hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #492 from geoffw0/offsetuse

Browse Source 
Approved by dave-bartolomeo
This commit is contained in:
semmle-qlci
2018-11-21 17:26:48 +00:00
committed by GitHub
parent 4e72a08b8d 646bb01a5f
commit 62db19bee7
5 changed files with 84 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck/OffsetUseBeforeRangeCheck.expected Normal file
View File

@@ -0,0 +1,6 @@
| test.cpp:11:10:11:18 | access to array | This use of offset 'i' should follow the $@. | test.cpp:11:32:11:45 | ... < ... | range check |
| test.cpp:15:7:15:15 | access to array | This use of offset 'i' should follow the $@. | test.cpp:15:29:15:42 | ... < ... | range check |
| test.cpp:27:7:27:15 | access to array | This use of offset 'i' should follow the $@. | test.cpp:27:39:27:52 | ... < ... | range check |
| test.cpp:39:8:39:16 | access to array | This use of offset 'i' should follow the $@. | test.cpp:39:30:39:47 | ... < ... | range check |
| test.cpp:44:7:44:15 | access to array | This use of offset 'i' should follow the $@. | test.cpp:44:22:44:35 | ... < ... | range check |
| test.cpp:47:7:47:15 | access to array | This use of offset 'i' should follow the $@. | test.cpp:47:33:47:46 | ... < ... | range check |

1
cpp/ql/test/query-tests/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck/OffsetUseBeforeRangeCheck.qlref Normal file
View File

@@ -0,0 +1 @@
Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql

50
cpp/ql/test/query-tests/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck/test.cpp Normal file
View File

@@ -0,0 +1,50 @@
void test(char *buffer, int bufferSize)
{
int i;
// skip whitespace
i = 0;
while ((i < bufferSize) && (buffer[i] == ' ')) { i++; } // GOOD
i = 0;
while ((buffer[i] == ' ') && (i < bufferSize)) { i++; } // BAD
// check for 'x'
if ((i < bufferSize) && (buffer[i] == 'x')) {} // GOOD
if ((buffer[i] == 'x') && (i < bufferSize)) {} // BAD
if ((bufferSize > i) && (buffer[i] == 'x')) {} // GOOD
if ((buffer[i] == 'x') && (bufferSize > i)) {} // BAD [NOT DETECTED]
if ((i <= bufferSize - 1) && (buffer[i] == 'x')) {} // GOOD
if ((buffer[i] == 'x') && (i <= bufferSize - 1)) {} // BAD [NOT DETECTED]
if ((bufferSize >= i + 1) && (buffer[i] == 'x')) {} // GOOD
if ((buffer[i] == 'x') && (bufferSize >= i + 1)) {} // BAD [NOT DETECTED]
if ((i < bufferSize) && (true) && (buffer[i] == 'x')) {} // GOOD
if ((buffer[i] == 'x') && (true) && (i < bufferSize)) {} // BAD
if ((i < bufferSize - 1) && (buffer[i + 1] == 'x')) {} // GOOD
if ((buffer[i + 1] == 'x') && (i < bufferSize - 1)) {} // BAD [NOT DETECTED]
if ((i < bufferSize) && (buffer[i] == 'x') && (i < bufferSize - 1)) {} // GOOD
if ((i < bufferSize) && ((buffer[i] == 'x') && (i < bufferSize - 1))) {} // GOOD
if ((i < bufferSize + 1) && (buffer[i] == 'x') && (i < bufferSize)) {} // BAD [NOT DETECTED]
if ((i < bufferSize + 1) && ((buffer[i] == 'x') && (i < bufferSize))) {} // BAD [NOT DETECTED]
// look for 'ab'
for (i = 0; i < bufferSize; i++) {
if ((buffer[i] == 'a') && (i < bufferSize - 1) && (buffer[i + 1] == 'b')) // GOOD [FALSE POSITIVE]
break;
}
if ((i < bufferSize) && (buffer[i])) {} // GOOD
if ((buffer[i]) && (i < bufferSize)) {} // BAD
if ((i < bufferSize) && (buffer[i] + 1 == 'x')) {} // GOOD
if ((buffer[i] + 1 == 'x') && (i < bufferSize)) {} // BAD
if ((buffer != 0) && (i < bufferSize)) {} // GOOD
}