Skip to content

Commit 7f621bc

Browse files
geoffw0geoffw0
committed
C++: Repair the tests that use subtraction so that the thing they're testing is preserved, and add two new explicit tests of behaviour on subtraction.
1 parent 13823df commit 7f621bc

File tree

2 files changed

+35
-5
lines changed

2 files changed

+35
-5
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/uncontrolled/ArithmeticUncontrolled.expected

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,11 @@ edges
22
| test.c:18:13:18:16 | call to rand | test.c:21:17:21:17 | r |
33
| test.c:34:13:34:18 | call to rand | test.c:35:5:35:5 | r |
44
| test.c:44:13:44:16 | call to rand | test.c:45:5:45:5 | r |
5+
| test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r |
6+
| test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r |
7+
| test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r |
8+
| test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r |
9+
| test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r |
510
| test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r |
611
| test.cpp:8:9:8:12 | Store | test.cpp:24:11:24:18 | call to get_rand |
712
| test.cpp:8:9:8:12 | call to rand | test.cpp:8:9:8:12 | Store |
@@ -26,6 +31,14 @@ nodes
2631
| test.c:35:5:35:5 | r | semmle.label | r |
2732
| test.c:44:13:44:16 | call to rand | semmle.label | call to rand |
2833
| test.c:45:5:45:5 | r | semmle.label | r |
34+
| test.c:75:13:75:19 | call to rand | semmle.label | call to rand |
35+
| test.c:75:13:75:19 | call to rand | semmle.label | call to rand |
36+
| test.c:77:9:77:9 | r | semmle.label | r |
37+
| test.c:81:14:81:17 | call to rand | semmle.label | call to rand |
38+
| test.c:81:23:81:26 | call to rand | semmle.label | call to rand |
39+
| test.c:83:9:83:9 | r | semmle.label | r |
40+
| test.c:99:14:99:19 | call to rand | semmle.label | call to rand |
41+
| test.c:100:5:100:5 | r | semmle.label | r |
2942
| test.c:125:13:125:16 | call to rand | semmle.label | call to rand |
3043
| test.c:127:9:127:9 | r | semmle.label | r |
3144
| test.cpp:8:9:8:12 | Store | semmle.label | Store |
@@ -55,6 +68,11 @@ nodes
5568
| test.c:21:17:21:17 | r | test.c:18:13:18:16 | call to rand | test.c:21:17:21:17 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:18:13:18:16 | call to rand | Uncontrolled value |
5669
| test.c:35:5:35:5 | r | test.c:34:13:34:18 | call to rand | test.c:35:5:35:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:34:13:34:18 | call to rand | Uncontrolled value |
5770
| test.c:45:5:45:5 | r | test.c:44:13:44:16 | call to rand | test.c:45:5:45:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:44:13:44:16 | call to rand | Uncontrolled value |
71+
| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | Uncontrolled value |
72+
| test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | Uncontrolled value |
73+
| test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:81:14:81:17 | call to rand | Uncontrolled value |
74+
| test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:81:23:81:26 | call to rand | Uncontrolled value |
75+
| test.c:100:5:100:5 | r | test.c:99:14:99:19 | call to rand | test.c:100:5:100:5 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:99:14:99:19 | call to rand | Uncontrolled value |
5876
| test.c:127:9:127:9 | r | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:125:13:125:16 | call to rand | Uncontrolled value |
5977
| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | Uncontrolled value |
6078
| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | Uncontrolled value |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/uncontrolled/test.c

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -74,30 +74,30 @@ void randomTester() {
7474
{
7575
int r = RAND2();
7676

77-
r = r - 100; // GOOD
77+
r = r + 100; // BAD
7878
}
7979

8080
{
8181
int r = (rand() ^ rand());
8282

83-
r = r - 100; // GOOD
83+
r = r + 100; // BAD
8484
}
8585

8686
{
87-
int r = RAND2() - 100; // BAD [NOT DETECTED]
87+
int r = RAND2() + 100; // BAD [NOT DETECTED]
8888
}
8989

9090
{
9191
int r = RAND();
9292
int *ptr_r = &r;
93-
*ptr_r -= 100; // BAD [NOT DETECTED]
93+
*ptr_r += 100; // BAD [NOT DETECTED]
9494
}
9595

9696
{
9797
int r = 0;
9898
int *ptr_r = &r;
9999
*ptr_r = RAND();
100-
r -= 100; // GOOD
100+
r += 100; // BAD
101101
}
102102

103103
{
@@ -137,4 +137,16 @@ void moreTests() {
137137

138138
r <<= 8; // BAD [NOT DETECTED]
139139
}
140+
141+
{
142+
int r = rand();
143+
144+
r = r - 100; // GOOD
145+
}
146+
147+
{
148+
unsigned int r = rand();
149+
150+
r = r - 100; // BAD [NOT DETECTED]
151+
}
140152
}

0 commit comments

Comments
 (0)