C++: Add more tests (which demonstrate a couple of bugs in the implementation).

MathiasVP · MathiasVP · commit 53884915a503 · 2021-11-15T13:18:30.000Z
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/OverrunWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/OverrunWrite.expected
@@ -9,3 +9,4 @@
 | tests.cpp:324:3:324:9 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 2 bytes. |
 | tests.cpp:327:2:327:8 | call to sprintf | This 'call to sprintf' operation requires 12 bytes but the destination is only 2 bytes. |
 | tests.cpp:329:3:329:9 | call to sprintf | This 'call to sprintf' operation requires 12 bytes but the destination is only 2 bytes. |
+| tests.cpp:345:2:345:8 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 2 bytes. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/tests.cpp
@@ -337,4 +337,12 @@ void test6(unsigned unsigned_value, int value) {
 	sprintf(buffer, "%d", 0); // GOOD
 	sprintf(buffer, "%u", 5); // GOOD
 	sprintf(buffer, "%d", 5); // GOOD
+
+	sprintf(buffer, "%d", -1); // BAD [NOT DETECTED]
+	sprintf(buffer, "%d", 9); // GOOD
+	sprintf(buffer, "%d", 10); // BAD [NOT DETECTED]
+
+	sprintf(buffer, "%u", -1); // BAD
+	sprintf(buffer, "%u", 9); // GOOD
+	sprintf(buffer, "%u", 10); // BAD [NOT DETECTED]
 }
