CPP: Add test cases using various combinations of width and precision specifiers, positional arguments, and flags.

geoffw0 · geoffw0 · commit 760884051cb2 · 2019-11-11T15:27:22.000Z
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/WrongTypeFormatArguments.expected
@@ -16,6 +16,37 @@
 | printf1.h:114:18:114:18 | d | This argument should be of type 'long double' but is of type 'double' |
 | printf1.h:147:19:147:19 | i | This argument should be of type 'long long' but is of type 'int' |
 | printf1.h:148:19:148:20 | ui | This argument should be of type 'unsigned long long' but is of type 'unsigned int' |
+| printf1.h:159:18:159:18 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:160:18:160:18 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:167:17:167:17 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:168:18:168:18 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:169:19:169:19 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:174:17:174:17 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:175:18:175:18 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:176:19:176:19 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:180:17:180:17 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:181:20:181:20 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:183:18:183:18 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:184:21:184:21 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:186:19:186:19 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:187:22:187:22 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:189:19:189:19 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:190:22:190:22 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:192:19:192:19 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:193:22:193:22 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:194:25:194:25 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:213:28:213:28 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:214:28:214:28 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:215:28:215:28 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:216:28:216:28 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:221:18:221:18 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:222:20:222:20 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:233:22:233:22 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:233:25:233:25 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:234:22:234:22 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:234:25:234:25 | i | This argument should be of type 'char *' but is of type 'int' |
+| printf1.h:235:22:235:22 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:235:25:235:25 | i | This argument should be of type 'char *' but is of type 'int' |
 | real_world.h:61:21:61:22 | & ... | This argument should be of type 'int *' but is of type 'short *' |
 | real_world.h:62:22:62:23 | & ... | This argument should be of type 'short *' but is of type 'int *' |
 | real_world.h:63:22:63:24 | & ... | This argument should be of type 'short *' but is of type 'unsigned int *' |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/printf1.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/printf1.h
@@ -151,3 +151,86 @@ void fun4()
   printf("%qi\n", ll); // GOOD
   printf("%qu\n", ull); // GOOD
 }
+
+void complexFormatSymbols(int i, const char *s)
+{
+  // positional arguments
+  printf("%1$i", i, s); // GOOD
+  printf("%2$s", i, s); // GOOD [FALSE POSITIVE]
+  printf("%1$s", i, s); // BAD
+  printf("%2$i", i, s); // BAD [NOT DETECTED]
+
+  // width / precision
+  printf("%4i", i); // GOOD
+  printf("%.4i", i); // GOOD
+  printf("%4.4i", i); // GOOD
+  printf("%4s", i); // BAD
+  printf("%.4s", i); // BAD
+  printf("%4.4s", i); // BAD
+
+  printf("%4s", s); // GOOD
+  printf("%.4s", s); // GOOD
+  printf("%4.4s", s); // GOOD
+  printf("%4i", s); // BAD
+  printf("%.4i", s); // BAD
+  printf("%4.4i", s); // BAD
+
+  // variable width / precision
+  printf("%*s", i, s); // GOOD
+  printf("%*s", s, s); // BAD
+  printf("%*s", i, i); // BAD
+  printf("%.*s", i, s); // GOOD
+  printf("%.*s", s, s); // BAD
+  printf("%.*s", i, i); // BAD
+  printf("%*.4s", i, s); // GOOD
+  printf("%*.4s", s, s); // BAD
+  printf("%*.4s", i, i); // BAD
+  printf("%4.*s", i, s); // GOOD
+  printf("%4.*s", s, s); // BAD
+  printf("%4.*s", i, i); // BAD
+  printf("%*.*s", i, i, s); // GOOD
+  printf("%*.*s", s, i, s); // BAD
+  printf("%*.*s", i, s, s); // BAD
+  printf("%*.*s", i, i, i); // BAD
+
+  // positional arguments mixed with variable width / precision
+  printf("%2$*1$s", i, s); // GOOD
+  printf("%2$*2$s", i, s); // BAD [NOT DETECTED]
+  printf("%1$*1$s", i, s); // BAD [NOT DETECTED]
+
+  printf("%2$*1$.4s", i, s); // GOOD
+  printf("%2$*2$.4s", i, s); // BAD [NOT DETECTED]
+  printf("%1$*1$.4s", i, s); // BAD [NOT DETECTED]
+
+  printf("%2$.*1$s", i, s); // GOOD
+  printf("%2$.*2$s", i, s); // BAD [NOT DETECTED]
+  printf("%1$.*1$s", i, s); // BAD [NOT DETECTED]
+
+  printf("%2$4.*1$s", i, s); // GOOD
+  printf("%2$4.*2$s", i, s); // BAD [NOT DETECTED]
+  printf("%1$4.*1$s", i, s); // BAD [NOT DETECTED]
+
+  printf("%2$*1$.*1$s", i, s); // GOOD [FALSE POSITIVE]
+  printf("%2$*2$.*1$s", i, s); // BAD
+  printf("%2$*1$.*2$s", i, s); // BAD
+  printf("%1$*1$.*1$s", i, s); // BAD
+
+  // left justify flag
+  printf("%-4s", s); // GOOD
+  printf("%1$-4s", s); // GOOD
+  printf("%-4i", s); // BAD
+  printf("%1$-4i", s); // BAD
+
+  printf("%1$-4s", s, i); // GOOD
+  printf("%2$-4s", s, i); // BAD [NOT DETECTED]
+
+  printf("%1$-.4s", s, i); // GOOD
+  printf("%2$-.4s", s, i); // BAD [NOT DETECTED]
+
+  printf("%1$-4.4s", s, i); // GOOD
+  printf("%2$-4.4s", s, i); // BAD [NOT DETECTED]
+ 
+  printf("%1$-*2$s", s, i); // GOOD [FALSE POSITIVE x2]
+  printf("%2$-*2$s", s, i); // BAD [ADDITIONAL RESULT IS A FALSE POSITIVE]
+  printf("%1$-*1$s", s, i); // BAD [ADDITIONAL RESULT IS A FALSE POSITIVE]
+}
