C++: consider attributes when finding wide string functions

2026-04-28 02:05:14 +02:00 · 2018-08-21 12:00:33 -07:00
parent 5b8925c699
commit fe8f7e9624
2 changed files with 16 additions and 10 deletions
--- a/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
+++ b/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
@@ -30,15 +30,21 @@ class AttributeFormattingFunction extends FormattingFunction {

 /**
 * A type that is used as a format string by a wide variadic formatter such as
- * `vwprintf`.
+ * `vwprintf` or by a user-defined formatting function with the GNU `format`
+ * attribute.
 */
-Type getAPrimitiveVariadicFormatterWideType() {
+Type getAFormatterWideType() {
  exists(TopLevelFunction f, int formatParamIndex |
    primitiveVariadicFormatter(f, formatParamIndex, true) and
    result = f.getParameter(formatParamIndex).getType().getUnspecifiedType() and
    result.(PointerType).getBaseType().getSize() != 1 and
    f.hasDefinition()
  )
+  or
+  exists(AttributeFormattingFunction f, int formatParamIndex |
+    result = f.getParameter(formatParamIndex).getType().getUnspecifiedType() and
+    result.(PointerType).getBaseType().getSize() != 1
+  )
 }

 /**
@@ -737,9 +743,9 @@ class FormatLiteral extends Literal {
    exists(string cnv | cnv = this.getEffectiveStringConversionChar(n) |
      cnv="S" and
      (
-        result = getAPrimitiveVariadicFormatterWideType()
+        result = getAFormatterWideType()
        or
-        not exists(getAPrimitiveVariadicFormatterWideType()) and
+        not exists(getAFormatterWideType()) and
        result.(PointerType).getBaseType().hasName("wchar_t")
      )
    )
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Printf.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Printf.qll
@@ -13,7 +13,7 @@ class Printf extends FormattingFunction {
      hasGlobalName("wprintf_s") or
      hasGlobalName("g_printf")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override int getFormatParameterIndex() { result=0 }
@@ -34,7 +34,7 @@ class Fprintf extends FormattingFunction {
      hasGlobalName("fwprintf") or
      hasGlobalName("g_fprintf")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override int getFormatParameterIndex() { result=1 }
@@ -57,7 +57,7 @@ class Sprintf extends FormattingFunction {
      hasGlobalName("g_sprintf") or
      hasGlobalName("__builtin___sprintf_chk")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override predicate isWideCharDefault() {
@@ -111,7 +111,7 @@ class Snprintf extends FormattingFunction {
      or hasGlobalName("wnsprintf")
      or hasGlobalName("__builtin___snprintf_chk")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override int getFormatParameterIndex() {
@@ -150,7 +150,7 @@ class Snprintf extends FormattingFunction {
      hasGlobalName("__builtin___snprintf_chk") or
      hasGlobalName("snprintf_s")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override int getSizeParameterIndex() {
@@ -173,7 +173,7 @@ class StringCchPrintf extends FormattingFunction {
      or hasGlobalName("StringCbPrintf_l")
      or hasGlobalName("StringCbPrintf_lEx")
    ) and
-    not hasDefinition()
+    not exists(getADeclarationEntry().getFile().getRelativePath())
  }

  override int getFormatParameterIndex() {