CPP: Lets just not report when we're not sure.

geoffw0 · geoffw0 · commit 94ff2e569312 · 2018-10-05T16:40:54.000+01:00
diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
@@ -25,7 +25,8 @@ private predicate formattingFunctionCallExpectedType(FormattingFunctionCall ffc,
       ffc.getTarget() = f and
       f.getFormatParameterIndex() = i and
       ffc.getArgument(i) = fl and
-      fl.getConversionType(pos) = expected
+      fl.getConversionType(pos) = expected and
+      count(fl.getConversionType(pos)) = 1
     )
 }
 
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_byte_wprintf/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_byte_wprintf/WrongTypeFormatArguments.expected
@@ -1,9 +1,5 @@
 | tests.cpp:18:15:18:22 | Hello | This argument should be of type 'char *' but is of type 'char16_t *' |
 | tests.cpp:19:15:19:22 | Hello | This argument should be of type 'char *' but is of type 'wchar_t *' |
-| tests.cpp:21:15:21:21 | Hello | This argument should be of type 'char16_t *' but is of type 'char *' |
-| tests.cpp:21:15:21:21 | Hello | This argument should be of type 'wchar_t *' but is of type 'char *' |
-| tests.cpp:22:15:22:22 | Hello | This argument should be of type 'wchar_t *' but is of type 'char16_t *' |
-| tests.cpp:23:15:23:22 | Hello | This argument should be of type 'char16_t *' but is of type 'wchar_t *' |
 | tests.cpp:25:17:25:23 | Hello | This argument should be of type 'wchar_t *' but is of type 'char *' |
 | tests.cpp:26:17:26:24 | Hello | This argument should be of type 'wchar_t *' but is of type 'char16_t *' |
 | tests.cpp:30:17:30:24 | Hello | This argument should be of type 'char *' but is of type 'char16_t *' |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_byte_wprintf/tests.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_byte_wprintf/tests.cpp
@@ -18,9 +18,9 @@ void tests() {
 	printf("%s", u"Hello"); // BAD: expecting char
 	printf("%s", L"Hello"); // BAD: expecting char
 
-	printf("%S", "Hello"); // BAD: expecting wchar_t or char16_t
-	printf("%S", u"Hello"); // GOOD [FALSE POSITIVE]
-	printf("%S", L"Hello"); // GOOD [FALSE POSITIVE]
+	printf("%S", "Hello"); // BAD: expecting wchar_t or char16_t [NOT DETECTED]
+	printf("%S", u"Hello"); // GOOD
+	printf("%S", L"Hello"); // GOOD
 
 	wprintf(L"%s", "Hello"); // BAD: expecting wchar_t
 	wprintf(L"%s", u"Hello"); // BAD: expecting wchar_t
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/WrongTypeFormatArguments.expected
@@ -1,4 +1,2 @@
 | tests_32.cpp:14:16:14:23 | void_ptr | This argument should be of type 'long' but is of type 'void *' |
-| tests_32.cpp:15:15:15:15 | l | This argument should be of type 'void *' but is of type 'long' |
 | tests_64.cpp:14:16:14:23 | void_ptr | This argument should be of type 'long' but is of type 'void *' |
-| tests_64.cpp:15:15:15:15 | l | This argument should be of type 'void *' but is of type 'long' |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/tests_32.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/tests_32.cpp
@@ -12,6 +12,6 @@ void test_32()
 
 	printf("%li", l); // GOOD
 	printf("%li", void_ptr); // BAD
-	printf("%p", l); // BAD
+	printf("%p", l); // BAD [NOT DETECTED]
 	printf("%p", void_ptr); // GOOD
 }
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/tests_64.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_mixed_word_size/tests_64.cpp
@@ -12,6 +12,6 @@ void test_64()
 
 	printf("%li", l); // GOOD
 	printf("%li", void_ptr); // BAD
-	printf("%p", l); // BAD
+	printf("%p", l); // BAD [NOT DETECTED]
 	printf("%p", void_ptr); // GOOD
 }

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,8 @@ private predicate formattingFunctionCallExpectedType(FormattingFunctionCall ffc,`
`25`	`25`	`ffc.getTarget() = f and`
`26`	`26`	`f.getFormatParameterIndex() = i and`
`27`	`27`	`ffc.getArgument(i) = fl and`
`28`		`- fl.getConversionType(pos) = expected`
	`28`	`+ fl.getConversionType(pos) = expected and`
	`29`	`+ count(fl.getConversionType(pos)) = 1`
`29`	`30`	`)`
`30`	`31`	`}`
`31`	`32`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,6 @@ void test_32()`
`12`	`12`
`13`	`13`	`printf("%li", l); // GOOD`
`14`	`14`	`printf("%li", void_ptr); // BAD`
`15`		`- printf("%p", l); // BAD`
	`15`	`+ printf("%p", l); // BAD [NOT DETECTED]`
`16`	`16`	`printf("%p", void_ptr); // GOOD`
`17`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,6 @@ void test_64()`
`12`	`12`
`13`	`13`	`printf("%li", l); // GOOD`
`14`	`14`	`printf("%li", void_ptr); // BAD`
`15`		`- printf("%p", l); // BAD`
	`15`	`+ printf("%p", l); // BAD [NOT DETECTED]`
`16`	`16`	`printf("%p", void_ptr); // GOOD`
`17`	`17`	`}`