Add files via upload

2026-04-29 10:45:15 +02:00 · 2021-07-05 11:14:51 +03:00
parent b10bdf1475
commit eedcb0171d
3 changed files with 23 additions and 0 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/UndefinedOrImplementationDefinedBehavior.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/UndefinedOrImplementationDefinedBehavior.expected
@@ -0,0 +1,3 @@
+| test.c:13:10:13:21 | call to tmpFunction1 | This expression may have undefined behavior. |
+| test.c:13:30:13:41 | call to tmpFunction2 | This expression may have undefined behavior. |
+| test.c:16:15:16:20 | ... ++ | This expression may have undefined behavior. |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/UndefinedOrImplementationDefinedBehavior.qlref
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/UndefinedOrImplementationDefinedBehavior.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/test.c
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/test.c
@@ -0,0 +1,19 @@
+char tmpFunction1(char * buf)
+{
+  buf[1]=buf[1] + buf[2] + buf[3];
+  return buf[1];
+}
+char tmpFunction2(char * buf)
+{
+  buf[2]=buf[1] + buf[2] + buf[3];
+  return buf[2];
+}
+void workFunction_0(char *s, char * buf) {
+  int intA;
+  intA = tmpFunction1(buf) + tmpFunction2(buf);  // BAD
+  intA = tmpFunction1(buf);  //GOOD
+  intA += tmpFunction2(buf);  // GOOD
+  buf[intA] = intA++; // BAD
+  intA++;
+  buf[intA] = intA; // GOOD
+}
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql`