hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add more tests and remove redundant conjunct.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-05-25 09:17:42 +02:00
parent 84b0b8c2bd
commit e857ac1149
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
View File

@@ -38,9 +38,7 @@ predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) {
*/
predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) {
interestringCallWithArgs(fc, sizeArg, destArg) and
exists(StrcatFunction strncat, VariableAccess va |
fc.getTarget() = strncat and
destArg = fc.getArgument(strncat.getParamDest()) and
exists(VariableAccess va |
va = sizeArg.(BufferSizeExpr).getArg() and
destArg.getTarget() = va.getTarget()
)

6
cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
View File

@@ -1,3 +1,5 @@
| test.c:24:2:24:8 | call to strncat | Potentially unsafe call to strncat. |
| test.c:46:3:46:9 | call to strncat | Potentially unsafe call to strncat. |
| test.c:68:3:68:9 | call to strncat | Potentially unsafe call to strncat. |
| test.c:45:3:45:9 | call to strncat | Potentially unsafe call to strncat. |
| test.c:67:3:67:9 | call to strncat | Potentially unsafe call to strncat. |
| test.c:75:3:75:9 | call to strncat | Potentially unsafe call to strncat. |
| test.c:76:3:76:9 | call to strncat | Potentially unsafe call to strncat. |

19
cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c
View File

@@ -39,7 +39,6 @@ void bad1(char *s) {
strncat(buf, ".", 1); // BAD [NOT DETECTED] -- Need to check if any space is left
}
void strncat_test1(char *s) {
char buf[80];
strncat(buf, s, sizeof(buf) - strlen(buf) - 1); // GOOD
@@ -66,4 +65,20 @@ void strncat_test3(char* s, struct buffers* buffers) {
unsigned max_size = sizeof(buffers->array);
unsigned free_size = max_size - len_array;
strncat(buffers->array, s, free_size); // BAD
}
}
#define MAX_SIZE 80
void strncat_test4(char *s) {
char buf[MAX_SIZE];
strncat(buf, s, MAX_SIZE - strlen(buf) - 1); // GOOD
strncat(buf, s, MAX_SIZE - strlen(buf)); // BAD
strncat(buf, "...", MAX_SIZE - strlen(buf)); // BAD
}
void strncat_test5(char *s) {
int len = 80;
char* buf = (char *) malloc(len + 1);
strncat(buf, s, len - strlen(buf) - 1); // GOOD
strncat(buf, s, len - strlen(buf)); // GOOD
}