hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add a test case for WrongTypeFormatArguments involving code that's included twice.

Browse Source
This commit is contained in:
Geoffrey White
2026-03-05 15:20:48 +00:00
parent 6a904eddd4
commit d23a3f821e
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected
View File

@@ -1 +1,7 @@
| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type 'unsigned long'. |
| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type 'unsigned long'. |
| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
| tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |

8
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp Normal file
View File

@@ -0,0 +1,8 @@
// semmle-extractor-options: --expect_errors
int printf(const char * format, ...);
// defines type size_t plausibly
typedef unsigned long size_t;
#include "include_twice.h"

25
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h Normal file
View File

@@ -0,0 +1,25 @@
// semmle-extractor-options: --expect_errors
void test_size_t() {
size_t s = 0;
printf("%zd", s); // GOOD
printf("%zi", s); // GOOD
printf("%zu", s); // GOOD
printf("%zx", s); // GOOD
printf("%d", s); // BAD
printf("%ld", s); // BAD [NOT DETECTED]
printf("%lld", s); // BAD [NOT DETECTED]
printf("%u", s); // BAD
char buffer[1024];
printf("%zd", &buffer[1023] - buffer); // GOOD
printf("%zi", &buffer[1023] - buffer); // GOOD
printf("%zu", &buffer[1023] - buffer); // GOOD
printf("%zx", &buffer[1023] - buffer); // GOOD
printf("%d", &buffer[1023] - buffer); // BAD
printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%u", &buffer[1023] - buffer); // BAD
}

8
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp Normal file
View File

@@ -0,0 +1,8 @@
// semmle-extractor-options: --expect_errors
int printf(const char * format, ...);
// defines type `myFunctionPointerType`
typedef int (*myFunctionPointerType) ();
#include "include_twice.h"