diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected index abc8c729450..ff2db0dfcf0 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected @@ -1,13 +1,9 @@ -| include_twice.h:8:19:8:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. | -| include_twice.h:9:19:9:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. | -| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. | -| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type 'unsigned long'. | -| include_twice.h:11:19:11:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. | -| include_twice.h:12:20:12:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. | -| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. | -| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type 'unsigned long'. | -| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. | -| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. | -| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. | -| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. | +| second.cpp:13:19:13:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. | +| second.cpp:14:19:14:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. | +| second.cpp:15:18:15:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. | +| second.cpp:16:19:16:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. | +| second.cpp:17:20:17:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. | +| second.cpp:18:18:18:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. | +| second.cpp:26:18:26:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. | +| second.cpp:29:18:29:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. | | tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp index 389d609c04a..8973ace78c7 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp @@ -1,8 +1,3 @@ -// semmle-extractor-options: --expect_errors - -int printf(const char * format, ...); // defines type size_t plausibly typedef unsigned long size_t; - -#include "include_twice.h" diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h deleted file mode 100644 index d531ada4a55..00000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h +++ /dev/null @@ -1,25 +0,0 @@ -// semmle-extractor-options: --expect_errors - -void test_size_t() { - size_t s = 0; - - printf("%zd", s); // GOOD - printf("%zi", s); // GOOD - printf("%zu", s); // GOOD [FALSE POSITIVE] - printf("%zx", s); // GOOD [FALSE POSITIVE] - printf("%d", s); // BAD - printf("%ld", s); // BAD - printf("%lld", s); // BAD - printf("%u", s); // BAD - - char buffer[1024]; - - printf("%zd", &buffer[1023] - buffer); // GOOD - printf("%zi", &buffer[1023] - buffer); // GOOD - printf("%zu", &buffer[1023] - buffer); // GOOD - printf("%zx", &buffer[1023] - buffer); // GOOD - printf("%d", &buffer[1023] - buffer); // BAD - printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED] - printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED] - printf("%u", &buffer[1023] - buffer); // BAD -} diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp index 0c2b5ea69b1..34a7d24f132 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp @@ -5,4 +5,26 @@ int printf(const char * format, ...); // defines type `myFunctionPointerType`, referencing `size_t` typedef size_t (*myFunctionPointerType) (); -#include "include_twice.h" +void test_size_t() { + size_t s = 0; + + printf("%zd", s); // GOOD + printf("%zi", s); // GOOD + printf("%zu", s); // GOOD [FALSE POSITIVE] + printf("%zx", s); // GOOD [FALSE POSITIVE] + printf("%d", s); // BAD + printf("%ld", s); // BAD + printf("%lld", s); // BAD + printf("%u", s); // BAD + + char buffer[1024]; + + printf("%zd", &buffer[1023] - buffer); // GOOD + printf("%zi", &buffer[1023] - buffer); // GOOD + printf("%zu", &buffer[1023] - buffer); // GOOD + printf("%zx", &buffer[1023] - buffer); // GOOD + printf("%d", &buffer[1023] - buffer); // BAD + printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED] + printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED] + printf("%u", &buffer[1023] - buffer); // BAD +}