hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-434] Additional test case; improve QHelp by including themes from the BadAdditionOverflowCheck QHelp.

Browse Source
This commit is contained in:
Ziemowit Laski
2019-10-17 16:41:17 -07:00
parent fb625c12ef
commit 70441edacf
5 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-bad.cpp → cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-bad1.cpp
View File

3
cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-good1.cpp Normal file
View File

@@ -0,0 +1,3 @@
bool baf(unsigned short n1, unsigned short delta) {
return n1 + (unsigned)delta < n1; // GOOD
}

0
cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-good.cpp → cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck-good2.cpp
View File

21
cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.qhelp
View File

@@ -24,17 +24,28 @@ type is promoted to the larger type used in the addition and comparison,
namely a <code>signed int</code>. As a result, the entire expression is
evaluated using <code>signed</code> values and its value is therefore undefined.
</p>
<sample src="SignedOverflowCheck-bad.cpp" />
<sample src="SignedOverflowCheck-bad1.cpp" />
<p>
In the following example, even though both <code>n</code> and <code>delta</code>
have been declared <code>unsigned short</code>, C/C++ type promotion rules
require that both parameters be promoted to the next bigger <code>signed</code>
integer type (in this case <code>signed int</code>) before being added together
so as to avoid overflows or underflows. As a result, the entire expression is
evaluated using <code>signed</code> values and its value is therefore undefined.
integer type (in this case <code>signed int</code>) before being added together.
As a result, the entire expression is evaluated using <code>signed</code> values
and its value is therefore undefined. (Note, however, that the addition cannot
overflow since we are adding two "small" <code>unsigned short</code> values.)
</p>
<sample src="SignedOverflowCheck-bad2.cpp" />
<p>
The following example builds upon the previous one. Again, we have two
<code>unsigned short</code> values getting promoted to a wider type. However,
since <code>delta</code> is explicitly cast to an <code>unsigned</code> type,
<code>n1</code> (on both sides of the comparison) is promoted to
<code>unsigned</code> as well. Since we are now operating on
<code>unsigned</code> values, the overflow check is defined and supported by
standard C/C++.
</p>
<sample src="SignedOverflowCheck-good1.cpp" />
<p>
In the next example, a value of type <code>signed int</code> is
added to a value of type <code>unsigned int</code>. Because
the types are of the same size, C/C++ promotion rules dictate that
@@ -42,7 +53,7 @@ the types are of the same size, C/C++ promotion rules dictate that
operation. The entire expression is evaluated using <code>unsigned</code>
values, which is allowed and defined behavior per the C/C++ standard.
</p>
<sample src="SignedOverflowCheck-good.cpp" />
<sample src="SignedOverflowCheck-good2.cpp" />
</example>
<references>
<li><a href="http://c-faq.com/expr/preservingrules.html">comp.lang.c FAQ list · Question 3.19 (Preserving rules)</a></li>