Skip to content

Commit bdae2af

Browse files
bdrodesbdrodes
committed
Adding missing strsafe sprintf variants.
1 parent c3ff181 commit bdae2af

File tree

1 file changed

+18
-5
lines changed
  • cpp/ql/lib/semmle/code/cpp/models/implementations

1 file changed

+18
-5
lines changed

cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -147,19 +147,32 @@ private class SnprintfImpl extends Snprintf {
147147

148148
/**
149149
* The Microsoft `StringCchPrintf` function and variants.
150+
* See: https://learn.microsoft.com/en-us/windows/win32/api/strsafe/
151+
* and
152+
* https://learn.microsoft.com/en-us/previous-versions/windows/embedded/ms860435(v=msdn.10)
150153
*/
151154
private class StringCchPrintf extends FormattingFunction {
152155
StringCchPrintf() {
153156
this instanceof TopLevelFunction and
154-
this.hasGlobalName([
155-
"StringCchPrintf", "StringCchPrintfEx", "StringCchPrintf_l", "StringCchPrintf_lEx",
156-
"StringCbPrintf", "StringCbPrintfEx", "StringCbPrintf_l", "StringCbPrintf_lEx"
157-
]) and
157+
exists(string baseName |
158+
baseName in [
159+
"StringCchPrintf", //StringCchPrintf(pszDest, cchDest, pszFormat, …)
160+
"StringCchPrintfEx", //StringCchPrintfEx(pszDest,cchDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, ...);
161+
"StringCchPrintf_l", //StringCchPrintf_l(pszDest, cbDest, pszFormat, locale, …)
162+
"StringCchPrintf_lEx", //StringCchPrintf_lEx(pszDest, cchDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, locale, …)
163+
"StringCbPrintf", //StringCbPrintf(pszDest, cbDest, pszFormat, …)
164+
"StringCbPrintfEx", //StringCbPrintfEx(pszDest, cbDest, ppszDestEnd, pcbRemaining, dwFlags, pszFormat, …)
165+
"StringCbPrintf_l", //StringCbPrintf_l(pszDest, cbDest, pszFormat, locale, …)
166+
"StringCbPrintf_lEx" //StringCbPrintf_lEx(pszDest, cbDest, ppszDestEnd, pcbRemaining, dwFlags, pszFormat, locale, …)
167+
]
168+
|
169+
this.hasGlobalName(baseName + ["", "A", "W"])
170+
) and
158171
not exists(this.getDefinition().getFile().getRelativePath())
159172
}
160173

161174
override int getFormatParameterIndex() {
162-
if this.getName().matches("%Ex") then result = 5 else result = 2
175+
if this.getName().matches("%Ex" + ["", "A", "W"]) then result = 5 else result = 2
163176
}
164177

165178
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }

0 commit comments

Comments
 (0)