CPP: Fix ODASA-3654.

2025-12-20 10:46:30 +01:00 · 2019-03-26 12:54:38 +00:00
parent bd138238b0
commit 69f87d8eee
3 changed files with 4 additions and 5 deletions
--- a/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
+++ b/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
@@ -256,11 +256,11 @@ class FormatLiteral extends Literal {
  }

  /**
-   * Gets the format string, with '%%' replaced by '_' (to avoid processing
-   * '%%' as a format specifier).
+   * Gets the format string, with '%%' adn '%@' replaced by '_' (to avoid processing
+   * them as format specifiers).
   */
  string getFormat() {
-    result = this.getValue().replaceAll("%%", "_")
+    result = this.getValue().replaceAll("%%", "_").replaceAll("%@", "_")
  }

  /**
--- a/Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
+++ b/Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
@@ -6,4 +6,3 @@
 | test.c:15:2:15:7 | call to printf | Format expects 3 arguments but given 2 |
 | test.c:19:2:19:7 | call to printf | Format expects 2 arguments but given 1 |
 | test.c:29:3:29:8 | call to printf | Format expects 2 arguments but given 1 |
-| test.c:44:2:44:7 | call to printf | Format expects 3 arguments but given 2 |
--- a/Bugs/Format/WrongNumberOfFormatArguments/test.c
+++ b/Bugs/Format/WrongNumberOfFormatArguments/test.c
@@ -41,5 +41,5 @@ void test(int i, const char *str)
 		printf("%2$.*4$f", num, 0, precision); // BAD (too few format arguments) [INCORRECT MESSAGE]
 	}

-	printf("%@ %i %i", 1, 2); // GOOD [FALSE POSITIVE]
+	printf("%@ %i %i", 1, 2); // GOOD
 }