hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Additional test cases.

Browse Source
This commit is contained in:
Geoffrey White
2025-02-20 16:24:59 +00:00
parent e77ebf0715
commit 89355991df
2 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected
View File

@@ -29,6 +29,9 @@
| tests.cpp:363:2:363:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:364:25:364:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
| tests.cpp:367:23:367:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
| tests.cpp:369:2:369:13 | access to array | This array indexing operation accesses a negative index -2 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:370:2:370:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:374:2:374:13 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
| tests.cpp:394:3:394:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:389:47:389:52 | call to malloc | array |
| tests.cpp:397:3:397:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:390:47:390:52 | call to malloc | array |
| tests.cpp:467:3:467:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:465:7:465:14 | intArray | array |

38
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -337,13 +337,13 @@ void test12()
}
}
void test13()
void test13(char *argArray)
{
char charArray[10];
int intArray[10];
myStruct structArray[10];
char *ptrArray = charArray;
char *ptrArrayOffset = charArray + 1;
charArray[-1] = 1; // BAD: underrun write
charArray[0] = 1; // GOOD
@@ -366,24 +366,24 @@ void test13()
charArray[9] = (char)intArray[9]; // GOOD
charArray[9] = (char)intArray[10]; // BAD: overrun read
ptrArray[-2] = 1; // BAD: underrun write
ptrArray[-1] = 1; // BAD: underrun write
ptrArray[0] = 1; // GOOD
ptrArray[8] = 1; // GOOD
ptrArray[9] = 1; // GOOD
ptrArray[10] = 1; // BAD: overrun write
ptrArrayOffset[-2] = 1; // BAD: underrun write [NOT DETECTED]
ptrArrayOffset[-1] = 1; // GOOD (there is room for this)
ptrArrayOffset[0] = 1; // GOOD
ptrArrayOffset[8] = 1; // GOOD
ptrArrayOffset[9] = 1; // BAD: overrun write [NOT DETECTED]
ptrArrayOffset[10] = 1; // BAD: overrun write [NOT DETECTED]
argArray[-1] = 1; // BAD: underrun write [NOT DETECTED]
argArray[0] = 1; // GOOD
argArray[1] = 1; // GOOD (we can't tell the length of this array)
argArray[999] = 1; // GOOD (we can't tell the length of this array)
{
unsigned short *buffer1 = (unsigned short *)malloc(sizeof(short) * 50);