hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-370] Add an additional test case.

Browse Source
This commit is contained in:
Ziemowit Laski
2019-06-04 16:19:01 -07:00
parent 51e543a41d
commit 8f79cdb1fb
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -4,6 +4,7 @@
| NonConstantFormat.c:45:9:45:48 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| test.cpp:48:10:48:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:54:12:54:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:57:12:57:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |

14
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp
View File

@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );
struct A {
void do_print(const char *fmt0) {
char buf[32];
snprintf(buf, 32, fmt0); // BAD [should detect at top-most call]
snprintf(buf, 32, fmt0); // GOOD
}
};
@@ -39,7 +39,7 @@ struct C {
void foo(void) {
C c;
c.do_some_printing(c.ext_fmt_str()); // BAD [not detected at this location]
c.do_some_printing(c.ext_fmt_str());
}
struct some_class {
@@ -78,3 +78,13 @@ void diagnostic(const char *fmt, ...)
void bar(void) {
diagnostic (some_instance->get_fmt()); // GOOD
}
namespace ns {
class blab {
void out1(void) {
char *fmt = (char *)__builtin_alloca(10);
diagnostic(fmt); // GOOD
}
};
}