C++: Do not alert on unreachable code in cpp/incorrect-string-type-conversion

jketema · jketema · commit 399967b507da · 2025-07-10T11:49:12.000+02:00
diff --git a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -14,6 +14,7 @@
 
 import cpp
 import semmle.code.cpp.controlflow.Guards
+import semmle.code.cpp.ir.IR
 
 class WideCharPointerType extends PointerType {
   WideCharPointerType() { this.getBaseType() instanceof WideCharType }
@@ -108,7 +109,9 @@ where
   // Avoid cases where the cast is guarded by a check to determine if
   // unicode encoding is enabled in such a way to disallow the dangerous cast
   // at runtime.
-  not isLikelyDynamicallyChecked(e1)
+  not isLikelyDynamicallyChecked(e1) and
+  // Avoid cases in unreachable blocks.
+  any(EnterFunctionInstruction e).getASuccessor+().getAst() = e1
 select e1,
   "Conversion from " + e1.getType().toString() + " to " + e2.getType().toString() +
     ". Use of invalid string can lead to undefined behavior."
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp
@@ -118,7 +118,7 @@ size_t strlen(const char* str);
 template<typename C>
 size_t str_len(const C *str) {
 	if (sizeof(C) != 1) {
-		return wcslen((const wchar_t *)str); // $ SPURIOUS: Alert
+		return wcslen((const wchar_t *)str); // GOOD -- unreachable code
 	}
 
 	return strlen((const char *)str);
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected
@@ -11,5 +11,4 @@
 | WcharCharConversion.cpp:103:21:103:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:106:21:106:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:110:20:110:25 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:121:34:121:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:130:34:130:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. |

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ size_t strlen(const char* str);`
`118`	`118`	`template<typename C>`
`119`	`119`	`size_t str_len(const C *str) {`
`120`	`120`	`if (sizeof(C) != 1) {`
`121`		`- return wcslen((const wchar_t *)str); // $ SPURIOUS: Alert`
	`121`	`+ return wcslen((const wchar_t *)str); // GOOD -- unreachable code`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`return strlen((const char *)str);`