hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge from main

Browse Source
This commit is contained in:
Dave Bartolomeo
2022-11-01 13:22:40 -04:00
parent 23b572e9b7 e8f9429b92
commit 49c4c554c4
486 changed files with 6866 additions and 2473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/change-notes/2022-10-22-format-literal.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed bugs in the `FormatLiteral` class that were causing `getMaxConvertedLength` and related predicates to return no results when the format literal was `%e`, `%f` or `%g` and an explicit precision was specified.

36
cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
View File

@@ -1125,12 +1125,12 @@ class FormatLiteral extends Literal {
exists(int dot, int afterdot |
(if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
(
(
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else not this.hasImplicitPrecision(n)
) and
afterdot = 6
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else (
not this.hasImplicitPrecision(n) and
afterdot = 6
)
) and
len = 1 + 309 + dot + afterdot
) and
@@ -1140,12 +1140,12 @@ class FormatLiteral extends Literal {
exists(int dot, int afterdot |
(if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
(
(
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else not this.hasImplicitPrecision(n)
) and
afterdot = 6
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else (
not this.hasImplicitPrecision(n) and
afterdot = 6
)
) and
len = 1 + 1 + dot + afterdot + 1 + 1 + 3
) and
@@ -1155,12 +1155,12 @@ class FormatLiteral extends Literal {
exists(int dot, int afterdot |
(if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
(
(
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else not this.hasImplicitPrecision(n)
) and
afterdot = 6
if this.hasExplicitPrecision(n)
then afterdot = this.getPrecision(n)
else (
not this.hasImplicitPrecision(n) and
afterdot = 6
)
) and
// note: this could be displayed in the style %e or %f;
// however %f is only used when 'P > X >= -4'

12
cpp/ql/test/TestUtilities/InlineExpectationsTest.qll
View File

@@ -137,6 +137,7 @@ abstract class InlineExpectationsTest extends string {
final predicate hasFailureMessage(FailureLocatable element, string message) {
exists(ActualResult actualResult |
actualResult.getTest() = this and
actualResult.getTag() = this.getARelevantTag() and
element = actualResult and
(
exists(FalseNegativeExpectation falseNegative |
@@ -150,9 +151,18 @@ abstract class InlineExpectationsTest extends string {
)
)
or
exists(ActualResult actualResult |
actualResult.getTest() = this and
not actualResult.getTag() = this.getARelevantTag() and
element = actualResult and
message =
"Tag mismatch: Actual result with tag '" + actualResult.getTag() +
"' that is not part of getARelevantTag()"
)
or
exists(ValidExpectation expectation |
not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
expectation.getTag() = getARelevantTag() and
expectation.getTag() = this.getARelevantTag() and
element = expectation and
(
expectation instanceof GoodExpectation and

6
cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.cpp Normal file
View File

@@ -0,0 +1,6 @@
typedef void *va_list;
int myPrintf(const char *format, ...) __attribute__((format(printf, 1, 2)));
int mySprintf(char *buffer, const char *format, ...) __attribute__((format(__printf__, 2, 3)));
int myVprintf(const char *format, va_list arg) __attribute__((format(printf, 1, 0)));

2
cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.expected Normal file
View File

@@ -0,0 +1,2 @@
| AttributeFormattingFunction.cpp:4:5:4:12 | myPrintf | 0 | char | wchar_t | wchar_t |
| AttributeFormattingFunction.cpp:5:5:5:13 | mySprintf | 1 | char | wchar_t | wchar_t |

5
cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.ql Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from AttributeFormattingFunction f
select f, f.getFormatParameterIndex(), concat(f.getDefaultCharType().toString(), ", "),
concat(f.getWideCharType().toString(), ", "), concat(f.getNonDefaultCharType().toString(), ", ")

3
cpp/ql/test/library-tests/printf/formatAttribute/FormatAttribute.expected Normal file
View File

@@ -0,0 +1,3 @@
| AttributeFormattingFunction.cpp:4:54:4:59 | format | printf | 0 | 1 |
| AttributeFormattingFunction.cpp:5:69:5:74 | format | __printf__ | 1 | 2 |
| AttributeFormattingFunction.cpp:6:63:6:68 | format | printf | 0 | |

5
cpp/ql/test/library-tests/printf/formatAttribute/FormatAttribute.ql Normal file
View File

@@ -0,0 +1,5 @@
import cpp
from FormatAttribute fa
select fa, fa.getArchetype(), concat(fa.getFormatIndex().toString(), ", "),
concat(fa.getFirstFormatArgIndex().toString(), ", ")

53
cpp/ql/test/library-tests/printf/formatLiteral/formatLiteral.expected Normal file
View File

@@ -0,0 +1,53 @@
| test.c:14:9:14:10 | | 1 |
| test.c:15:9:15:14 | | 2 |
| test.c:16:9:16:12 | \t | 2 |
| test.c:17:9:17:12 | %% | 2 |
| test.c:20:9:20:12 | %c | 2 |
| test.c:21:9:21:16 | %c%c%c | 4 |
| test.c:24:9:24:23 | Hello, world! | 14 |
| test.c:25:9:25:12 | %s | 14 |
| test.c:26:9:26:14 | %.4s | 5 |
| test.c:27:9:27:16 | %s, %s | 14 |
| test.c:30:9:30:12 | %i | 12 |
| test.c:31:9:31:14 | %lli | 12 |
| test.c:32:9:32:12 | %i | 12 |
| test.c:33:9:33:14 | %lli | 21 |
| test.c:34:9:34:12 | %d | 12 |
| test.c:35:9:35:12 | %u | 11 |
| test.c:36:9:36:12 | %x | 9 |
| test.c:37:9:37:12 | %X | 9 |
| test.c:38:9:38:13 | %#x | 11 |
| test.c:39:9:39:12 | %o | 12 |
| test.c:40:9:40:13 | %#o | 13 |
| test.c:43:9:43:12 | %f | 318 |
| test.c:44:9:44:14 | %.2f | 314 |
| test.c:45:9:45:12 | %e | 15 |
| test.c:59:10:59:14 | %Ii | 12 |
| test.c:66:10:66:14 | %zu | 21 |
| test.c:67:10:67:14 | %Zu | 21 |
| test.c:74:10:74:14 | %lc | 2 |
| test.c:78:9:78:20 | %2$i, %1$i | 5 |
| test.c:79:9:79:20 | %2$i, %1$i | 25 |
| test.c:81:9:81:24 | %2$02i %1$4.2f | |
| test.c:85:10:85:18 | %2$*1$d | |
| test.c:86:10:86:19 | %2$0*1$d | |
| test.c:92:10:92:19 | %2$.*1$f | |
| test.c:99:10:99:12 | # | 2 |
| test.c:100:10:100:13 | %% | 2 |
| test.c:101:10:101:15 | %%%% | 3 |
| test.c:102:10:102:15 | %%%f | 319 |
| test.c:103:10:103:17 | %%%%%f | 320 |
| test.c:104:10:104:18 | %4.2f%% | 315 |
| test.c:105:10:105:17 | %%%f%% | 320 |
| test.c:112:10:112:13 | %f | 318 |
| test.c:113:10:113:15 | %.1f | 313 |
| test.c:114:10:114:14 | %1f | 318 |
| test.c:115:10:115:16 | %1.1f | 313 |
| test.c:116:10:116:13 | %e | 15 |
| test.c:117:10:117:15 | %.2e | 11 |
| test.c:118:10:118:14 | %3e | 15 |
| test.c:119:10:119:16 | %3.2e | 11 |
| test.c:120:10:120:13 | %g | 15 |
| test.c:121:10:121:15 | %.1g | 10 |
| test.c:122:10:122:14 | %4g | 15 |
| test.c:123:10:123:16 | %4.1g | 10 |

4
cpp/ql/test/library-tests/printf/formatLiteral/formatLiteral.ql Normal file
View File

@@ -0,0 +1,4 @@
import semmle.code.cpp.commons.Printf
from FormatLiteral fl
select fl, concat(fl.getMaxConvertedLength().toString(), ", ")

51
cpp/ql/test/library-tests/printf/formatLiteral/formatType.expected Normal file
View File

@@ -0,0 +1,51 @@
| test.c:20:9:20:12 | %c | 0 | | c | | file://:0:0:0:0 | char |
| test.c:21:9:21:16 | %c%c%c | 0 | | c | | file://:0:0:0:0 | char |
| test.c:21:9:21:16 | %c%c%c | 1 | | c | | file://:0:0:0:0 | char |
| test.c:21:9:21:16 | %c%c%c | 2 | | c | | file://:0:0:0:0 | char |
| test.c:25:9:25:12 | %s | 0 | | s | | file://:0:0:0:0 | char * |
| test.c:26:9:26:14 | %.4s | 0 | | s | | file://:0:0:0:0 | char * |
| test.c:27:9:27:16 | %s, %s | 0 | | s | | file://:0:0:0:0 | char * |
| test.c:27:9:27:16 | %s, %s | 1 | | s | | file://:0:0:0:0 | char * |
| test.c:30:9:30:12 | %i | 0 | | i | | file://:0:0:0:0 | int |
| test.c:31:9:31:14 | %lli | 0 | | i | ll | file://:0:0:0:0 | long long |
| test.c:32:9:32:12 | %i | 0 | | i | | file://:0:0:0:0 | int |
| test.c:33:9:33:14 | %lli | 0 | | i | ll | file://:0:0:0:0 | long long |
| test.c:34:9:34:12 | %d | 0 | | d | | file://:0:0:0:0 | int |
| test.c:35:9:35:12 | %u | 0 | | u | | file://:0:0:0:0 | unsigned int |
| test.c:36:9:36:12 | %x | 0 | | x | | file://:0:0:0:0 | unsigned int |
| test.c:37:9:37:12 | %X | 0 | | X | | file://:0:0:0:0 | unsigned int |
| test.c:38:9:38:13 | %#x | 0 | | x | | file://:0:0:0:0 | unsigned int |
| test.c:39:9:39:12 | %o | 0 | | o | | file://:0:0:0:0 | unsigned int |
| test.c:40:9:40:13 | %#o | 0 | | o | | file://:0:0:0:0 | unsigned int |
| test.c:43:9:43:12 | %f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:44:9:44:14 | %.2f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:45:9:45:12 | %e | 0 | | e | | file://:0:0:0:0 | double |
| test.c:59:10:59:14 | %Ii | 0 | | i | | file://:0:0:0:0 | int |
| test.c:66:10:66:14 | %zu | 0 | | u | z | test.c:50:27:50:32 | size_t |
| test.c:67:10:67:14 | %Zu | 0 | | u | Z | test.c:50:27:50:32 | size_t |
| test.c:74:10:74:14 | %lc | 0 | | c | l | file://:0:0:0:0 | wchar_t |
| test.c:78:9:78:20 | %2$i, %1$i | 0 | 2$ | i | | file://:0:0:0:0 | int |
| test.c:78:9:78:20 | %2$i, %1$i | 1 | 1$ | i | | file://:0:0:0:0 | int |
| test.c:79:9:79:20 | %2$i, %1$i | 0 | 2$ | i | | file://:0:0:0:0 | int |
| test.c:79:9:79:20 | %2$i, %1$i | 1 | 1$ | i | | file://:0:0:0:0 | int |
| test.c:81:9:81:24 | %2$02i %1$4.2f | 0 | 2$ | i | | file://:0:0:0:0 | int |
| test.c:81:9:81:24 | %2$02i %1$4.2f | 1 | 1$ | f | | file://:0:0:0:0 | double |
| test.c:85:10:85:18 | %2$*1$d | 0 | 2$ | d | | file://:0:0:0:0 | int |
| test.c:86:10:86:19 | %2$0*1$d | 0 | 2$ | d | | file://:0:0:0:0 | int |
| test.c:92:10:92:19 | %2$.*1$f | 0 | 2$ | f | | file://:0:0:0:0 | double |
| test.c:102:10:102:15 | %%%f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:103:10:103:17 | %%%%%f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:104:10:104:18 | %4.2f%% | 0 | | f | | file://:0:0:0:0 | double |
| test.c:105:10:105:17 | %%%f%% | 0 | | f | | file://:0:0:0:0 | double |
| test.c:112:10:112:13 | %f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:113:10:113:15 | %.1f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:114:10:114:14 | %1f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:115:10:115:16 | %1.1f | 0 | | f | | file://:0:0:0:0 | double |
| test.c:116:10:116:13 | %e | 0 | | e | | file://:0:0:0:0 | double |
| test.c:117:10:117:15 | %.2e | 0 | | e | | file://:0:0:0:0 | double |
| test.c:118:10:118:14 | %3e | 0 | | e | | file://:0:0:0:0 | double |
| test.c:119:10:119:16 | %3.2e | 0 | | e | | file://:0:0:0:0 | double |
| test.c:120:10:120:13 | %g | 0 | | g | | file://:0:0:0:0 | double |
| test.c:121:10:121:15 | %.1g | 0 | | g | | file://:0:0:0:0 | double |
| test.c:122:10:122:14 | %4g | 0 | | g | | file://:0:0:0:0 | double |
| test.c:123:10:123:16 | %4.1g | 0 | | g | | file://:0:0:0:0 | double |

6
cpp/ql/test/library-tests/printf/formatLiteral/formatType.ql Normal file
View File

@@ -0,0 +1,6 @@
import semmle.code.cpp.commons.Printf
from FormatLiteral fl, int i
select fl, i, concat(fl.getParameterField(i).toString(), ", "), fl.getConversionChar(i),
fl.getLength(i), concat(fl.getConversionType(i).getLocation().toString(), ", "),
concat(fl.getConversionType(i).toString(), ", ")

125
cpp/ql/test/library-tests/printf/formatLiteral/test.c Normal file
View File

@@ -0,0 +1,125 @@
/** standard printf functions */
int printf(const char *format, ...);
/** test program */
int main(int argc, char *argv[])
{
long long int lli;
double d;
int i;
// constant expressions
printf("");
printf("\x20");
printf("\t");
printf("%%");
// characters
printf("%c", 'a');
printf("%c%c%c", 'a', 'b', 'c');
// strings
printf("Hello, world!");
printf("%s", "Hello, world!");
printf("%.4s", "Hello, world!");
printf("%s, %s", "Hello", "world!");
// integers
printf("%i", i);
printf("%lli", i);
printf("%i", lli);
printf("%lli", lli);
printf("%d", i);
printf("%u", i);
printf("%x", i);
printf("%X", i);
printf("%#x", i);
printf("%o", i);
printf("%#o", i);
// doubles
printf("%f", d);
printf("%.2f", d);
printf("%e", d);
return 0;
}
typedef long unsigned int size_t;
typedef unsigned int wint_t;
void more_cases(int a, int b)
{
// integers
{
int i;
printf("%Ii", i); // glibc 2.2 'I' prefix
}
// size_t
{
size_t st;
printf("%zu", st); // size_t
printf("%Zu", st); // non-standard synonym for 'z'
}
// wint_t
{
wint_t wt;
printf("%lc", wt); // wide character
}
// posix indexed format arguments
printf("%2$i, %1$i", 1, 2); // '2, 1'
printf("%2$i, %1$i", a, b);
printf("%2$02i %1$4.2f", 3.3333f, 6); // 06, 3.33
{
int width, num;
printf("%2$*1$d", width, num);
printf("%2$0*1$d", width, num);
}
{
int precision;
float num;
printf("%2$.*1$f", precision, num);
}
// %%
{
float num;
printf("#");
printf("%%");
printf("%%%%");
printf("%%%f", num);
printf("%%%%%f", num);
printf("%4.2f%%", num);
printf("%%%f%%", num);
}
// more tests of width and precision
{
float num;
printf("%f", num);
printf("%.1f", num);
printf("%1f", num);
printf("%1.1f", num);
printf("%e", num);
printf("%.2e", num);
printf("%3e", num);
printf("%3.2e", num);
printf("%g", num);
printf("%.1g", num);
printf("%4g", num);
printf("%4.1g", num);
}
}

33
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -3,19 +3,20 @@
| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| test.cpp:50:10:50:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:56:12:56:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:59:12:59:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:60:12:60:26 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:61:12:61:17 | + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:62:12:62:18 | * ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:63:12:63:18 | & ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:64:12:64:39 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:66:10:66:35 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:69:12:69:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:75:12:75:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:81:12:81:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:87:12:87:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:92:12:92:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:109:12:109:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:129:20:129:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
| test.cpp:51:10:51:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:57:12:57:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:60:12:60:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:61:12:61:26 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:62:12:62:17 | + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:63:12:63:18 | * ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:64:12:64:18 | & ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:65:12:65:39 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:67:10:67:35 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:70:12:70:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:76:12:76:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:82:12:82:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:88:12:88:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:93:12:93:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:110:12:110:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:130:20:130:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
| test.cpp:157:12:157:15 | data | The format string argument to printf should be constant to prevent security issues and other potential errors. |

8
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
View File

@@ -1,6 +1,7 @@
extern "C" int printf(const char *fmt, ...);
extern "C" int sprintf(char *buf, const char *fmt, ...);
extern "C" char *gettext (const char *);
extern "C" char *gettext(const char *);
extern "C" char *strcpy(char *dst, const char *src);
#define MYSPRINTF sprintf
@@ -150,3 +151,8 @@ void print_ith_message() {
set_value_of(&i);
printf(messages[i], 1U); // GOOD
}
void fmt_via_strcpy(char *data) {
strcpy(data, "some string");
printf(data); // BAD
}