C++: Reject invalid results from getFirstFormatArgumentIndex()

github · Oct 17, 2024 · 4341fab · 4341fab
1 parent 5315a5c
commit 4341fab
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll
@@ -50,8 +50,6 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {
   override int getFormatParameterIndex() { result = 1 }
 
   override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }
-
-  override int getFirstFormatArgumentIndex() { result = 2 }
 }
 
 /**

diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
@@ -125,6 +125,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
     // The formatting function either has a definition in the snapshot, or all
     // `DeclarationEntry`s agree on the number of parameters (otherwise we don't
     // really know the correct number)
+    result > 0 and // Avoid invalid declarations
     if this.hasDefinition()
     then result = this.getDefinition().getNumberOfParameters()
     else result = this.getNumberOfExplicitParameters()
-Original file line number
+Diff line change
@@ Expand Up @@
       override int getFormatParameterIndex() { result = 1 }
       override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }
-      override int getFirstFormatArgumentIndex() { result = 2 }
     }
     /**
@@ Expand Down @@