From 496efeed7ed7774b272fccb9c82523d2e8713224 Mon Sep 17 00:00:00 2001 From: Calum Grant Date: Mon, 4 Nov 2024 17:36:23 +0000 Subject: [PATCH 1/2] C++: Add a test for cpp/wrong-number-format-arguments --- .../WrongNumberOfFormatArguments.expected | 1 + .../Format/WrongNumberOfFormatArguments/syntax_errors.c | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected index d99190ef1eba..24dae00b0dd0 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected @@ -5,6 +5,7 @@ | macros.cpp:14:2:14:37 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 | | macros.cpp:21:2:21:36 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 | | macros.cpp:32:2:32:25 | call to printf | Format for printf (in a macro expansion) expects 1 arguments but given 0 | +| syntax_errors.c:6:5:6:10 | call to printf | Format for printf expects 1 arguments but given 0 | | test.c:9:2:9:7 | call to printf | Format for printf expects 1 arguments but given 0 | | test.c:12:2:12:7 | call to printf | Format for printf expects 2 arguments but given 1 | | test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c new file mode 100644 index 000000000000..8dfa8b9418c8 --- /dev/null +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c @@ -0,0 +1,7 @@ +// semmle-extractor-options: --expect_errors + +extern int printf(const char *fmt, ...); + +void test_syntax_error() { + printf("Error code %d: " FMT_MSG, 0, ""); +} From 397bf7c5e2f70c4b84e074508978c59fe979d329 Mon Sep 17 00:00:00 2001 From: Calum Grant Date: Mon, 4 Nov 2024 17:38:16 +0000 Subject: [PATCH 2/2] C++: Fix FPs caused by a syntax error --- .../Format/WrongNumberOfFormatArguments.ql | 19 ++++++++++++++++++- .../WrongNumberOfFormatArguments.expected | 1 - 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql index 1deb9493ca35..1dd1668a8805 100644 --- a/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql +++ b/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql @@ -16,6 +16,20 @@ import cpp +class SyntaxError extends CompilerError { + SyntaxError() { this.getTag().matches("exp_%") } + + predicate affects(Element e) { + exists(Location l1, Location l2 | + l1 = this.getLocation() and + l2 = e.getLocation() + | + l1.getFile() = l2.getFile() and + l1.getStartLine() = l2.getStartLine() + ) + } +} + from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given, string ffcName where ffc = fl.getUse() and @@ -27,7 +41,10 @@ where if ffc.isInMacroExpansion() then ffcName = ffc.getTarget().getName() + " (in a macro expansion)" else ffcName = ffc.getTarget().getName() - ) + ) and + // A typical problem is that string literals are concatenated, but if one of the string + // literals is an undefined macro, then this just leads to a syntax error. + not exists(SyntaxError e | e.affects(fl)) select ffc, "Format for " + ffcName + " expects " + expected.toString() + " arguments but given " + given.toString() diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected index 24dae00b0dd0..d99190ef1eba 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/WrongNumberOfFormatArguments.expected @@ -5,7 +5,6 @@ | macros.cpp:14:2:14:37 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 | | macros.cpp:21:2:21:36 | call to printf | Format for printf (in a macro expansion) expects 4 arguments but given 3 | | macros.cpp:32:2:32:25 | call to printf | Format for printf (in a macro expansion) expects 1 arguments but given 0 | -| syntax_errors.c:6:5:6:10 | call to printf | Format for printf expects 1 arguments but given 0 | | test.c:9:2:9:7 | call to printf | Format for printf expects 1 arguments but given 0 | | test.c:12:2:12:7 | call to printf | Format for printf expects 2 arguments but given 1 | | test.c:15:2:15:7 | call to printf | Format for printf expects 3 arguments but given 2 |