Merge pull request github#5059 from geoffw0/mswprintf

jbj · web-flow · commit aa9ab41e30b7 · 2021-02-02T15:13:25.000+01:00
C++: Exclude custom vprintf implementations from primitiveVariadicFormatter.
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Printf.qll b/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
@@ -50,7 +50,10 @@ predicate primitiveVariadicFormatter(
     then formatParamIndex = f.getNumberOfParameters() - 3
     else formatParamIndex = f.getNumberOfParameters() - 2
   ) and
-  if type = "" then outputParamIndex = -1 else outputParamIndex = 0 // Conveniently, these buffer parameters are all at index 0.
+  (
+    if type = "" then outputParamIndex = -1 else outputParamIndex = 0 // Conveniently, these buffer parameters are all at index 0.
+  ) and
+  not exists(f.getBlock()) // exclude functions with an implementation in the snapshot as they may not be standard implementations.
 }
 
 private predicate callsVariadicFormatter(
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/WrongTypeFormatArguments.expected
@@ -1,3 +1,3 @@
-| printf.cpp:33:31:33:37 | test | This argument should be of type 'char *' but is of type 'char16_t *' |
-| printf.cpp:45:29:45:35 | test | This argument should be of type 'char *' but is of type 'char16_t *' |
-| printf.cpp:52:29:52:35 | test | This argument should be of type 'char16_t *' but is of type 'wchar_t *' |
+| printf.cpp:31:31:31:37 | test | This argument should be of type 'char *' but is of type 'char16_t *' |
+| printf.cpp:43:29:43:35 | test | This argument should be of type 'char *' but is of type 'char16_t *' |
+| printf.cpp:50:29:50:35 | test | This argument should be of type 'char16_t *' but is of type 'wchar_t *' |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/formattingFunction.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/formattingFunction.expected
@@ -1,2 +1,2 @@
-| printf.cpp:15:5:15:12 | swprintf | char | char16_t | char16_t |
-| printf.cpp:26:5:26:11 | sprintf | char | char16_t | char16_t |
+| printf.cpp:13:5:13:12 | swprintf | char | char16_t | char16_t |
+| printf.cpp:24:5:24:11 | sprintf | char | char16_t | char16_t |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/printf.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_two_byte_wprintf/printf.cpp
@@ -8,9 +8,7 @@ typedef void *va_list;
 #define va_start(va, other)
 #define va_end(args)
 
-int	vswprintf(WCHAR *dest, WCHAR *format, va_list args) {
-	return 0;
-}
+int	vswprintf(WCHAR *dest, WCHAR *format, va_list args);
 
 int swprintf(WCHAR *dest, WCHAR *format, ...) {
 	va_list args;
