hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add change note

Browse Source 
Also fix discrepancies between `SignedOverflowCheck.ql` and its change
note.
This commit is contained in:
Jonas Jensen
2019-11-13 14:43:30 +01:00
parent 2d72a9cdec
commit 4ddac749af
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change-notes/1.23/analysis-cpp.md
View File

@@ -9,7 +9,8 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | reliability, japanese-era | This query is a combination of two old queries that were identical in purpose but separate as an implementation detail. This new query replaces Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) and Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`). |
| Signed overflow check (`cpp/signed-overflow-check`) | correctness, reliability | Finds overflow checks that rely on signed integer addition to overflow, which has undefined behavior. Example: `a + b < a`. |
| Signed overflow check (`cpp/signed-overflow-check`) | correctness, security | Finds overflow checks that rely on signed integer addition to overflow, which has undefined behavior. Example: `a + b < a`. |
| Pointer overflow check (`cpp/pointer-overflow-check`) | correctness, security | Finds overflow checks that rely on pointer addition to overflow, which has undefined behavior. Example: `ptr + a < ptr`. |
## Changes to existing queries

4
cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Undefined result of signed test for overflow
* @name Signed overflow check
* @description Testing for overflow by adding a value to a variable
* to see if it "wraps around" works only for
* unsigned integer values.
@@ -7,7 +7,7 @@
* @problem.severity warning
* @precision high
* @id cpp/signed-overflow-check
* @tags reliability
* @tags correctness
* security
*/