C++: Skip non-Boolean instructions in the new inference step.

2026-05-05 05:35:13 +02:00 · 2025-08-13 09:55:59 +02:00
parent e67b6d6c9a
commit e6cd27a992
5 changed files with 329 additions and 20 deletions
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected
@@ -168,7 +168,6 @@ nodes
 | test.cpp:577:9:577:9 | i | semmle.label | i |
 subpaths
 #select
-| test.c:11:7:11:7 | x | test.c:10:31:10:32 | sscanf output argument | test.c:11:7:11:7 | x | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.c:10:13:10:18 | call to sscanf | call to sscanf |
 | test.cpp:35:7:35:7 | i | test.cpp:34:15:34:16 | scanf output argument | test.cpp:35:7:35:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:34:3:34:7 | call to scanf | call to scanf |
 | test.cpp:68:7:68:7 | i | test.cpp:67:15:67:16 | scanf output argument | test.cpp:68:7:68:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:67:3:67:7 | call to scanf | call to scanf |
 | test.cpp:80:7:80:7 | i | test.cpp:79:15:79:16 | scanf output argument | test.cpp:80:7:80:7 | i | This variable is read, but may not have been written. It should be guarded by a check that the $@ returns at least 1. | test.cpp:79:3:79:7 | call to scanf | call to scanf |
--- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.c
+++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.c
@@ -8,6 +8,6 @@ void test_likely(const char* s, const char* format)
 	int x;

 	if (likely(sscanf(s, format, &x) == 1)) {
-		use(x); // GOOD [FALSE POSITIVE]
+		use(x); // GOOD
  }
 }