Merge pull request github#10938 from geoffw0/printfprecision

C++: Fix printf.qll bug

Author: MathiasVP

cpp/ql/lib/change-notes/2022-10-22-format-literal.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed bugs in the `FormatLiteral` class that were causing `getMaxConvertedLength` and related predicates to return no results when the format literal was `%e`, `%f` or `%g` and an explicit precision was specified.

cpp/ql/lib/semmle/code/cpp/commons/Printf.qll

@@ -1125,12 +1125,12 @@ class FormatLiteral extends Literal {
         exists(int dot, int afterdot |
           (if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
           (
-            (
-              if this.hasExplicitPrecision(n)
-              then afterdot = this.getPrecision(n)
-              else not this.hasImplicitPrecision(n)
-            ) and
-            afterdot = 6
+            if this.hasExplicitPrecision(n)
+            then afterdot = this.getPrecision(n)
+            else (
+              not this.hasImplicitPrecision(n) and
+              afterdot = 6
+            )
           ) and
           len = 1 + 309 + dot + afterdot
         ) and
@@ -1140,12 +1140,12 @@ class FormatLiteral extends Literal {
         exists(int dot, int afterdot |
           (if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
           (
-            (
-              if this.hasExplicitPrecision(n)
-              then afterdot = this.getPrecision(n)
-              else not this.hasImplicitPrecision(n)
-            ) and
-            afterdot = 6
+            if this.hasExplicitPrecision(n)
+            then afterdot = this.getPrecision(n)
+            else (
+              not this.hasImplicitPrecision(n) and
+              afterdot = 6
+            )
           ) and
           len = 1 + 1 + dot + afterdot + 1 + 1 + 3
         ) and
@@ -1155,12 +1155,12 @@ class FormatLiteral extends Literal {
         exists(int dot, int afterdot |
           (if this.getPrecision(n) = 0 then dot = 0 else dot = 1) and
           (
-            (
-              if this.hasExplicitPrecision(n)
-              then afterdot = this.getPrecision(n)
-              else not this.hasImplicitPrecision(n)
-            ) and
-            afterdot = 6
+            if this.hasExplicitPrecision(n)
+            then afterdot = this.getPrecision(n)
+            else (
+              not this.hasImplicitPrecision(n) and
+              afterdot = 6
+            )
           ) and
           // note: this could be displayed in the style %e or %f;
           //       however %f is only used when 'P > X >= -4'

cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.cpp

@@ -0,0 +1,6 @@
+
+typedef void *va_list;
+
+int myPrintf(const char *format, ...) __attribute__((format(printf, 1, 2)));
+int mySprintf(char *buffer, const char *format, ...) __attribute__((format(__printf__, 2, 3)));
+int myVprintf(const char *format, va_list arg) __attribute__((format(printf, 1, 0)));

cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.expected

@@ -0,0 +1,2 @@
+| AttributeFormattingFunction.cpp:4:5:4:12 | myPrintf | 0 | char | wchar_t | wchar_t |
+| AttributeFormattingFunction.cpp:5:5:5:13 | mySprintf | 1 | char | wchar_t | wchar_t |

cpp/ql/test/library-tests/printf/formatAttribute/AttributeFormattingFunction.ql

@@ -0,0 +1,5 @@
+import cpp
+
+from AttributeFormattingFunction f
+select f, f.getFormatParameterIndex(), concat(f.getDefaultCharType().toString(), ", "),
+  concat(f.getWideCharType().toString(), ", "), concat(f.getNonDefaultCharType().toString(), ", ")

cpp/ql/test/library-tests/printf/formatAttribute/FormatAttribute.expected

@@ -0,0 +1,3 @@
+| AttributeFormattingFunction.cpp:4:54:4:59 | format | printf | 0 | 1 |
+| AttributeFormattingFunction.cpp:5:69:5:74 | format | __printf__ | 1 | 2 |
+| AttributeFormattingFunction.cpp:6:63:6:68 | format | printf | 0 |  |

cpp/ql/test/library-tests/printf/formatAttribute/FormatAttribute.ql

@@ -0,0 +1,5 @@
+import cpp
+
+from FormatAttribute fa
+select fa, fa.getArchetype(), concat(fa.getFormatIndex().toString(), ", "),
+  concat(fa.getFirstFormatArgIndex().toString(), ", ")

cpp/ql/test/library-tests/printf/formatLiteral/formatLiteral.expected

@@ -0,0 +1,53 @@
+| test.c:14:9:14:10 |  | 1 |
+| test.c:15:9:15:14 |   | 2 |
+| test.c:16:9:16:12 | \t | 2 |
+| test.c:17:9:17:12 | %% | 2 |
+| test.c:20:9:20:12 | %c | 2 |
+| test.c:21:9:21:16 | %c%c%c | 4 |
+| test.c:24:9:24:23 | Hello, world! | 14 |
+| test.c:25:9:25:12 | %s | 14 |
+| test.c:26:9:26:14 | %.4s | 5 |
+| test.c:27:9:27:16 | %s, %s | 14 |
+| test.c:30:9:30:12 | %i | 12 |
+| test.c:31:9:31:14 | %lli | 12 |
+| test.c:32:9:32:12 | %i | 12 |
+| test.c:33:9:33:14 | %lli | 21 |
+| test.c:34:9:34:12 | %d | 12 |
+| test.c:35:9:35:12 | %u | 11 |
+| test.c:36:9:36:12 | %x | 9 |
+| test.c:37:9:37:12 | %X | 9 |
+| test.c:38:9:38:13 | %#x | 11 |
+| test.c:39:9:39:12 | %o | 12 |
+| test.c:40:9:40:13 | %#o | 13 |
+| test.c:43:9:43:12 | %f | 318 |
+| test.c:44:9:44:14 | %.2f | 314 |
+| test.c:45:9:45:12 | %e | 15 |
+| test.c:59:10:59:14 | %Ii | 12 |
+| test.c:66:10:66:14 | %zu | 21 |
+| test.c:67:10:67:14 | %Zu | 21 |
+| test.c:74:10:74:14 | %lc | 2 |
+| test.c:78:9:78:20 | %2$i, %1$i | 5 |
+| test.c:79:9:79:20 | %2$i, %1$i | 25 |
+| test.c:81:9:81:24 | %2$02i %1$4.2f |  |
+| test.c:85:10:85:18 | %2$*1$d |  |
+| test.c:86:10:86:19 | %2$0*1$d |  |
+| test.c:92:10:92:19 | %2$.*1$f |  |
+| test.c:99:10:99:12 | # | 2 |
+| test.c:100:10:100:13 | %% | 2 |
+| test.c:101:10:101:15 | %%%% | 3 |
+| test.c:102:10:102:15 | %%%f | 319 |
+| test.c:103:10:103:17 | %%%%%f | 320 |
+| test.c:104:10:104:18 | %4.2f%% | 315 |
+| test.c:105:10:105:17 | %%%f%% | 320 |
+| test.c:112:10:112:13 | %f | 318 |
+| test.c:113:10:113:15 | %.1f | 313 |
+| test.c:114:10:114:14 | %1f | 318 |
+| test.c:115:10:115:16 | %1.1f | 313 |
+| test.c:116:10:116:13 | %e | 15 |
+| test.c:117:10:117:15 | %.2e | 11 |
+| test.c:118:10:118:14 | %3e | 15 |
+| test.c:119:10:119:16 | %3.2e | 11 |
+| test.c:120:10:120:13 | %g | 15 |
+| test.c:121:10:121:15 | %.1g | 10 |
+| test.c:122:10:122:14 | %4g | 15 |
+| test.c:123:10:123:16 | %4.1g | 10 |

cpp/ql/test/library-tests/printf/formatLiteral/formatLiteral.ql

@@ -0,0 +1,4 @@
+import semmle.code.cpp.commons.Printf
+
+from FormatLiteral fl
+select fl, concat(fl.getMaxConvertedLength().toString(), ", ")

cpp/ql/test/library-tests/printf/formatLiteral/formatType.expected

@@ -0,0 +1,51 @@
+| test.c:20:9:20:12 | %c | 0 |  | c |  | file://:0:0:0:0 | char |
+| test.c:21:9:21:16 | %c%c%c | 0 |  | c |  | file://:0:0:0:0 | char |
+| test.c:21:9:21:16 | %c%c%c | 1 |  | c |  | file://:0:0:0:0 | char |
+| test.c:21:9:21:16 | %c%c%c | 2 |  | c |  | file://:0:0:0:0 | char |
+| test.c:25:9:25:12 | %s | 0 |  | s |  | file://:0:0:0:0 | char * |
+| test.c:26:9:26:14 | %.4s | 0 |  | s |  | file://:0:0:0:0 | char * |
+| test.c:27:9:27:16 | %s, %s | 0 |  | s |  | file://:0:0:0:0 | char * |
+| test.c:27:9:27:16 | %s, %s | 1 |  | s |  | file://:0:0:0:0 | char * |
+| test.c:30:9:30:12 | %i | 0 |  | i |  | file://:0:0:0:0 | int |
+| test.c:31:9:31:14 | %lli | 0 |  | i | ll | file://:0:0:0:0 | long long |
+| test.c:32:9:32:12 | %i | 0 |  | i |  | file://:0:0:0:0 | int |
+| test.c:33:9:33:14 | %lli | 0 |  | i | ll | file://:0:0:0:0 | long long |
+| test.c:34:9:34:12 | %d | 0 |  | d |  | file://:0:0:0:0 | int |
+| test.c:35:9:35:12 | %u | 0 |  | u |  | file://:0:0:0:0 | unsigned int |
+| test.c:36:9:36:12 | %x | 0 |  | x |  | file://:0:0:0:0 | unsigned int |
+| test.c:37:9:37:12 | %X | 0 |  | X |  | file://:0:0:0:0 | unsigned int |
+| test.c:38:9:38:13 | %#x | 0 |  | x |  | file://:0:0:0:0 | unsigned int |
+| test.c:39:9:39:12 | %o | 0 |  | o |  | file://:0:0:0:0 | unsigned int |
+| test.c:40:9:40:13 | %#o | 0 |  | o |  | file://:0:0:0:0 | unsigned int |
+| test.c:43:9:43:12 | %f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:44:9:44:14 | %.2f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:45:9:45:12 | %e | 0 |  | e |  | file://:0:0:0:0 | double |
+| test.c:59:10:59:14 | %Ii | 0 |  | i |  | file://:0:0:0:0 | int |
+| test.c:66:10:66:14 | %zu | 0 |  | u | z | test.c:50:27:50:32 | size_t |
+| test.c:67:10:67:14 | %Zu | 0 |  | u | Z | test.c:50:27:50:32 | size_t |
+| test.c:74:10:74:14 | %lc | 0 |  | c | l | file://:0:0:0:0 | wchar_t |
+| test.c:78:9:78:20 | %2$i, %1$i | 0 | 2$ | i |  | file://:0:0:0:0 | int |
+| test.c:78:9:78:20 | %2$i, %1$i | 1 | 1$ | i |  | file://:0:0:0:0 | int |
+| test.c:79:9:79:20 | %2$i, %1$i | 0 | 2$ | i |  | file://:0:0:0:0 | int |
+| test.c:79:9:79:20 | %2$i, %1$i | 1 | 1$ | i |  | file://:0:0:0:0 | int |
+| test.c:81:9:81:24 | %2$02i %1$4.2f | 0 | 2$ | i |  | file://:0:0:0:0 | int |
+| test.c:81:9:81:24 | %2$02i %1$4.2f | 1 | 1$ | f |  | file://:0:0:0:0 | double |
+| test.c:85:10:85:18 | %2$*1$d | 0 | 2$ | d |  | file://:0:0:0:0 | int |
+| test.c:86:10:86:19 | %2$0*1$d | 0 | 2$ | d |  | file://:0:0:0:0 | int |
+| test.c:92:10:92:19 | %2$.*1$f | 0 | 2$ | f |  | file://:0:0:0:0 | double |
+| test.c:102:10:102:15 | %%%f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:103:10:103:17 | %%%%%f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:104:10:104:18 | %4.2f%% | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:105:10:105:17 | %%%f%% | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:112:10:112:13 | %f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:113:10:113:15 | %.1f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:114:10:114:14 | %1f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:115:10:115:16 | %1.1f | 0 |  | f |  | file://:0:0:0:0 | double |
+| test.c:116:10:116:13 | %e | 0 |  | e |  | file://:0:0:0:0 | double |
+| test.c:117:10:117:15 | %.2e | 0 |  | e |  | file://:0:0:0:0 | double |
+| test.c:118:10:118:14 | %3e | 0 |  | e |  | file://:0:0:0:0 | double |
+| test.c:119:10:119:16 | %3.2e | 0 |  | e |  | file://:0:0:0:0 | double |
+| test.c:120:10:120:13 | %g | 0 |  | g |  | file://:0:0:0:0 | double |
+| test.c:121:10:121:15 | %.1g | 0 |  | g |  | file://:0:0:0:0 | double |
+| test.c:122:10:122:14 | %4g | 0 |  | g |  | file://:0:0:0:0 | double |
+| test.c:123:10:123:16 | %4.1g | 0 |  | g |  | file://:0:0:0:0 | double |