C++: Remove FPs from cpp/badly-bounded-write

calumgrant · calumgrant · commit b7f47f752b0d · 2024-12-05T14:37:19.000Z
diff --git a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -25,7 +25,8 @@ from BufferWrite bw, int destSize
 where
   bw.hasExplicitLimit() and // has an explicit size limit
   destSize = max(getBufferSize(bw.getDest(), _)) and
-  bw.getExplicitLimit() > destSize // but it's larger than the destination
+  bw.getExplicitLimit() > destSize and // but it's larger than the destination
+  not bw.getDest().getUnderlyingType().stripType() instanceof ErroneousType // destSize may be incorrect
 select bw,
   "This '" + bw.getBWDesc() + "' operation is limited to " + bw.getExplicitLimit() +
     " bytes but the destination is only " + destSize + " bytes."
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/BadlyBoundedWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/BadlyBoundedWrite.expected
@@ -1,3 +1,2 @@
-| errors.c:10:5:10:12 | call to swprintf | This 'call to swprintf' operation is limited to 12 bytes but the destination is only 3 bytes. |
 | tests.c:43:3:43:10 | call to snprintf | This 'call to snprintf' operation is limited to 111 bytes but the destination is only 110 bytes. |
 | tests.c:46:3:46:10 | call to snprintf | This 'call to snprintf' operation is limited to 111 bytes but the destination is only 110 bytes. |

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,2 @@`
`1`		`-\| errors.c:10:5:10:12 \| call to swprintf \| This 'call to swprintf' operation is limited to 12 bytes but the destination is only 3 bytes. \|`
`2`	`1`	`\| tests.c:43:3:43:10 \| call to snprintf \| This 'call to snprintf' operation is limited to 111 bytes but the destination is only 110 bytes. \|`
`3`	`2`	`\| tests.c:46:3:46:10 \| call to snprintf \| This 'call to snprintf' operation is limited to 111 bytes but the destination is only 110 bytes. \|`