C++: Add a test that exercise the 'last field' check.

MathiasVP · MathiasVP · commit fc9919a5b61f · 2024-03-06T21:17:55.000-08:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-843/TypeConfusion.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-843/TypeConfusion.expected
@@ -7,6 +7,7 @@ edges
 | test.cpp:143:14:143:19 | new | test.cpp:145:28:145:68 | s1_2 | provenance |  |
 | test.cpp:153:9:153:15 | new | test.cpp:159:14:159:33 | a | provenance |  |
 | test.cpp:168:9:168:15 | new | test.cpp:171:14:171:33 | a | provenance |  |
+| test.cpp:187:15:187:24 | new | test.cpp:189:25:189:45 | u64 | provenance |  |
 nodes
 | test.cpp:27:13:27:18 | new | semmle.label | new |
 | test.cpp:28:25:28:55 | p | semmle.label | p |
@@ -24,6 +25,8 @@ nodes
 | test.cpp:159:14:159:33 | a | semmle.label | a |
 | test.cpp:168:9:168:15 | new | semmle.label | new |
 | test.cpp:171:14:171:33 | a | semmle.label | a |
+| test.cpp:187:15:187:24 | new | semmle.label | new |
+| test.cpp:189:25:189:45 | u64 | semmle.label | u64 |
 subpaths
 #select
 | test.cpp:28:25:28:55 | p | test.cpp:27:13:27:18 | new | test.cpp:28:25:28:55 | p | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:11:8:11:21 | Not_S1_wrapper | Not_S1_wrapper |
@@ -32,3 +35,4 @@ subpaths
 | test.cpp:128:24:128:59 | s2 | test.cpp:127:12:127:17 | new | test.cpp:128:24:128:59 | s2 | Conversion from $@ to $@ is invalid. | test.cpp:102:8:102:9 | S2 | S2 | test.cpp:119:8:119:20 | Not_S2_prefix | Not_S2_prefix |
 | test.cpp:145:28:145:68 | s1_2 | test.cpp:143:14:143:19 | new | test.cpp:145:28:145:68 | s1_2 | Conversion from $@ to $@ is invalid. | test.cpp:1:8:1:9 | S1 | S1 | test.cpp:131:8:131:23 | HasSomeBitFields | HasSomeBitFields |
 | test.cpp:159:14:159:33 | a | test.cpp:153:9:153:15 | new | test.cpp:159:14:159:33 | a | Conversion from $@ to $@ is invalid. | test.cpp:60:8:60:10 | Dog | Dog | test.cpp:55:8:55:10 | Cat | Cat |
+| test.cpp:189:25:189:45 | u64 | test.cpp:187:15:187:24 | new | test.cpp:189:25:189:45 | u64 | Conversion from $@ to $@ is invalid. | test.cpp:175:8:175:13 | UInt64 | UInt64 | test.cpp:184:8:184:22 | UInt8_with_more | UInt8_with_more |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-843/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-843/test.cpp
@@ -171,3 +171,22 @@ void test14(bool b) {
     Cat* d = static_cast<Cat*>(a); // BAD [NOT DETECTED]
   }
 }
+
+struct UInt64 { unsigned long u64; };
+struct UInt8 { unsigned char u8; };
+
+void test14() {
+  void* u64 = new UInt64;
+  // ...
+  UInt8* u8 = (UInt8*)u64; // GOOD
+}
+
+struct UInt8_with_more { UInt8 u8; void* p; };
+
+void test15() {
+  void* u64 = new UInt64;
+  // ...
+  UInt8_with_more* u8 = (UInt8_with_more*)u64; // BAD
+}
+
+// semmle-extractor-options: --gcc -std=c++11
