Merge pull request #341 from geoffw0/av_114

CPP: Improve AV Rule 114.ql's understanding of return types.
2026-05-01 19:55:15 +02:00 · 2018-10-24 09:39:51 +02:00
parent 640de0c947 dbae5c2d62
commit 7affbe4a7d
4 changed files with 56 additions and 9 deletions
--- a/cpp/ql/src/jsf/4.13
+++ b/cpp/ql/src/jsf/4.13
@@ -19,7 +19,11 @@ import cpp

 predicate functionsMissingReturnStmt(Function f, ControlFlowNode blame) {
                        f.fromSource() and
-      not f.getType().getUnderlyingType().getUnspecifiedType() instanceof VoidType and
+      exists(Type returnType |
+        returnType = f.getType().getUnderlyingType().getUnspecifiedType() and
+        not returnType instanceof VoidType and
+        not returnType instanceof TemplateParameter
+      ) and
      exists(ReturnStmt s | f.getAPredecessor() = s | blame = s.getAPredecessor())}

 /* If a function has a value-carrying return statement, but the extractor hit a snag
@@ -32,13 +36,11 @@ predicate functionImperfectlyExtracted(Function f) {
  exists(ErrorExpr ee | ee.getEnclosingFunction() = f)
 }

-from Stmt stmt, string msg
+from Stmt stmt, string msg, Function f, ControlFlowNode blame
 where
-  exists(Function f, ControlFlowNode blame |
-    functionsMissingReturnStmt(f, blame) and
-    reachable(blame) and
-    not functionImperfectlyExtracted(f) and
-    (blame = stmt or blame.(Expr).getEnclosingStmt() = stmt) and
-    msg = "Function " + f.getName() + " should return a value of type " + f.getType().getName() + " but does not return a value here"
-  )
+  functionsMissingReturnStmt(f, blame) and
+  reachable(blame) and
+  not functionImperfectlyExtracted(f) and
+  (blame = stmt or blame.(Expr).getEnclosingStmt() = stmt) and
+  msg = "Function " + f.getName() + " should return a value of type " + f.getType().getName() + " but does not return a value here"
 select stmt, msg
--- a/cpp/ql/test/query-tests/jsf/4.13
+++ b/cpp/ql/test/query-tests/jsf/4.13
@@ -3,3 +3,5 @@
 | test.c:39:9:39:14 | ExprStmt | Function f6 should return a value of type int but does not return a value here |
 | test.cpp:16:1:18:1 | { ... } | Function g2 should return a value of type MyValue but does not return a value here |
 | test.cpp:48:2:48:26 | if (...) ...  | Function g7 should return a value of type MyValue but does not return a value here |
+| test.cpp:74:1:76:1 | { ... } | Function g10 should return a value of type second but does not return a value here |
+| test.cpp:86:1:88:1 | { ... } | Function g12 should return a value of type second but does not return a value here |
--- a/cpp/ql/test/query-tests/jsf/4.13
+++ b/cpp/ql/test/query-tests/jsf/4.13
@@ -50,3 +50,45 @@ MyValue g7(bool c)
 	DONOTHING
 	// BAD [the alert here is unfortunately placed]
 }
+
+typedef void MYVOID;
+MYVOID g8()
+{
+	// GOOD
+}
+
+template<class T, class U>
+class TypePair
+{
+public:
+	typedef T first;
+	typedef U second;
+};
+
+TypePair<void, int>::first g9()
+{
+	// GOOD (the return type amounts to void)
+}
+
+TypePair<void, int>::second g10()
+{
+	// BAD (the return type amounts to int)
+}
+
+template<class T>
+typename TypePair<void, T>::first g11()
+{
+	// GOOD (the return type amounts to void)
+}
+
+template<class T>
+typename TypePair<void, T>::second g12()
+{
+	// BAD (the return type amounts to T / int)
+}
+
+void instantiate()
+{
+	g11<int>();
+	g12<int>();
+}