CPP: Add query for detecteing incorrect error checking for scanf

2026-05-05 05:35:13 +02:00 · 2023-11-24 14:49:20 +00:00
parent 8334c6db91
commit f48e8b6062
4 changed files with 133 additions and 0 deletions
--- a/cpp/ql/src/Critical/IncorrectCheckScanf.cpp
+++ b/cpp/ql/src/Critical/IncorrectCheckScanf.cpp
@@ -0,0 +1,30 @@
+{
+  int i, j;
+
+  // BAD:The result is only checked against zero
+  if (scanf("%d %d", &i, &j)) { 
+      use(i);
+      use(j);
+  }
+
+  // BAD: The result is only checked against zero
+  if (scanf("%d %d", &i, &j) == 0) { 
+    i = 0;
+    j = 0;
+  }
+  use(i);
+  use(j);
+
+  if (scanf("%d %d", &i, &j) == 2) { 
+      // GOOD: the result is checked against 2
+  }
+
+  // GOOD: the result is compared directly
+  int r = scanf("%d %d", &i, &j);
+  if (r < 2) {
+    return;
+  }
+  if (r == 1) { 
+    j = 0;
+  }
+}