hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.6
codeql/cpp/ql/test/query-tests/Critical/OverflowStatic/test.c
Anders Fugmann 03bd7d7f96 C++: Update test results from OverflowStatic
2021-09-27 11:23:08 +02:00

74 lines
1.6 KiB
C
Raw Permalink Blame History

char xs[5];
struct {
char ys[5];
char zs[0];
} stru;
void f(void) {
char c;
c = xs[-1]; // BAD [NOT DETECTED]
c = xs[0]; // GOOD
c = xs[4]; // GOOD
c = xs[5]; // BAD
c = xs[6]; // BAD
c = stru.ys[-1]; // BAD [NOT DETECTED]
c = stru.ys[0]; // GOOD
c = stru.ys[4]; // GOOD
c = stru.ys[5]; // BAD
c = stru.ys[6]; // BAD
c = stru.zs[-1]; // BAD [NOT DETECTED]
c = stru.zs[0]; // GOOD (zs is variable size)
c = stru.zs[4]; // GOOD (zs is variable size)
c = stru.zs[5]; // GOOD (zs is variable size)
c = stru.zs[6]; // GOOD (zs is variable size)
}
void* malloc(long unsigned int);
void test_buffer_sentinal() {
struct { char len; char buf[1]; } *b = malloc(10); // len(buf.buffer) effectively 8
b->buf[0] = 0; // GOOD
b->buf[7] = 0; // GOOD
b->buf[8] = 0; // BAD [NOT DETECTED]
}
union u {
unsigned long value;
char ptr[1];
};
void union_test() {
union u u;
u.ptr[0] = 0; // GOOD
u.ptr[sizeof(u)-1] = 0; // GOOD
u.ptr[sizeof(u)] = 0; // BAD [NOT DETECTED]
}
void test_struct_union() {
struct { union u u; } v;
v.u.ptr[0] = 0; // GOOD
v.u.ptr[sizeof(union u)-1] = 0; // GOOD
v.u.ptr[sizeof(union u)] = 0; // BAD [NOT DETECTED]
}
void union_test2() {
union { char ptr[1]; unsigned long value; } u;
u.ptr[0] = 0; // GOOD
u.ptr[sizeof(u)-1] = 0; // GOOD
u.ptr[sizeof(u)] = 0; // BAD [NOT DETECTED]
}
typedef struct {
char len;
char buf[1];
} var_buf;
void test_alloc() {
// Special case of taking sizeof without any addition or multiplications
var_buf *b = malloc(sizeof(var_buf));
b->buf[1] = 0; // BAD [NOT DETECTED]
}
Reference in New Issue View Git Blame Copy Permalink