hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.1
codeql/cpp/ql/test/query-tests/Critical/SizeCheck/test2.c
Geoffrey White 7b03f3268f C++: Fix false positives.
2024-07-22 18:00:15 +01:00

87 lines
2.2 KiB
C
Raw Permalink Blame History

/* Semmle test case for SizeCheck2.ql
Associated with CWE-131 http://cwe.mitre.org/data/definitions/131.html
Each query is expected to find exactly the lines marked BAD in the section corresponding to it.
*/
///// Library functions //////
typedef unsigned long size_t;
void *malloc(size_t size);
void free(void *ptr);
//// Test code /////
void bad0(void) {
long long *lptr = malloc(27); // BAD -- Not a multiple of sizeof(long long)
double *dptr = malloc(33); // BAD -- Not a multiple of sizeof(double)
free(lptr);
free(dptr);
}
void good0(void) {
float *fptr = malloc(24); // GOOD -- An integral multiple
double *dptr = malloc(56); // GOOD -- An integral multiple
free(fptr);
free(dptr);
}
void bad1(void) {
long long *lptr = malloc(sizeof(long long)*7/2); // BAD -- Not a multiple of sizeof(long long)
double *dptr = malloc(sizeof(double)*5/2); // BAD -- Not a multiple of sizeof(double)
free(lptr);
free(dptr);
}
void good1(void) {
long long *lptr = malloc(sizeof(long long)*5); // GOOD -- An integral multiple
double *dptr = malloc(sizeof(double)*7); // GOOD -- An integral multiple
free(lptr);
free(dptr);
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
}
// --- variable length data structures ---
typedef unsigned char uint8_t;
typedef struct _MyVarStruct1 {
size_t dataLen;
uint8_t data[0];
} MyVarStruct1;
typedef struct _MyVarStruct2 {
size_t dataLen;
uint8_t data[1];
} MyVarStruct2;
typedef struct _MyVarStruct3 {
size_t dataLen;
uint8_t data[];
} MyVarStruct3;
typedef struct _MyFixedStruct {
size_t dataLen;
uint8_t data[1024];
} MyFixedStruct;
void varStructTests() {
MyVarStruct1 *a = malloc(sizeof(MyVarStruct1) + 127); // GOOD
MyVarStruct2 *b = malloc(sizeof(MyVarStruct2) + 127); // GOOD
MyVarStruct3 *c = malloc(sizeof(MyVarStruct3) + 127); // GOOD
MyFixedStruct *d = malloc(sizeof(MyFixedStruct) + 127); // BAD --- Not a multiple of sizeof(MyFixedStruct)
}
Reference in New Issue View Git Blame Copy Permalink