Merge pull request github#8994 from HansmannThibaut/main

C/C++ : Wrong Uint access

Author: MathiasVP

cpp/ql/src/experimental/Best Practices/WrongUintAccess.cpp

@@ -0,0 +1,7 @@
+void test()
+{
+    uint16_t j = 256;
+    char testSubject[122];
+
+    testSubject[j] = 12; // You can use a uint8 here
+}

cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp

@@ -0,0 +1,18 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>Find access to an array with a Uint16 when the array has a size lower than 256.</p>
+</overview>
+
+<recommendation>
+<p>Use a int with a lower bit size instead. For instance in this example use a 8 bit int.</p>
+</recommendation>
+
+<example>
+<sample src="WrongUintAccess.cpp" />
+</example>
+
+</qhelp>

cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql

@@ -0,0 +1,25 @@
+/**
+ * @id cpp/wrong-uint-access
+ * @name Wrong Uint
+ * @descripion Acess an array of size lower than 256 with a uint16.
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags efficiency
+ */
+
+import cpp
+
+from Variable var, ArrayExpr useExpr, ArrayType defLine, VariableAccess use
+where
+  var.getUnspecifiedType() = defLine and
+  use = useExpr.getArrayBase() and
+  var = use.getTarget() and
+  (
+    useExpr.getArrayOffset().getType() instanceof UInt16_t or
+    useExpr.getArrayOffset().getType() instanceof UInt32_t or
+    useExpr.getArrayOffset().getType() instanceof UInt64_t
+  ) and
+  defLine.getArraySize() <= 256
+select useExpr,
+  "Using a " + useExpr.getArrayOffset().getType() + " to acess the array $@ of size " +
+    defLine.getArraySize() + ".", var, var.getName()