Skip to content

Commit 01611d4

Browse files
committed
CPP: Add a test for OffsetUseBeforeRangeCheck.ql.
1 parent dd6fd40 commit 01611d4

File tree

3 files changed

+56
-0
lines changed

3 files changed

+56
-0
lines changed
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
| test.cpp:11:10:11:18 | access to array | This use of offset 'i' should follow the $@. | test.cpp:11:32:11:45 | ... < ... | range check |
2+
| test.cpp:15:7:15:15 | access to array | This use of offset 'i' should follow the $@. | test.cpp:15:29:15:42 | ... < ... | range check |
3+
| test.cpp:33:28:33:36 | access to array | This use of offset 'i' should follow the $@. | test.cpp:33:50:33:67 | ... < ... | range check |
4+
| test.cpp:35:32:35:40 | access to array | This use of offset 'i' should follow the $@. | test.cpp:35:54:35:67 | ... < ... | range check |
5+
| test.cpp:39:8:39:16 | access to array | This use of offset 'i' should follow the $@. | test.cpp:39:30:39:47 | ... < ... | range check |
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
2+
void test(char *buffer, int bufferSize)
3+
{
4+
int i;
5+
6+
// skip whitespace
7+
i = 0;
8+
while ((i < bufferSize) && (buffer[i] == ' ')) { i++; } // GOOD
9+
10+
i = 0;
11+
while ((buffer[i] == ' ') && (i < bufferSize)) { i++; } // BAD
12+
13+
// check for 'x'
14+
if ((i < bufferSize) && (buffer[i] == 'x')) {} // GOOD
15+
if ((buffer[i] == 'x') && (i < bufferSize)) {} // BAD
16+
17+
if ((bufferSize > i) && (buffer[i] == 'x')) {} // GOOD
18+
if ((buffer[i] == 'x') && (bufferSize > i)) {} // BAD [NOT DETECTED]
19+
20+
if ((i <= bufferSize - 1) && (buffer[i] == 'x')) {} // GOOD
21+
if ((buffer[i] == 'x') && (i <= bufferSize - 1)) {} // BAD [NOT DETECTED]
22+
23+
if ((bufferSize >= i + 1) && (buffer[i] == 'x')) {} // GOOD
24+
if ((buffer[i] == 'x') && (bufferSize >= i + 1)) {} // BAD [NOT DETECTED]
25+
26+
if ((i < bufferSize) && (true) && (buffer[i] == 'x')) {} // GOOD
27+
if ((buffer[i] == 'x') && (true) && (i < bufferSize)) {} // BAD [NOT DETECTED]
28+
29+
if ((i < bufferSize - 1) && (buffer[i + 1] == 'x')) {} // GOOD
30+
if ((buffer[i + 1] == 'x') && (i < bufferSize - 1)) {} // BAD [NOT DETECTED]
31+
32+
if ((i < bufferSize) && (buffer[i] == 'x') && (i < bufferSize - 1)) {} // GOOD
33+
if ((i < bufferSize) && ((buffer[i] == 'x') && (i < bufferSize - 1))) {} // GOOD [FALSE POSITIVE]
34+
if ((i < bufferSize + 1) && (buffer[i] == 'x') && (i < bufferSize)) {} // BAD [NOT DETECTED]
35+
if ((i < bufferSize + 1) && ((buffer[i] == 'x') && (i < bufferSize))) {} // BAD
36+
37+
// look for 'ab'
38+
for (i = 0; i < bufferSize; i++) {
39+
if ((buffer[i] == 'a') && (i < bufferSize - 1) && (buffer[i + 1] == 'b')) // GOOD [FALSE POSITIVE]
40+
break;
41+
}
42+
43+
if ((i < bufferSize) && (buffer[i])) {} // GOOD
44+
if ((buffer[i]) && (i < bufferSize)) {} // BAD [NOT DETECTED]
45+
46+
if ((i < bufferSize) && (buffer[i] + 1 == 'x')) {} // GOOD
47+
if ((buffer[i] + 1 == 'x') && (i < bufferSize)) {} // BAD [NOT DETECTED]
48+
49+
if ((buffer != 0) && (i < bufferSize)) {} // GOOD
50+
}

0 commit comments

Comments
 (0)