mirror of
https://github.com/github/codeql.git
synced 2026-03-28 02:08:17 +01:00
dab45c527e
As reported in CPP-236, this query has false positives on signed integers that cannot be negative. It could possibly be improved with a local range analysis, but the query would most likely still have so many false positives that we would have to lower its precision. Under our current policy, this change will make the query hidden by default on LGTM.
22 lines
693 B
Plaintext
22 lines
693 B
Plaintext
/**
|
|
* @name Bad check for oddness
|
|
* @description Using "x % 2 == 1" to check whether x is odd does not work for
|
|
* negative numbers.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @precision medium
|
|
* @id cpp/incomplete-parity-check
|
|
* @tags reliability
|
|
* correctness
|
|
* types
|
|
*/
|
|
import cpp
|
|
|
|
from EqualityOperation t, RemExpr lhs, Literal rhs
|
|
where t.getLeftOperand() = lhs and
|
|
t.getRightOperand() = rhs and
|
|
lhs.getLeftOperand().getType().getUnspecifiedType().(IntegralType).isSigned() and
|
|
lhs.getRightOperand().getValue() = "2" and
|
|
rhs.getValue() = "1"
|
|
select t, "Possibly invalid test for oddness. This will fail for negative numbers."
|