hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 12:48:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Turns out we can simplify.

Browse Source
This commit is contained in:
Geoffrey White
2026-03-06 11:53:43 +00:00
parent 7f6fd34d46
commit da99d3660d
4 changed files with 31 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected
View File

@@ -1,13 +1,9 @@
| include_twice.h:8:19:8:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
| include_twice.h:9:19:9:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. |
| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type 'unsigned long'. |
| include_twice.h:11:19:11:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. |
| include_twice.h:12:20:12:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. |
| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. |
| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type 'unsigned long'. |
| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
| second.cpp:13:19:13:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
| second.cpp:14:19:14:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
| second.cpp:15:18:15:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. |
| second.cpp:16:19:16:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. |
| second.cpp:17:20:17:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. |
| second.cpp:18:18:18:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. |
| second.cpp:26:18:26:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
| second.cpp:29:18:29:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
| tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |

5
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp
View File

@@ -1,8 +1,3 @@
// semmle-extractor-options: --expect_errors
int printf(const char * format, ...);
// defines type size_t plausibly
typedef unsigned long size_t;
#include "include_twice.h"

25
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h
View File

@@ -1,25 +0,0 @@
// semmle-extractor-options: --expect_errors
void test_size_t() {
size_t s = 0;
printf("%zd", s); // GOOD
printf("%zi", s); // GOOD
printf("%zu", s); // GOOD [FALSE POSITIVE]
printf("%zx", s); // GOOD [FALSE POSITIVE]
printf("%d", s); // BAD
printf("%ld", s); // BAD
printf("%lld", s); // BAD
printf("%u", s); // BAD
char buffer[1024];
printf("%zd", &buffer[1023] - buffer); // GOOD
printf("%zi", &buffer[1023] - buffer); // GOOD
printf("%zu", &buffer[1023] - buffer); // GOOD
printf("%zx", &buffer[1023] - buffer); // GOOD
printf("%d", &buffer[1023] - buffer); // BAD
printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%u", &buffer[1023] - buffer); // BAD
}

24
cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp
View File

@@ -5,4 +5,26 @@ int printf(const char * format, ...);
// defines type `myFunctionPointerType`, referencing `size_t`
typedef size_t (*myFunctionPointerType) ();
#include "include_twice.h"
void test_size_t() {
size_t s = 0;
printf("%zd", s); // GOOD
printf("%zi", s); // GOOD
printf("%zu", s); // GOOD [FALSE POSITIVE]
printf("%zx", s); // GOOD [FALSE POSITIVE]
printf("%d", s); // BAD
printf("%ld", s); // BAD
printf("%lld", s); // BAD
printf("%u", s); // BAD
char buffer[1024];
printf("%zd", &buffer[1023] - buffer); // GOOD
printf("%zi", &buffer[1023] - buffer); // GOOD
printf("%zu", &buffer[1023] - buffer); // GOOD
printf("%zx", &buffer[1023] - buffer); // GOOD
printf("%d", &buffer[1023] - buffer); // BAD
printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
printf("%u", &buffer[1023] - buffer); // BAD
}