24 | split_off | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:320:13:320:26 | ...::args | user-provided value | | main.rs:287:22:287:38 | ...::alloc | main.rs:311:25:311:38 | ...::args | main.rs:287:22:287:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:311:25:311:38 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | -| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:18 Sink:MaD:18 | +| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:17 Sink:MaD:17 | | main.rs:18:41:18:41 | v | main.rs:20:50:20:50 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:29:60:29:60 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:32:60:32:60 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:49:35:49 | v | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:43 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:42 | | main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance | | -| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | -| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | +| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:21:31:21:32 | l2 | main.rs:22:31:22:32 | l2 | provenance | | | main.rs:21:31:21:32 | l2 | main.rs:23:31:23:32 | l2 | provenance | | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | -| main.rs:22:31:22:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:29 | -| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:43 | -| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:23:31:23:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:29 | -| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:43 | -| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:37 | -| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:17 Sink:MaD:17 | +| main.rs:22:31:22:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:28 | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:42 | +| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:23:31:23:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:28 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:42 | +| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:36 | +| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:16 Sink:MaD:16 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | -| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | -| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | +| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | -| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:28 | -| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:46 | -| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | -| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:27 | +| main.rs:32:60:32:60 | v | main.rs:32:60:32:89 | ... * ... | provenance | MaD:45 | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | +| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | | main.rs:35:14:35:54 | ... + ... | main.rs:35:9:35:10 | s6 | provenance | | -| main.rs:35:15:35:49 | ... * ... | main.rs:35:14:35:54 | ... + ... | provenance | MaD:25 | -| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:27 | +| main.rs:35:15:35:49 | ... * ... | main.rs:35:14:35:54 | ... + ... | provenance | MaD:24 | | main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:26 | -| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:45 | +| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:25 | +| main.rs:35:49:35:49 | v | main.rs:35:15:35:49 | ... * ... | provenance | MaD:44 | | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | -| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | -| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | +| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:37:31:37:32 | l6 | main.rs:39:60:39:61 | l6 | provenance | | | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | -| main.rs:39:60:39:61 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:40 | -| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:36 | -| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:39:60:39:61 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:39 | +| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:35 | +| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:43 | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:42 | | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | -| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:43 | +| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:42 | | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | -| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:51:41:51:41 | v | main.rs:51:41:51:45 | ... + ... | provenance | MaD:25 | -| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:43 | -| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:39 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:43 | -| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:54:48:54:48 | v | main.rs:54:48:54:53 | ... * ... | provenance | MaD:28 | -| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:39 | +| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:51:41:51:41 | v | main.rs:51:41:51:45 | ... + ... | provenance | MaD:24 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:42 | +| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:38 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:42 | +| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:54:48:54:48 | v | main.rs:54:48:54:53 | ... * ... | provenance | MaD:27 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:38 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | -| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:42 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:41 | | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | -| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:38 | -| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:37 | +| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:62:24:62:25 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | | main.rs:59:31:59:32 | k1 | main.rs:65:31:65:32 | k1 | provenance | | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:43 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:42 | | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | -| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:31 | -| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:30 | +| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:25 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:32 | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:43 | +| main.rs:62:24:62:25 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:31 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:42 | | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | -| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:43 | -| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:33 | -| main.rs:65:31:65:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:34 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:43 | -| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:42 | +| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:32 | +| main.rs:65:31:65:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:33 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:42 | +| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:43 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:42 | | main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance | | -| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:43 | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:42 | | main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance | | -| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | -| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | | main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | | main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | @@ -171,66 +170,66 @@ edges | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | -| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:43 | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:42 | | main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance | | -| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:43 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:42 | | main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance | | -| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | -| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | -| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:43 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:42 | | main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance | | -| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | -| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:43 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:42 | | main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance | | -| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:48 | -| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:47 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:43 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:42 | | main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance | | -| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:47 | -| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:46 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:43 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:42 | | main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance | | -| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | -| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | -| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:183:29:183:36 | ...: usize | main.rs:202:48:202:48 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | -| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:43 | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:42 | | main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance | | -| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:30 | -| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:11 Sink:MaD:11 | +| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:29 | +| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | +| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | | main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:12 Sink:MaD:12 | -| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:13 Sink:MaD:13 | | main.rs:194:45:194:46 | l2 | main.rs:195:41:195:42 | l2 | provenance | | -| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:6 Sink:MaD:6 | +| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:5 Sink:MaD:5 | | main.rs:195:41:195:42 | l2 | main.rs:196:48:196:49 | l2 | provenance | | -| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | +| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:6 Sink:MaD:6 | | main.rs:196:48:196:49 | l2 | main.rs:197:41:197:42 | l2 | provenance | | | main.rs:197:41:197:42 | l2 | main.rs:197:32:197:39 | allocate | provenance | MaD:1 Sink:MaD:1 | | main.rs:197:41:197:42 | l2 | main.rs:198:48:198:49 | l2 | provenance | | @@ -238,42 +237,40 @@ edges | main.rs:198:48:198:49 | l2 | main.rs:208:53:208:54 | l2 | provenance | | | main.rs:198:48:198:49 | l2 | main.rs:210:60:210:61 | l2 | provenance | | | main.rs:198:48:198:49 | l2 | main.rs:213:51:213:52 | l2 | provenance | | +| main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:202:48:202:48 | v | main.rs:202:32:202:38 | realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:8 Sink:MaD:8 | -| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | -| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:10 Sink:MaD:10 | +| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:7 Sink:MaD:7 | +| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:8 Sink:MaD:8 | +| main.rs:213:51:213:52 | l2 | main.rs:213:36:213:41 | shrink | provenance | MaD:9 Sink:MaD:9 | | main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | -| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:21 Sink:MaD:21 | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:20 Sink:MaD:20 | | main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | -| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:19 Sink:MaD:19 | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:18 Sink:MaD:18 | | main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | -| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:20 Sink:MaD:20 | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:19 Sink:MaD:19 | | main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | -| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:20 Sink:MaD:20 | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:19 Sink:MaD:19 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | -| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:22 Sink:MaD:22 | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:21 Sink:MaD:21 | | main.rs:227:24:227:31 | ...: usize | main.rs:230:46:230:46 | v | provenance | | -| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:4 Sink:MaD:4 | +| main.rs:230:46:230:46 | v | main.rs:230:13:230:44 | ...::try_with_capacity_in | provenance | MaD:3 Sink:MaD:3 | | main.rs:230:46:230:46 | v | main.rs:231:42:231:42 | v | provenance | | -| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:5 Sink:MaD:5 | -| main.rs:231:42:231:42 | v | main.rs:242:26:242:26 | v | provenance | | -| main.rs:242:26:242:26 | v | main.rs:242:16:242:24 | split_off | provenance | MaD:3 Sink:MaD:3 | +| main.rs:231:42:231:42 | v | main.rs:231:13:231:40 | ...::with_capacity_in | provenance | MaD:4 Sink:MaD:4 | | main.rs:282:24:282:41 | ...: String | main.rs:283:21:283:30 | user_input | provenance | | | main.rs:283:9:283:17 | num_bytes | main.rs:285:54:285:62 | num_bytes | provenance | | -| main.rs:283:21:283:30 | user_input | main.rs:283:21:283:47 | user_input.parse() [Ok] | provenance | MaD:44 | +| main.rs:283:21:283:30 | user_input | main.rs:283:21:283:47 | user_input.parse() [Ok] | provenance | MaD:43 | | main.rs:283:21:283:47 | user_input.parse() [Ok] | main.rs:283:21:283:48 | TryExpr | provenance | | -| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:28 | -| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:46 | +| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:27 | +| main.rs:283:21:283:48 | TryExpr | main.rs:283:21:283:77 | ... * ... | provenance | MaD:45 | | main.rs:283:21:283:77 | ... * ... | main.rs:283:9:283:17 | num_bytes | provenance | | | main.rs:285:9:285:14 | layout | main.rs:287:40:287:45 | layout | provenance | | -| main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | main.rs:285:18:285:75 | ... .unwrap() | provenance | MaD:43 | +| main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | main.rs:285:18:285:75 | ... .unwrap() | provenance | MaD:42 | | main.rs:285:18:285:75 | ... .unwrap() | main.rs:285:9:285:14 | layout | provenance | | -| main.rs:285:54:285:62 | num_bytes | main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | provenance | MaD:35 | -| main.rs:287:40:287:45 | layout | main.rs:287:22:287:38 | ...::alloc | provenance | MaD:16 Sink:MaD:16 | -| main.rs:311:25:311:38 | ...::args | main.rs:311:25:311:40 | ...::args(...) [element] | provenance | Src:MaD:23 | -| main.rs:311:25:311:40 | ...::args(...) [element] | main.rs:311:25:311:47 | ... .nth(...) [Some] | provenance | MaD:24 | -| main.rs:311:25:311:47 | ... .nth(...) [Some] | main.rs:311:25:311:74 | ... .unwrap_or(...) | provenance | MaD:41 | +| main.rs:285:54:285:62 | num_bytes | main.rs:285:18:285:66 | ...::from_size_align(...) [Ok] | provenance | MaD:34 | +| main.rs:287:40:287:45 | layout | main.rs:287:22:287:38 | ...::alloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:311:25:311:38 | ...::args | main.rs:311:25:311:40 | ...::args(...) [element] | provenance | Src:MaD:22 | +| main.rs:311:25:311:40 | ...::args(...) [element] | main.rs:311:25:311:47 | ... .nth(...) [Some] | provenance | MaD:23 | +| main.rs:311:25:311:47 | ... .nth(...) [Some] | main.rs:311:25:311:74 | ... .unwrap_or(...) | provenance | MaD:40 | | main.rs:311:25:311:74 | ... .unwrap_or(...) | main.rs:282:24:282:41 | ...: String | provenance | | | main.rs:320:9:320:9 | v | main.rs:323:34:323:34 | v | provenance | | | main.rs:320:9:320:9 | v | main.rs:324:42:324:42 | v | provenance | | @@ -281,11 +278,11 @@ edges | main.rs:320:9:320:9 | v | main.rs:326:27:326:27 | v | provenance | | | main.rs:320:9:320:9 | v | main.rs:327:25:327:25 | v | provenance | | | main.rs:320:9:320:9 | v | main.rs:328:22:328:22 | v | provenance | | -| main.rs:320:13:320:26 | ...::args | main.rs:320:13:320:28 | ...::args(...) [element] | provenance | Src:MaD:23 | -| main.rs:320:13:320:28 | ...::args(...) [element] | main.rs:320:13:320:35 | ... .nth(...) [Some] | provenance | MaD:24 | -| main.rs:320:13:320:35 | ... .nth(...) [Some] | main.rs:320:13:320:65 | ... .unwrap_or(...) | provenance | MaD:41 | -| main.rs:320:13:320:65 | ... .unwrap_or(...) | main.rs:320:13:320:82 | ... .parse() [Ok] | provenance | MaD:44 | -| main.rs:320:13:320:82 | ... .parse() [Ok] | main.rs:320:13:320:91 | ... .unwrap() | provenance | MaD:43 | +| main.rs:320:13:320:26 | ...::args | main.rs:320:13:320:28 | ...::args(...) [element] | provenance | Src:MaD:22 | +| main.rs:320:13:320:28 | ...::args(...) [element] | main.rs:320:13:320:35 | ... .nth(...) [Some] | provenance | MaD:23 | +| main.rs:320:13:320:35 | ... .nth(...) [Some] | main.rs:320:13:320:65 | ... .unwrap_or(...) | provenance | MaD:40 | +| main.rs:320:13:320:65 | ... .unwrap_or(...) | main.rs:320:13:320:82 | ... .parse() [Ok] | provenance | MaD:43 | +| main.rs:320:13:320:82 | ... .parse() [Ok] | main.rs:320:13:320:91 | ... .unwrap() | provenance | MaD:42 | | main.rs:320:13:320:91 | ... .unwrap() | main.rs:320:9:320:9 | v | provenance | | | main.rs:323:34:323:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | | main.rs:324:42:324:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | @@ -296,52 +293,51 @@ edges models | 1 | Sink: ::allocate; Argument[0]; alloc-layout | | 2 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | -| 3 | Sink: ::split_off; Argument[0]; alloc-layout | -| 4 | Sink: ::try_with_capacity_in; Argument[0]; alloc-layout | -| 5 | Sink: ::with_capacity_in; Argument[0]; alloc-layout | -| 6 | Sink: ::allocate; Argument[0]; alloc-layout | -| 7 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | -| 8 | Sink: ::grow; Argument[2]; alloc-layout | -| 9 | Sink: ::grow_zeroed; Argument[2]; alloc-layout | -| 10 | Sink: ::shrink; Argument[2]; alloc-layout | -| 11 | Sink: ::alloc; Argument[0]; alloc-size | -| 12 | Sink: ::alloc_zeroed; Argument[0]; alloc-layout | -| 13 | Sink: ::alloc_zeroed; Argument[0]; alloc-size | -| 14 | Sink: ::realloc; Argument[2]; alloc-layout | -| 15 | Sink: ::realloc; Argument[2]; alloc-size | -| 16 | Sink: alloc::alloc::alloc; Argument[0]; alloc-layout | -| 17 | Sink: alloc::alloc::alloc_zeroed; Argument[0]; alloc-layout | -| 18 | Sink: alloc::alloc::realloc; Argument[2]; alloc-size | -| 19 | Sink: libc::unix::aligned_alloc; Argument[1]; alloc-size | -| 20 | Sink: libc::unix::calloc; Argument[0,1]; alloc-size | -| 21 | Sink: libc::unix::malloc; Argument[0]; alloc-size | -| 22 | Sink: libc::unix::realloc; Argument[1]; alloc-size | -| 23 | Source: std::env::args; ReturnValue.Element; commandargs | -| 24 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value | -| 25 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint | -| 26 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0].Reference; ReturnValue; taint | -| 27 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint | -| 28 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint | -| 29 | Summary: ::align_to; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 30 | Summary: ::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 31 | Summary: ::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 32 | Summary: ::extend; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 33 | Summary: ::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 34 | Summary: ::extend_packed; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 35 | Summary: ::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 36 | Summary: ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | -| 37 | Summary: ::pad_to_align; Argument[self].Reference; ReturnValue; taint | -| 38 | Summary: ::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | -| 39 | Summary: ::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 40 | Summary: ::size; Argument[self].Reference; ReturnValue; taint | -| 41 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | -| 42 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 43 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 44 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 45 | Summary: ::mul; Argument[0]; ReturnValue; taint | -| 46 | Summary: ::mul; Argument[self]; ReturnValue; taint | -| 47 | Summary: core::cmp::max; Argument[0]; ReturnValue; value | -| 48 | Summary: core::cmp::min; Argument[0]; ReturnValue; value | +| 3 | Sink: ::try_with_capacity_in; Argument[0]; alloc-layout | +| 4 | Sink: ::with_capacity_in; Argument[0]; alloc-layout | +| 5 | Sink: ::allocate; Argument[0]; alloc-layout | +| 6 | Sink: ::allocate_zeroed; Argument[0]; alloc-layout | +| 7 | Sink: ::grow; Argument[2]; alloc-layout | +| 8 | Sink: ::grow_zeroed; Argument[2]; alloc-layout | +| 9 | Sink: ::shrink; Argument[2]; alloc-layout | +| 10 | Sink: ::alloc; Argument[0]; alloc-size | +| 11 | Sink: ::alloc_zeroed; Argument[0]; alloc-layout | +| 12 | Sink: ::alloc_zeroed; Argument[0]; alloc-size | +| 13 | Sink: ::realloc; Argument[2]; alloc-layout | +| 14 | Sink: ::realloc; Argument[2]; alloc-size | +| 15 | Sink: alloc::alloc::alloc; Argument[0]; alloc-layout | +| 16 | Sink: alloc::alloc::alloc_zeroed; Argument[0]; alloc-layout | +| 17 | Sink: alloc::alloc::realloc; Argument[2]; alloc-size | +| 18 | Sink: libc::unix::aligned_alloc; Argument[1]; alloc-size | +| 19 | Sink: libc::unix::calloc; Argument[0,1]; alloc-size | +| 20 | Sink: libc::unix::malloc; Argument[0]; alloc-size | +| 21 | Sink: libc::unix::realloc; Argument[1]; alloc-size | +| 22 | Source: std::env::args; ReturnValue.Element; commandargs | +| 23 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Reference.Element; ReturnValue.Field[core::option::Option::Some(0)]; value | +| 24 | Summary: <_ as core::ops::arith::Add>::add; Argument[self]; ReturnValue; taint | +| 25 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0].Reference; ReturnValue; taint | +| 26 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[0]; ReturnValue; taint | +| 27 | Summary: <_ as core::ops::arith::Mul>::mul; Argument[self]; ReturnValue; taint | +| 28 | Summary: ::align_to; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 29 | Summary: ::array; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 30 | Summary: ::extend; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 31 | Summary: ::extend; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 32 | Summary: ::extend_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 33 | Summary: ::extend_packed; Argument[self].Reference; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 34 | Summary: ::from_size_align; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 35 | Summary: ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 36 | Summary: ::pad_to_align; Argument[self].Reference; ReturnValue; taint | +| 37 | Summary: ::repeat; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)].Field[0]; taint | +| 38 | Summary: ::repeat_packed; Argument[0]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 39 | Summary: ::size; Argument[self].Reference; ReturnValue; taint | +| 40 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | +| 41 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 42 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 43 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 44 | Summary: ::mul; Argument[0]; ReturnValue; taint | +| 45 | Summary: ::mul; Argument[self]; ReturnValue; taint | +| 46 | Summary: core::cmp::max; Argument[0]; ReturnValue; value | +| 47 | Summary: core::cmp::min; Argument[0]; ReturnValue; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -547,8 +543,6 @@ nodes | main.rs:230:46:230:46 | v | semmle.label | v | | main.rs:231:13:231:40 | ...::with_capacity_in | semmle.label | ...::with_capacity_in | | main.rs:231:42:231:42 | v | semmle.label | v | -| main.rs:242:16:242:24 | split_off | semmle.label | split_off | -| main.rs:242:26:242:26 | v | semmle.label | v | | main.rs:282:24:282:41 | ...: String | semmle.label | ...: String | | main.rs:283:9:283:17 | num_bytes | semmle.label | num_bytes | | main.rs:283:21:283:30 | user_input | semmle.label | user_input | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index e3034c9c28c5..1b3a5fc4e935 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -239,7 +239,7 @@ unsafe fn test_vectors(v: usize) { v1.set_len(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] let mut v2 = vec![1, 2, 3, 4, 5, 6]; - let _ = v2.split_off(v); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = v2.split_off(v); // GOOD (any allocation is bounded by the initial size of the vector) let l2 = std::alloc::Layout::new::<[u64; 200]>(); let m2 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); From b2d19b610eac90f3e0fbf524cdfc6d56e3fc1712 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 13 Jan 2026 09:01:12 +0000 Subject: [PATCH 3/3] Rust: US spelling. --- .../rust/security/UncontrolledAllocationSizeExtensions.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index e323f0d95445..0390ca779328 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -67,8 +67,8 @@ module UncontrolledAllocationSize { /** * A barrier for uncontrolled allocation size flow into particular functions. */ - private class ModelledBarrier extends Barrier { - ModelledBarrier() { + private class ModeledBarrier extends Barrier { + ModeledBarrier() { exists(MethodCall c | c.getStaticTarget().getCanonicalPath() = ["::split_off", "::split_off"] and