C++: Merge tests from 'cpp/access-memory-location-after-end-buffer-strncat' into the tests from 'cpp/unsafe-strncat'.

MathiasVP · MathiasVP · commit 8d0cfb4e9186 · 2021-05-21T10:34:59.000+02:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
@@ -1 +1,3 @@
 | test.c:24:2:24:8 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:46:3:46:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:68:3:68:9 | call to strncat | Potentially unsafe call to strncat. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c
@@ -39,3 +39,31 @@ void bad1(char *s) {
 	strncat(buf, ".", 1); // BAD [NOT DETECTED] -- Need to check if any space is left
 }
 
+
+void strncat_test1(char *s) {
+  char buf[80];
+  strncat(buf, s, sizeof(buf) - strlen(buf) - 1); // GOOD
+  strncat(buf, s, sizeof(buf) - strlen(buf));  // BAD
+}
+
+void* malloc(size_t);
+
+void strncat_test2(char *s) {
+  int len = 80;
+  char* buf = (char *)malloc(len);
+  strncat(buf, s, len - strlen(buf) - 1); // GOOD
+  strncat(buf, s, len - strlen(buf));  // BAD [NOT DETECTED]
+}
+
+struct buffers
+{
+  char array[50];
+  char* pointer;
+};
+
+void strncat_test3(char* s, struct buffers* buffers) {
+  unsigned len_array = strlen(buffers->array);
+  unsigned max_size = sizeof(buffers->array);
+  unsigned free_size = max_size - len_array;
+  strncat(buffers->array, s, free_size); // BAD
+}

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`\| test.c:24:2:24:8 \| call to strncat \| Potentially unsafe call to strncat. \|`
	`2`	`+\| test.c:46:3:46:9 \| call to strncat \| Potentially unsafe call to strncat. \|`
	`3`	`+\| test.c:68:3:68:9 \| call to strncat \| Potentially unsafe call to strncat. \|`