C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN

2026-04-26 17:25:19 +02:00 · 2024-09-23 16:38:34 +01:00
parent 6a0212ea44
commit 31684d2548
3 changed files with 26 additions and 11 deletions
--- a/cpp/ql/lib/semmle/code/cpp/Function.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Function.qll
@@ -652,6 +652,8 @@ class FunctionDeclarationEntry extends DeclarationEntry, @fun_decl {
  /**
   * Holds if this declaration is an implicit function declaration, that is,
   * where a function is used before it is declared (under older C standards).
+   * This can also happen in standalone extraction when a function has not been
+   * properly declared.
   */
  predicate isImplicit() { fun_implicit(underlyingElement(this)) }

--- a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
@@ -121,16 +121,31 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
   * the first format specifier in the format string.
   */
  int getFirstFormatArgumentIndex() {
-    result = this.getNumberOfParameters() and
-    // the formatting function either has a definition in the snapshot, or all
+    // The formatting function either has a definition in the snapshot, or all
    // `DeclarationEntry`s agree on the number of parameters (otherwise we don't
    // really know the correct number)
-    (
-      this.hasDefinition()
-      or
-      forall(FunctionDeclarationEntry fde | fde = this.getADeclarationEntry() |
-        result = fde.getNumberOfParameters()
-      )
+    if this.hasDefinition()
+    then result = this.getDefinition().getNumberOfParameters()
+    else result = this.getNumberOfExplicitParameters()
+  }
+
+  /**
+   * Gets a non-implicit function declaration entry.
+   */
+  FunctionDeclarationEntry getAnExplicitDeclarationEntry() {
+    result = this.getADeclarationEntry() and
+    not result.isImplicit()
+  }
+
+  /**
+   * Gets the number of parameters, excluding any parameters that have been defined
+   * from implicit function declarations. If there is some inconsistency in the number
+   * of parameters, then don't return anything.
+   */
+  int getNumberOfExplicitParameters() {
+    result = this.getAnExplicitDeclarationEntry().getNumberOfParameters() and
+    forall(FunctionDeclarationEntry fde | fde = this.getAnExplicitDeclarationEntry() |
+      result = fde.getNumberOfParameters()
    )
  }

--- a/Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
+++ b/Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
@@ -10,6 +10,4 @@
 | test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 |
 | test.c:19:2:19:7 | call to printf | Format for printf expects 2 arguments but given 1 |
 | test.c:29:3:29:8 | call to printf | Format for printf expects 2 arguments but given 1 |
-| test.c:51:2:51:10 | call to my_logger | Format for my_logger expects 6 arguments but given 1 |
-| test.c:52:2:52:10 | call to my_logger | Format for my_logger expects 3 arguments but given 0 |
-| test.c:53:2:53:10 | call to my_logger | Format for my_logger expects 3 arguments but given 0 |
+| test.c:53:2:53:10 | call to my_logger | Format for my_logger expects 3 arguments but given 2 |