Skip to content

Commit e9fefab

Browse files
ihsinmeihsinme
authored
Update test.cpp
1 parent bfec3c5 commit e9fefab

File tree

1 file changed

+53
-5
lines changed
  • cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests

1 file changed

+53
-5
lines changed

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/test.cpp

Lines changed: 53 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,45 +1,92 @@
11
int scanf(const char *format, ...);
22
int globalVal;
3+
char * globalVala;
4+
int * globalValp;
5+
char globalVala2;
36
int functionWork1() {
47
int i;
5-
if (scanf("%i", &i) == 1) // GOOD
6-
return i;
7-
else
8+
char a[10];
9+
int b;
10+
int *p = &b;
11+
if (scanf("%i", &i) != 1) // GOOD
812
return -1;
13+
if (scanf("%s", a) != 1) // GOOD
14+
return -1;
15+
if (scanf("%i", p) != 1) // GOOD
16+
return -1;
17+
return i;
918
}
1019

1120
int functionWork1_() {
1221
int i;
22+
char a[10];
23+
int b;
24+
int *p = &b;
1325
int r;
1426
r = scanf("%i", &i);
27+
if (r != 1) // GOOD
28+
return -1;
29+
r = scanf("%s", a);
1530
if (r == 1) // GOOD
16-
return i;
17-
else
1831
return -1;
32+
r = scanf("%i", p);
33+
if (r != 1) // GOOD
34+
return -1;
35+
return i;
1936
}
2037

2138
int functionWork1b() {
2239
int i;
40+
char a[10];
41+
int b;
42+
int *p = &b;
2343
scanf("%i", &i); // BAD
44+
scanf("%s", a); // BAD
45+
scanf("%i", p); // BAD
2446
return i;
2547
}
2648

2749
int functionWork2() {
2850
int i = 0;
51+
char a[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
52+
int b = 1;
53+
int *p = &b;
2954
scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
55+
scanf("%s", a); // GOOD:the error can be determined by examining the initial value.
56+
scanf("%i", p); // GOOD:the error can be determined by examining the initial value.
3057
return i;
3158
}
3259

3360
int functionWork2_() {
3461
int i;
3562
i = 0;
63+
char a[10];
64+
a[0] = 0;
65+
int b;
66+
b=1;
67+
int *p = &b;
3668
scanf("%i", &i); // GOOD:the error can be determined by examining the initial value.
69+
scanf("%s", a); // GOOD:the error can be determined by examining the initial value.
70+
scanf("%i", p); // GOOD:the error can be determined by examining the initial value.
3771
return i;
3872
}
3973
int functionWork2b() {
4074
int i;
75+
char a[10];
76+
int b;
77+
int *p = &b;
4178
scanf("%i", &i); // BAD
79+
scanf("%s", a); // BAD
80+
scanf("%i", p); // BAD
4281
globalVal = i;
82+
globalVala = a;
83+
globalValp = p;
84+
return 0;
85+
}
86+
int functionWork2b_() {
87+
char a[10];
88+
scanf("%s", a); // BAD
89+
globalVala2 = a[0];
4390
return 0;
4491
}
4592

@@ -50,4 +97,5 @@ void functionRunner() {
5097
functionWork2();
5198
functionWork2_();
5299
functionWork2b();
100+
functionWork2b_();
53101
}

0 commit comments

Comments
 (0)