Added test case to demonstrate type error corrected in this branch.

bdrodes · bdrodes · commit cc953c87d998 · 2024-09-04T12:41:05.000-04:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected
@@ -31,9 +31,9 @@ edges
 | main.cpp:9:29:9:32 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance |  |
 | main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | **argv | provenance |  |
 | main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | *argv | provenance |  |
-| main.cpp:10:20:10:23 | **argv | tests.cpp:672:32:672:35 | **argv | provenance |  |
-| main.cpp:10:20:10:23 | *argv | tests.cpp:672:32:672:35 | **argv | provenance |  |
-| main.cpp:10:20:10:23 | *argv | tests.cpp:672:32:672:35 | *argv | provenance |  |
+| main.cpp:10:20:10:23 | **argv | tests.cpp:688:32:688:35 | **argv | provenance |  |
+| main.cpp:10:20:10:23 | *argv | tests.cpp:688:32:688:35 | **argv | provenance |  |
+| main.cpp:10:20:10:23 | *argv | tests.cpp:688:32:688:35 | *argv | provenance |  |
 | overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | **argv | provenance |  |
 | overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | *argv | provenance |  |
 | test_buffer_overrun.cpp:32:46:32:49 | **argv | test_buffer_overrun.cpp:32:46:32:49 | **argv | provenance |  |
@@ -46,12 +46,12 @@ edges
 | tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:14:628:19 | *home | provenance |  |
 | tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:16:628:19 | *home | provenance |  |
 | tests.cpp:628:16:628:19 | *home | tests.cpp:628:14:628:19 | *home | provenance |  |
-| tests.cpp:672:32:672:35 | **argv | tests.cpp:697:9:697:15 | *access to array | provenance |  |
-| tests.cpp:672:32:672:35 | **argv | tests.cpp:698:9:698:15 | *access to array | provenance |  |
-| tests.cpp:672:32:672:35 | *argv | tests.cpp:697:9:697:15 | *access to array | provenance |  |
-| tests.cpp:672:32:672:35 | *argv | tests.cpp:698:9:698:15 | *access to array | provenance |  |
-| tests.cpp:697:9:697:15 | *access to array | tests.cpp:613:19:613:24 | *source | provenance |  |
-| tests.cpp:698:9:698:15 | *access to array | tests.cpp:622:19:622:24 | *source | provenance |  |
+| tests.cpp:688:32:688:35 | **argv | tests.cpp:713:9:713:15 | *access to array | provenance |  |
+| tests.cpp:688:32:688:35 | **argv | tests.cpp:714:9:714:15 | *access to array | provenance |  |
+| tests.cpp:688:32:688:35 | *argv | tests.cpp:713:9:713:15 | *access to array | provenance |  |
+| tests.cpp:688:32:688:35 | *argv | tests.cpp:714:9:714:15 | *access to array | provenance |  |
+| tests.cpp:713:9:713:15 | *access to array | tests.cpp:613:19:613:24 | *source | provenance |  |
+| tests.cpp:714:9:714:15 | *access to array | tests.cpp:622:19:622:24 | *source | provenance |  |
 | tests_restrict.c:15:41:15:44 | **argv | tests_restrict.c:15:41:15:44 | **argv | provenance |  |
 | tests_restrict.c:15:41:15:44 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance |  |
 nodes
@@ -85,10 +85,10 @@ nodes
 | tests.cpp:628:14:628:14 | *s [*home] | semmle.label | *s [*home] |
 | tests.cpp:628:14:628:19 | *home | semmle.label | *home |
 | tests.cpp:628:16:628:19 | *home | semmle.label | *home |
-| tests.cpp:672:32:672:35 | **argv | semmle.label | **argv |
-| tests.cpp:672:32:672:35 | *argv | semmle.label | *argv |
-| tests.cpp:697:9:697:15 | *access to array | semmle.label | *access to array |
-| tests.cpp:698:9:698:15 | *access to array | semmle.label | *access to array |
+| tests.cpp:688:32:688:35 | **argv | semmle.label | **argv |
+| tests.cpp:688:32:688:35 | *argv | semmle.label | *argv |
+| tests.cpp:713:9:713:15 | *access to array | semmle.label | *access to array |
+| tests.cpp:714:9:714:15 | *access to array | semmle.label | *access to array |
 | tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
 | tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
 | tests_restrict.c:15:41:15:44 | *argv | semmle.label | *argv |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
@@ -668,6 +668,22 @@ void test27(){
 	}
 }
 
+typedef struct _MYSTRUCT {
+    unsigned long  a;
+    unsigned short b;
+    unsigned char  z[ 100 ];
+} MYSTRUCT;
+
+
+const MYSTRUCT _myStruct = { 0 };
+typedef const MYSTRUCT& MYSTRUCTREF;
+
+// False positive case due to use of typedefs
+int test27(MYSTRUCTREF g)
+{
+	return memcmp(&g, &_myStruct, sizeof(MYSTRUCT)); // GOOD
+}
+
 
 int tests_main(int argc, char *argv[])
 {
