-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathtest2.c
More file actions
86 lines (65 loc) · 2.25 KB
/
test2.c
File metadata and controls
86 lines (65 loc) · 2.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
/* Semmle test case for SizeCheck2.ql
Associated with CWE-131 http://cwe.mitre.org/data/definitions/131.html
Each query is expected to find exactly the lines marked BAD in the section corresponding to it.
*/
///// Library functions //////
typedef unsigned long size_t;
void *malloc(size_t size);
void free(void *ptr);
//// Test code /////
void bad0(void) {
long long *lptr = malloc(27); // BAD -- Not a multiple of sizeof(long long)
double *dptr = malloc(33); // BAD -- Not a multiple of sizeof(double)
free(lptr);
free(dptr);
}
void good0(void) {
float *fptr = malloc(24); // GOOD -- An integral multiple
double *dptr = malloc(56); // GOOD -- An integral multiple
free(fptr);
free(dptr);
}
void bad1(void) {
long long *lptr = malloc(sizeof(long long)*7/2); // BAD -- Not a multiple of sizeof(long long)
double *dptr = malloc(sizeof(double)*5/2); // BAD -- Not a multiple of sizeof(double)
free(lptr);
free(dptr);
}
void good1(void) {
long long *lptr = malloc(sizeof(long long)*5); // GOOD -- An integral multiple
double *dptr = malloc(sizeof(double)*7); // GOOD -- An integral multiple
free(lptr);
free(dptr);
}
// --- custom allocators ---
void *MyMalloc1(size_t size) { return malloc(size); }
void *MyMalloc2(size_t size);
void customAllocatorTests()
{
double *dptr1 = MyMalloc1(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
double *dptr2 = MyMalloc2(33); // BAD -- Not a multiple of sizeof(double) [NOT DETECTED]
}
// --- variable length data structures ---
typedef unsigned char uint8_t;
typedef struct _MyVarStruct1 {
size_t dataLen;
uint8_t data[0];
} MyVarStruct1;
typedef struct _MyVarStruct2 {
size_t dataLen;
uint8_t data[1];
} MyVarStruct2;
typedef struct _MyVarStruct3 {
size_t dataLen;
uint8_t data[];
} MyVarStruct3;
typedef struct _MyFixedStruct {
size_t dataLen;
uint8_t data[1024];
} MyFixedStruct;
void varStructTests() {
MyVarStruct1 *a = malloc(sizeof(MyVarStruct1) + 127); // GOOD
MyVarStruct2 *b = malloc(sizeof(MyVarStruct2) + 127); // GOOD
MyVarStruct3 *c = malloc(sizeof(MyVarStruct3) + 127); // GOOD
MyFixedStruct *d = malloc(sizeof(MyFixedStruct) + 127); // BAD --- Not a multiple of sizeof(MyFixedStruct)
}