hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Tidy up the ql file and accept test changes.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-04-16 18:45:08 +02:00
parent 1e327289b2
commit 64f8316a6d
3 changed files with 31 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrncat.expected
View File

@@ -1,3 +1,5 @@
| test.c:8:3:8:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
| test.c:17:3:17:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
| test.c:25:3:25:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
| test.c:8:3:8:9 | call to strncat | Possible out-of-bounds write due to incorrect size argument. |
| test.c:9:3:9:9 | call to strncat | Possible out-of-bounds write due to incorrect size argument. |
| test.c:17:3:17:9 | call to strncat | Possible out-of-bounds write due to incorrect size argument. |
| test.c:18:3:18:9 | call to strncat | Possible out-of-bounds write due to incorrect size argument. |
| test.c:46:3:46:9 | call to strncat | Possible out-of-bounds write due to incorrect size argument. |

8
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c
View File

@@ -6,7 +6,7 @@ void strncat_test1(char *s) {
char buf[80];
strncat(buf, s, sizeof(buf) - strlen(buf) - 1); // GOOD
strncat(buf, s, sizeof(buf) - strlen(buf)); // BAD
strncat(buf, "fix", sizeof(buf)-strlen(buf)); // BAD [NOT DETECTED]
strncat(buf, "fix", sizeof(buf)-strlen(buf)); // BAD
}
#define MAX_SIZE 80
@@ -15,14 +15,14 @@ void strncat_test2(char *s) {
char buf[MAX_SIZE];
strncat(buf, s, MAX_SIZE - strlen(buf) - 1); // GOOD
strncat(buf, s, MAX_SIZE - strlen(buf)); // BAD
strncat(buf, "fix", MAX_SIZE - strlen(buf)); // BAD [NOT DETECTED]
strncat(buf, "fix", MAX_SIZE - strlen(buf)); // BAD
}
void strncat_test3(char *s) {
int len = 80;
char* buf = (char *) malloc(len);
strncat(buf, s, len - strlen(buf) - 1); // GOOD
strncat(buf, s, len - strlen(buf)); // BAD
strncat(buf, s, len - strlen(buf)); // BAD [NOT DETECTED]
strncat(buf, "fix", len - strlen(buf)); // BAD [NOT DETECTED]
}
@@ -43,7 +43,7 @@ void strncat_test5(char* s, struct buffers* buffers) {
unsigned len_array = strlen(buffers->array);
unsigned max_size = sizeof(buffers->array);
unsigned free_size = max_size - len_array;
strncat(buffers->array, s, free_size); // BAD [NOT DETECTED]
strncat(buffers->array, s, free_size); // BAD
}
void strlen_test1(){