hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Expand the test cases covering PotentialBufferOverflow.ql.

Browse Source
This commit is contained in:
Geoffrey White
2019-02-07 18:25:19 +00:00
parent 999e0c8b95
commit 7194121eae
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/PotentialBufferOverflow.expected
View File

@@ -2,3 +2,4 @@
| tests.cpp:259:2:259:8 | call to sprintf | This conversion may yield a string of length 17, which exceeds the allocated buffer size of 10 |
| tests.cpp:272:2:272:8 | call to sprintf | This conversion may yield a string of length 9, which exceeds the allocated buffer size of 8 |
| tests.cpp:273:2:273:8 | call to sprintf | This conversion may yield a string of length 9, which exceeds the allocated buffer size of 8 |
| tests.cpp:287:2:287:8 | call to sprintf | This conversion may yield a string of length 318, which exceeds the allocated buffer size of 64 |

17
cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/tests.cpp
View File

@@ -272,3 +272,20 @@ void test4()
sprintf(buffer8, "12345678"); // BAD: buffer overflow
sprintf(buffer8_ptr, "12345678"); // BAD: buffer overflow
}
typedef void *va_list;
int vsprintf(char *s, const char *format, va_list arg);
void test5(va_list args, float f)
{
char buffer10[10], buffer64[64];
char *buffer4 = new char[4 * sizeof(char)];
vsprintf(buffer10, "123456789", args); // GOOD
vsprintf(buffer10, "1234567890", args); // BAD: buffer overflow [NOT DETECTED]
sprintf(buffer64, "%f", f); // BAD: potential buffer overflow
vsprintf(buffer4, "123", args); // GOOD
vsprintf(buffer4, "1234", args); // BAD: buffer overflow [NOT DETECTED]
}