C++: Add another pattern I found in the wild.

2026-04-29 18:55:14 +02:00 · 2024-07-23 17:17:55 +01:00
parent a9f6b2110e
commit c3f2faff76
2 changed files with 37 additions and 0 deletions
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected
@@ -5,3 +5,5 @@
 | test.cpp:443:11:443:15 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. |
 | test.cpp:501:13:501:17 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. |
 | test.cpp:512:13:512:17 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. |
+| test.cpp:525:10:525:15 | call to sscanf | The result of scanf is only checked against 0, but it can also return EOF. |
+| test.cpp:541:10:541:15 | call to sscanf | The result of scanf is only checked against 0, but it can also return EOF. |
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp
@@ -518,3 +518,38 @@ void multiple_checks() {
 		}
 	}
 }
+
+void switch_cases(const char *data) {
+	float a, b, c;
+
+	switch (sscanf(data, "%f %f %f", &a, &b, &c)) { // [FALSE POSITIVE]
+		case 2:
+			use(a); // GOOD
+			use(b); // GOOD
+			break;
+		case 3:
+			use(a); // GOOD
+			use(b); // GOOD
+			use(c); // GOOD
+			break;
+		default:
+			break;
+	}
+
+	float d, e, f;
+
+	switch (sscanf(data, "%f %f %f", &d, &e, &f)) { // [REPORTED HERE]
+		case 2:
+			use(d); // GOOD
+			use(e); // GOOD
+			use(f); // BAD
+			break;
+		case 3:
+			use(d); // GOOD
+			use(e); // GOOD
+			use(f); // GOOD
+			break;
+		default:
+			break;
+	}
+}