C++: Exclude deallocation functions as scanf result accesses

2026-05-03 04:39:29 +02:00 · 2022-12-15 09:24:16 +01:00
parent a92acf5218
commit 4fb43d56b3
3 changed files with 54 additions and 20 deletions
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
@@ -19,6 +19,11 @@ FILE *get_a_stream();
 const char *get_a_string();
 extern locale_t get_a_locale();

+typedef long size_t;
+
+void *malloc(size_t size);
+void free(void *ptr);
+
 int main()
 {
 	// --- simple cases ---
@@ -78,6 +83,22 @@ int main()
 		use(i); // GOOD
 	}

+	{
+		int *i = (int*)malloc(sizeof(int)); // Allocated variable
+
+		scanf("%d", i);
+		use(*i); // BAD
+		free(i); // GOOD
+	}
+
+	{
+		int *i = new int; // Allocated variable
+
+		scanf("%d", i);
+		use(*i); // BAD
+		delete i; // GOOD
+	}
+
 	// --- different scanf functions ---

 	{