C++: Add more tests and remove redundant conjunct.

MathiasVP · MathiasVP · commit e857ac114908 · 2021-05-25T09:17:42.000+02:00
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
@@ -38,9 +38,7 @@ predicate interestringCallWithArgs(Call call, Expr sizeArg, Expr destArg) {
  */
 predicate case1(FunctionCall fc, Expr sizeArg, VariableAccess destArg) {
   interestringCallWithArgs(fc, sizeArg, destArg) and
-  exists(StrcatFunction strncat, VariableAccess va |
-    fc.getTarget() = strncat and
-    destArg = fc.getArgument(strncat.getParamDest()) and
+  exists(VariableAccess va |
     va = sizeArg.(BufferSizeExpr).getArg() and
     destArg.getTarget() = va.getTarget()
   )
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/SuspiciousCallToStrncat.expected
@@ -1,3 +1,5 @@
 | test.c:24:2:24:8 | call to strncat | Potentially unsafe call to strncat. |
-| test.c:46:3:46:9 | call to strncat | Potentially unsafe call to strncat. |
-| test.c:68:3:68:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:45:3:45:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:67:3:67:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:75:3:75:9 | call to strncat | Potentially unsafe call to strncat. |
+| test.c:76:3:76:9 | call to strncat | Potentially unsafe call to strncat. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/SuspiciousCallToStrncat/test.c
@@ -39,7 +39,6 @@ void bad1(char *s) {
 	strncat(buf, ".", 1); // BAD [NOT DETECTED] -- Need to check if any space is left
 }
 
-
 void strncat_test1(char *s) {
   char buf[80];
   strncat(buf, s, sizeof(buf) - strlen(buf) - 1); // GOOD
@@ -66,4 +65,20 @@ void strncat_test3(char* s, struct buffers* buffers) {
   unsigned max_size = sizeof(buffers->array);
   unsigned free_size = max_size - len_array;
   strncat(buffers->array, s, free_size); // BAD
-}
+}
+
+#define MAX_SIZE 80
+
+void strncat_test4(char *s) {
+  char buf[MAX_SIZE];
+  strncat(buf, s, MAX_SIZE - strlen(buf) - 1); // GOOD
+  strncat(buf, s, MAX_SIZE - strlen(buf));  // BAD
+  strncat(buf, "...", MAX_SIZE - strlen(buf)); // BAD
+}
+
+void strncat_test5(char *s) {
+  int len = 80;
+  char* buf = (char *) malloc(len + 1);
+  strncat(buf, s, len - strlen(buf) - 1); // GOOD
+  strncat(buf, s, len - strlen(buf)); // GOOD
+}
