hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix SnprintfOverflow issues

Browse Source 
Requiring strict inclusion between types turned out to cause false
positives in `SnprintfOverflow`, which relied indirectly on
`RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds
checks. This query was particularly affected because `snprintf` returns
`int` (signed) but takes `size_t` (unsigned), so conversions are bound
to happen.
This commit is contained in:
Jonas Jensen
2019-04-09 11:01:06 +02:00
parent 93286aabdf
commit fd4967e6f1
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/test/query-tests/Likely Bugs/Format/SnprintfOverflow/SnprintfOverflow.expected
View File

@@ -2,4 +2,3 @@
| test.cpp:62:12:62:19 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:62:26:62:34 | remaining | size argument |
| test.cpp:76:10:76:17 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:76:24:76:32 | ... - ... | size argument |
| test.cpp:100:10:100:19 | call to snprintf_s | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:100:35:100:54 | ... - ... | size argument |
| test.cpp:109:15:109:22 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:109:29:109:35 | buf_len | size argument |