C++: Remove FPs in cpp/wrong-number-format-arguments due to BMN

calumgrant · calumgrant · commit 31684d254855 · 2024-09-26T09:27:59.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/Function.qll b/cpp/ql/lib/semmle/code/cpp/Function.qll
@@ -652,6 +652,8 @@ class FunctionDeclarationEntry extends DeclarationEntry, @fun_decl {
   /**
    * Holds if this declaration is an implicit function declaration, that is,
    * where a function is used before it is declared (under older C standards).
+   * This can also happen in standalone extraction when a function has not been
+   * properly declared.
    */
   predicate isImplicit() { fun_implicit(underlyingElement(this)) }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll b/cpp/ql/lib/semmle/code/cpp/models/interfaces/FormattingFunction.qll
@@ -121,16 +121,31 @@ abstract class FormattingFunction extends ArrayFunction, TaintFunction {
    * the first format specifier in the format string.
    */
   int getFirstFormatArgumentIndex() {
-    result = this.getNumberOfParameters() and
-    // the formatting function either has a definition in the snapshot, or all
+    // The formatting function either has a definition in the snapshot, or all
     // `DeclarationEntry`s agree on the number of parameters (otherwise we don't
     // really know the correct number)
-    (
-      this.hasDefinition()
-      or
-      forall(FunctionDeclarationEntry fde | fde = this.getADeclarationEntry() |
-        result = fde.getNumberOfParameters()
-      )
+    if this.hasDefinition()
+    then result = this.getDefinition().getNumberOfParameters()
+    else result = this.getNumberOfExplicitParameters()
+  }
+
+  /**
+   * Gets a non-implicit function declaration entry.
+   */
+  FunctionDeclarationEntry getAnExplicitDeclarationEntry() {
+    result = this.getADeclarationEntry() and
+    not result.isImplicit()
+  }
+
+  /**
+   * Gets the number of parameters, excluding any parameters that have been defined
+   * from implicit function declarations. If there is some inconsistency in the number
+   * of parameters, then don't return anything.
+   */
+  int getNumberOfExplicitParameters() {
+    result = this.getAnExplicitDeclarationEntry().getNumberOfParameters() and
+    forall(FunctionDeclarationEntry fde | fde = this.getAnExplicitDeclarationEntry() |
+      result = fde.getNumberOfParameters()
     )
   }
 
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected
@@ -10,6 +10,4 @@
 | test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 |
 | test.c:19:2:19:7 | call to printf | Format for printf expects 2 arguments but given 1 |
 | test.c:29:3:29:8 | call to printf | Format for printf expects 2 arguments but given 1 |
-| test.c:51:2:51:10 | call to my_logger | Format for my_logger expects 6 arguments but given 1 |
-| test.c:52:2:52:10 | call to my_logger | Format for my_logger expects 3 arguments but given 0 |
-| test.c:53:2:53:10 | call to my_logger | Format for my_logger expects 3 arguments but given 0 |
+| test.c:53:2:53:10 | call to my_logger | Format for my_logger expects 3 arguments but given 2 |
