Skip to content

Commit 50abb6e

Browse files
MathiasVPMathiasVP
committed
C++: Cleanup test.c
1 parent 578ce1e commit 50abb6e

File tree

2 files changed

+53
-46
lines changed

2 files changed

+53
-46
lines changed

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrncat.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| test.c:4:3:4:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
2-
| test.c:11:3:11:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
3-
| test.c:19:3:19:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
1+
| test.c:8:3:8:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
2+
| test.c:17:3:17:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |
3+
| test.c:25:3:25:9 | call to strncat | if the used buffer is full, writing out of the buffer is possible |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.c

Lines changed: 50 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,70 +1,77 @@
1-
void workFunction_0(char *s) {
1+
char * strncat(char*, const char*, unsigned);
2+
unsigned strlen(const char*);
3+
void* malloc(unsigned);
4+
5+
void strncat_test1(char *s) {
26
char buf[80];
3-
strncat(buf, s, sizeof(buf)-strlen(buf)-1); // GOOD
4-
strncat(buf, s, sizeof(buf)-strlen(buf)); // BAD
5-
strncat(buf, "fix", sizeof(buf)-strlen(buf)); // BAD [NOT DETECTED]
7+
strncat(buf, s, sizeof(buf) - strlen(buf) - 1); // GOOD
8+
strncat(buf, s, sizeof(buf) - strlen(buf)); // BAD
9+
strncat(buf, "fix", sizeof(buf)-strlen(buf)); // BAD [NOT DETECTED]
610
}
7-
void workFunction_1(char *s) {
11+
812
#define MAX_SIZE 80
13+
14+
void strncat_test2(char *s) {
915
char buf[MAX_SIZE];
10-
strncat(buf, s, MAX_SIZE-strlen(buf)-1); // GOOD
11-
strncat(buf, s, MAX_SIZE-strlen(buf)); // BAD
12-
strncat(buf, "fix", MAX_SIZE-strlen(buf)); // BAD [NOT DETECTED]
16+
strncat(buf, s, MAX_SIZE - strlen(buf) - 1); // GOOD
17+
strncat(buf, s, MAX_SIZE - strlen(buf)); // BAD
18+
strncat(buf, "fix", MAX_SIZE - strlen(buf)); // BAD [NOT DETECTED]
1319
}
14-
void workFunction_2_0(char *s) {
15-
char * buf;
16-
int len=80;
17-
buf = (char *) malloc(len);
18-
strncat(buf, s, len-strlen(buf)-1); // GOOD
19-
strncat(buf, s, len-strlen(buf)); // BAD
20-
strncat(buf, "fix", len-strlen(buf)); // BAD [NOT DETECTED]
20+
21+
void strncat_test3(char *s) {
22+
int len = 80;
23+
char* buf = (char *) malloc(len);
24+
strncat(buf, s, len - strlen(buf) - 1); // GOOD
25+
strncat(buf, s, len - strlen(buf)); // BAD
26+
strncat(buf, "fix", len - strlen(buf)); // BAD [NOT DETECTED]
2127
}
22-
void workFunction_2_1(char *s) {
23-
char * buf;
24-
int len=80;
25-
buf = (char *) malloc(len+1);
26-
strncat(buf, s, len-strlen(buf)-1); // GOOD
27-
strncat(buf, s, len-strlen(buf)); // GOOD
28+
29+
void strncat_test4(char *s) {
30+
int len = 80;
31+
char* buf = (char *) malloc(len + 1);
32+
strncat(buf, s, len - strlen(buf) - 1); // GOOD
33+
strncat(buf, s, len - strlen(buf)); // GOOD
2834
}
2935

3036
struct buffers
3137
{
32-
unsigned char buff1[50];
33-
unsigned char *buff2;
38+
unsigned char array[50];
39+
unsigned char *pointer;
3440
} globalBuff1,*globalBuff2,globalBuff1_c,*globalBuff2_c;
3541

36-
37-
void badFunc0(){
42+
void strlen_test1(){
3843
unsigned char buff1[12];
3944
struct buffers buffAll;
4045
struct buffers * buffAll1;
4146

4247
buff1[strlen(buff1)]=0; // BAD
43-
buffAll.buff1[strlen(buffAll.buff1)]=0; // BAD
44-
buffAll.buff2[strlen(buffAll.buff2)]=0; // BAD
45-
buffAll1->buff1[strlen(buffAll1->buff1)]=0; // BAD
46-
buffAll1->buff2[strlen(buffAll1->buff2)]=0; // BAD
47-
globalBuff1.buff1[strlen(globalBuff1.buff1)]=0; // BAD
48-
globalBuff1.buff2[strlen(globalBuff1.buff2)]=0; // BAD
49-
globalBuff2->buff1[strlen(globalBuff2->buff1)]=0; // BAD
50-
globalBuff2->buff2[strlen(globalBuff2->buff2)]=0; // BAD
48+
buffAll.array[strlen(buffAll.array)]=0; // BAD
49+
buffAll.pointer[strlen(buffAll.pointer)]=0; // BAD
50+
buffAll1->array[strlen(buffAll1->array)]=0; // BAD
51+
buffAll1->pointer[strlen(buffAll1->pointer)]=0; // BAD
52+
globalBuff1.array[strlen(globalBuff1.array)]=0; // BAD
53+
globalBuff1.pointer[strlen(globalBuff1.pointer)]=0; // BAD
54+
globalBuff2->array[strlen(globalBuff2->array)]=0; // BAD
55+
globalBuff2->pointer[strlen(globalBuff2->pointer)]=0; // BAD
5156
}
52-
void noBadFunc0(){
57+
58+
void strlen_test2(){
5359
unsigned char buff1[12],buff1_c[12];
5460
struct buffers buffAll,buffAll_c;
5561
struct buffers * buffAll1,*buffAll1_c;
5662

5763
buff1[strlen(buff1_c)]=0; // GOOD
58-
buffAll.buff1[strlen(buffAll_c.buff1)]=0; // GOOD
59-
buffAll.buff2[strlen(buffAll.buff1)]=0; // GOOD
60-
buffAll1->buff1[strlen(buffAll1_c->buff1)]=0; // GOOD
61-
buffAll1->buff2[strlen(buffAll1->buff1)]=0; // GOOD
62-
globalBuff1.buff1[strlen(globalBuff1_c.buff1)]=0; // GOOD
63-
globalBuff1.buff2[strlen(globalBuff1.buff1)]=0; // GOOD
64-
globalBuff2->buff1[strlen(globalBuff2_c->buff1)]=0; // GOOD
65-
globalBuff2->buff2[strlen(globalBuff2->buff1)]=0; // GOOD
64+
buffAll.array[strlen(buffAll_c.array)]=0; // GOOD
65+
buffAll.pointer[strlen(buffAll.array)]=0; // GOOD
66+
buffAll1->array[strlen(buffAll1_c->array)]=0; // GOOD
67+
buffAll1->pointer[strlen(buffAll1->array)]=0; // GOOD
68+
globalBuff1.array[strlen(globalBuff1_c.array)]=0; // GOOD
69+
globalBuff1.pointer[strlen(globalBuff1.array)]=0; // GOOD
70+
globalBuff2->array[strlen(globalBuff2_c->array)]=0; // GOOD
71+
globalBuff2->pointer[strlen(globalBuff2->array)]=0; // GOOD
6672
}
67-
void goodFunc0(){
73+
74+
void strlen_test3(){
6875
unsigned char buffer[12];
6976
int i;
7077
for(i = 0; i < 6; i++)

0 commit comments

Comments
 (0)