Merge pull request #682 from geoffw0/suspiciousaddsizeof

CPP: Fix false positive in SuspiciousAddWithSizeof.ql
2026-04-28 02:05:14 +02:00 · 2019-01-21 09:06:18 +01:00
parent 0432b01e3b bff23f546d
commit 169bbcdfa0
4 changed files with 34 additions and 3 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected
@@ -4,3 +4,4 @@
 | test.cpp:30:25:30:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
 | test.cpp:38:30:38:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
 | test.cpp:61:27:61:37 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
+| test.cpp:89:43:89:55 | sizeof(MyABC) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is myInt *const. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp
@@ -64,3 +64,32 @@ void test7(int i) {
  v = *(int *)(voidPointer + i); // GOOD (actually rather dubious, but this could be correct code)
  v = *(int *)(voidPointer + (i * sizeof(int))); // GOOD
 }
+
+typedef unsigned long size_t;
+
+void *malloc(size_t size);
+
+class MyABC
+{
+public:
+  int a, b, c;
+};
+
+typedef unsigned char myChar;
+typedef unsigned int myInt;
+
+class MyTest8Class
+{
+public:
+  MyTest8Class() :
+    myCharsPointer((myChar *)malloc(sizeof(MyABC) * 2)),
+    myIntsPointer((myInt *)malloc(sizeof(MyABC) * 2))
+  {
+    myChar *secondPtr = myCharsPointer + sizeof(MyABC); // GOOD
+    myInt *secondPtrInt = myIntsPointer + sizeof(MyABC); // BAD
+  }
+
+private:
+  myChar * const myCharsPointer;
+  myInt * const myIntsPointer;
+};