C++: Reject invalid results from getFirstFormatArgumentIndex()

calumgrant · calumgrant · commit 4341fab79472 · 2024-10-17T10:50:44.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll
@@ -50,8 +50,6 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {
   override int getFormatParameterIndex() { result = 1 }
 
   override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }
-
-  override int getFirstFormatArgumentIndex() { result = 2 }
 }
 
 /**
diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
@@ -125,6 +125,7 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
     // The formatting function either has a definition in the snapshot, or all
     // `DeclarationEntry`s agree on the number of parameters (otherwise we don't
     // really know the correct number)
+    result > 0 and // Avoid invalid declarations
     if this.hasDefinition()
     then result = this.getDefinition().getNumberOfParameters()
     else result = this.getNumberOfExplicitParameters()

Original file line number	Diff line number	Diff line change
`@@ -50,8 +50,6 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {`
`50`	`50`	`override int getFormatParameterIndex() { result = 1 }`
`51`	`51`
`52`	`52`	`override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }`
`53`		`-`
`54`		`- override int getFirstFormatArgumentIndex() { result = 2 }`
`55`	`53`	`}`
`56`	`54`
`57`	`55`	`/**`