Skip to content

Commit d30aab4

Browse files
oscarsjoscarsj
authored
Merge branch 'main' into post-release-prep/codeql-cli-2.25.0
2 parents 2139b97 + 7a33e2f commit d30aab4

File tree

405 files changed

+479
-193
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

405 files changed

+479
-193
lines changed

MODULE.bazel

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ bazel_dep(name = "platforms", version = "1.0.0")
1818
bazel_dep(name = "rules_cc", version = "0.2.17")
1919
bazel_dep(name = "rules_go", version = "0.60.0")
2020
bazel_dep(name = "rules_java", version = "9.0.3")
21-
bazel_dep(name = "rules_pkg", version = "1.0.1")
21+
bazel_dep(name = "rules_pkg", version = "1.2.0")
2222
bazel_dep(name = "rules_nodejs", version = "6.7.3")
2323
bazel_dep(name = "rules_python", version = "1.9.0")
2424
bazel_dep(name = "rules_shell", version = "0.6.1")
@@ -30,7 +30,7 @@ bazel_dep(name = "rules_kotlin", version = "2.2.2-codeql.1")
3030
bazel_dep(name = "gazelle", version = "0.47.0")
3131
bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
3232
bazel_dep(name = "googletest", version = "1.17.0.bcr.2")
33-
bazel_dep(name = "rules_rust", version = "0.68.1.codeql.1")
33+
bazel_dep(name = "rules_rust", version = "0.69.0")
3434
bazel_dep(name = "zstd", version = "1.5.7.bcr.1")
3535

3636
bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)

cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -168,9 +168,11 @@ where
168168
formatOtherArgType(ffc, n, expected, arg, actual) and
169169
not actual.getUnspecifiedType().(IntegralType).getSize() = sizeof_IntType()
170170
) and
171+
// Exclude some cases where we're less confident the result is correct / clear / valuable
171172
not arg.isAffectedByMacro() and
172173
not arg.isFromUninstantiatedTemplate(_) and
173174
not actual.stripType() instanceof ErroneousType and
175+
not arg.getType().stripType().(RoutineType).getReturnType() instanceof ErroneousType and
174176
not arg.(Call).mayBeFromImplicitlyDeclaredFunction() and
175177
// Make sure that the format function definition is consistent
176178
count(ffc.getTarget().getFormatParameterIndex()) = 1

cpp/ql/src/change-notes/2026-03-16-wrong-type-format-argument.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases.

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
1+
| second.cpp:26:18:26:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
2+
| second.cpp:29:18:29:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
13
| tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
2+
// defines type size_t plausibly
3+
typedef unsigned long size_t;

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
// semmle-extractor-options: --expect_errors
2+
3+
int printf(const char * format, ...);
4+
5+
// defines type `myFunctionPointerType`, referencing `size_t`
6+
typedef size_t (*myFunctionPointerType) ();
7+
8+
void test_size_t() {
9+
size_t s = 0;
10+
11+
printf("%zd", s); // GOOD
12+
printf("%zi", s); // GOOD
13+
printf("%zu", s); // GOOD (we generally permit signedness changes)
14+
printf("%zx", s); // GOOD (we generally permit signedness changes)
15+
printf("%d", s); // BAD [NOT DETECTED]
16+
printf("%ld", s); // DUBIOUS [NOT DETECTED]
17+
printf("%lld", s); // DUBIOUS [NOT DETECTED]
18+
printf("%u", s); // BAD [NOT DETECTED]
19+
20+
char buffer[1024];
21+
22+
printf("%zd", &buffer[1023] - buffer); // GOOD
23+
printf("%zi", &buffer[1023] - buffer); // GOOD
24+
printf("%zu", &buffer[1023] - buffer); // GOOD
25+
printf("%zx", &buffer[1023] - buffer); // GOOD
26+
printf("%d", &buffer[1023] - buffer); // BAD
27+
printf("%ld", &buffer[1023] - buffer); // DUBIOUS [NOT DETECTED]
28+
printf("%lld", &buffer[1023] - buffer); // DUBIOUS [NOT DETECTED]
29+
printf("%u", &buffer[1023] - buffer); // BAD
30+
// (for the `%ld` and `%lld` cases, the signedness and type sizes match, `%zd` would be most correct
31+
// and robust but the developer may know enough to make this safe)
32+
}

misc/bazel/3rdparty/py_deps/BUILD.aho-corasick-1.1.3.bazel

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

misc/bazel/3rdparty/py_deps/BUILD.anstream-0.6.18.bazel

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

misc/bazel/3rdparty/py_deps/BUILD.anstyle-1.0.10.bazel

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

misc/bazel/3rdparty/py_deps/BUILD.anstyle-parse-0.2.6.bazel

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)