hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14704 from MathiasVP/fix-uninitialized-local

Browse Source 
C++: IR'ify `cpp/uninitialized-local` and fix FPs
This commit is contained in:
Mathias Vorreiter Pedersen
2023-11-07 22:45:34 +00:00
committed by GitHub
parent b63294764b 69502d0c31
commit a8eed6bd7e
5 changed files with 115 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
View File

@@ -1,14 +1,7 @@
| test.cpp:12:6:12:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
| test.cpp:30:6:30:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:26:6:26:8 | foo | foo |
| test.cpp:46:6:46:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:42:6:42:8 | foo | foo |
| test.cpp:55:7:55:9 | foo | The variable $@ may not be initialized at this access. | test.cpp:50:6:50:8 | foo | foo |
| test.cpp:67:7:67:9 | foo | The variable $@ may not be initialized at this access. | test.cpp:61:6:61:8 | foo | foo |
| test.cpp:92:6:92:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:82:6:82:8 | foo | foo |
| test.cpp:113:6:113:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
| test.cpp:132:9:132:9 | j | The variable $@ may not be initialized at this access. | test.cpp:126:6:126:6 | j | j |
| test.cpp:219:3:219:3 | x | The variable $@ may not be initialized at this access. | test.cpp:218:7:218:7 | x | x |
| test.cpp:243:13:243:13 | i | The variable $@ may not be initialized at this access. | test.cpp:241:6:241:6 | i | i |
| test.cpp:329:9:329:11 | val | The variable $@ may not be initialized at this access. | test.cpp:321:6:321:8 | val | val |
| test.cpp:336:10:336:10 | a | The variable $@ may not be initialized at this access. | test.cpp:333:7:333:7 | a | a |
| test.cpp:369:10:369:10 | a | The variable $@ may not be initialized at this access. | test.cpp:358:7:358:7 | a | a |
| test.cpp:378:9:378:11 | val | The variable $@ may not be initialized at this access. | test.cpp:359:6:359:8 | val | val |

74
cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
View File

@@ -27,7 +27,7 @@ void test4(bool b) {
if (b) {
foo = 1;
}
use(foo); // BAD
use(foo); // BAD [NOT DETECTED]
}
void test5() {
@@ -43,7 +43,7 @@ void test5(int count) {
for (int i = 0; i < count; i++) {
foo = i;
}
use(foo); // BAD
use(foo); // BAD [NOT DETECTED]
}
void test6(bool b) {
@@ -52,7 +52,7 @@ void test6(bool b) {
foo = 42;
}
if (b) {
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
}
@@ -64,7 +64,7 @@ void test7(bool b) {
set = true;
}
if (set) {
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
}
@@ -89,7 +89,7 @@ void test9(int count) {
if (!set) {
foo = 42;
}
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
void test10() {
@@ -129,7 +129,7 @@ int absWrong(int i) {
} else if (i < 0) {
j = -i;
}
return j; // wrong: j may not be initialized before use
return j; // wrong: j may not be initialized before use [NOT DETECTED]
}
// Example from qhelp
@@ -326,7 +326,7 @@ int test28() {
a = false;
c = false;
}
return val; // GOOD [FALSE POSITIVE]
return val; // GOOD
}
int test29() {
@@ -472,4 +472,64 @@ void test44() {
int y = 1;
void(x + y); // BAD
}
enum class State { StateA, StateB, StateC };
int exhaustive_switch(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
case State::StateC:
y = 3;
break;
}
return y; // GOOD (y is always initialized)
}
int exhaustive_switch_2(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
default:
y = 2;
break;
}
return y; // GOOD (y is always initialized)
}
int non_exhaustive_switch(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
}
return y; // BAD [NOT DETECTED] (y is not initialized when s = StateC)
}
int non_exhaustive_switch_2(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
}
if(s != State::StateC) {
return y; // GOOD (y is not initialized when s = StateC, but if s = StateC we won't reach this point)
}
return 0;
}