Skip to content

Commit

Permalink
C++: Clean up false-positives
Browse files Browse the repository at this point in the history
  • Loading branch information
calumgrant committed Oct 15, 2024
1 parent 6fcb326 commit 66d56bd
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 11 deletions.
6 changes: 4 additions & 2 deletions cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,8 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {
override int getFormatParameterIndex() { result = 1 }

override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }

override int getFirstFormatArgumentIndex() { result = 2 }
}

/**
Expand Down Expand Up @@ -91,7 +93,7 @@ private class Sprintf extends FormattingFunction, NonThrowingFunction {
override int getFirstFormatArgumentIndex() {
if this.hasName("__builtin___sprintf_chk")
then result = 4
else result = this.getNumberOfParameters()
else result = this.getNumberOfExplicitParameters()
}
}

Expand Down Expand Up @@ -134,7 +136,7 @@ private class SnprintfImpl extends Snprintf, AliasFunction, SideEffectFunction,
result = 5
or
name != "__builtin___snprintf_chk" and
result = this.getNumberOfParameters()
result = this.getNumberOfExplicitParameters()
)
)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
* from implicit function declarations. If there is some inconsistency in the number
* of parameters, then don't return anything.
*/
private int getNumberOfExplicitParameters() {
int getNumberOfExplicitParameters() {
forex(FunctionDeclarationEntry fde | fde = this.getAnExplicitDeclarationEntry() |
result = fde.getNumberOfParameters()
)
Expand Down
3 changes: 2 additions & 1 deletion cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ where
) and
not arg.isAffectedByMacro() and
not arg.isFromUninstantiatedTemplate(_) and
not actual.getUnspecifiedType() instanceof ErroneousType
not actual.getUnspecifiedType() instanceof ErroneousType and
not arg.(Call).getTarget().getADeclarationEntry().isImplicit()
select arg,
"This format specifier for type '" + expected.getName() + "' does not match the argument type '" +
actual.getUnspecifiedType().getName() + "'."
Original file line number Diff line number Diff line change
@@ -1,4 +1 @@
| tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |
| tests.c:8:18:8:34 | call to implicit_function | This format specifier for type 'char *' does not match the argument type 'int'. |
| tests.c:9:13:9:13 | 0 | This format specifier for type 'char *' does not match the argument type 'int'. |
| tests.c:10:13:10:13 | 0 | This format specifier for type 'char *' does not match the argument type 'int'. |
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ int printf(const char * format, ...);
int fprintf();

int f() {
printf("%s", 1); // BAD - TP
printf("%s", implicit_function()); // BAD (FP) - we should not infer the return type
sprintf(0, "%s", ""); // BAD (FP)
fprintf(0, "%s", ""); // BAD (FP)
printf("%s", 1); // BAD
printf("%s", implicit_function()); // GOOD - we should not infer the return type
sprintf(0, "%s", ""); // GOOD
fprintf(0, "%s", ""); // GOOD
}

0 comments on commit 66d56bd

Please sign in to comment.