hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add a test case for CWE-120.

Browse Source
This commit is contained in:
Geoffrey White
2019-04-10 18:43:50 +01:00
parent 7ea6c1bcbe
commit c974693b58
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected
View File

@@ -56,6 +56,11 @@
| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:510:16:510:21 | call to malloc | destination buffer |
| tests.cpp:541:6:541:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
| tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
| tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:571:8:571:13 | buffer | array |
| tests.cpp:579:6:579:12 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
| tests.cpp:579:6:579:12 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:571:8:571:13 | buffer | array |
| tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer |
| unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer |
| unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |

27
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -560,6 +560,32 @@ void test20()
}
}
void test21(bool cond)
{
char buffer[100];
char *ptr;
int i;
if (buffer[-1] == 0) { return; } // BAD: accesses buffer[-1]
ptr = buffer;
if (cond)
{
ptr++;
if (ptr[-1] == 0) { return; } // GOOD: accesses buffer[0]
} else {
if (ptr[-1] == 0) { return; } // BAD: accesses buffer[-1]
}
if (ptr[-1] == 0) { return; } // BAD: accesses buffer[-1] or buffer[0]
ptr = buffer;
for (i = 0; i < 2; i++)
{
ptr++;
}
if (ptr[-1] == 0) { return; } // GOOD: accesses buffer[1]
}
int main(int argc, char *argv[])
{
long long arr17[19];
@@ -582,6 +608,7 @@ int main(int argc, char *argv[])
test18();
test19(argc == 0);
test20();
test21(argc == 0);
return 0;
}