mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
fd4967e6f1
Requiring strict inclusion between types turned out to cause false positives in `SnprintfOverflow`, which relied indirectly on `RangeAnalysisUtils::linearAccessImpl` to identify acceptable bounds checks. This query was particularly affected because `snprintf` returns `int` (signed) but takes `size_t` (unsigned), so conversions are bound to happen.
5 lines
862 B
Plaintext
5 lines
862 B
Plaintext
| test.cpp:25:10:25:17 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:25:35:25:43 | ... - ... | size argument |
|
|
| test.cpp:62:12:62:19 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:62:26:62:34 | remaining | size argument |
|
|
| test.cpp:76:10:76:17 | call to snprintf | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:76:24:76:32 | ... - ... | size argument |
|
|
| test.cpp:100:10:100:19 | call to snprintf_s | The $@ of this snprintf call is derived from its return value, which may exceed the size of the buffer and overflow. | test.cpp:100:35:100:54 | ... - ... | size argument |
|