C++: Exclude custom vprintf implementations.

geoffw0 · geoffw0 · commit 03922aa1f524 · 2021-01-29T21:20:36.000Z
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Printf.qll b/cpp/ql/src/semmle/code/cpp/commons/Printf.qll
@@ -50,7 +50,10 @@ predicate primitiveVariadicFormatter(
     then formatParamIndex = f.getNumberOfParameters() - 3
     else formatParamIndex = f.getNumberOfParameters() - 2
   ) and
-  if type = "" then outputParamIndex = -1 else outputParamIndex = 0 // Conveniently, these buffer parameters are all at index 0.
+  (
+    if type = "" then outputParamIndex = -1 else outputParamIndex = 0 // Conveniently, these buffer parameters are all at index 0.
+  ) and
+  not exists(f.getBlock()) // exclude functions with an implementation in the snapshot as they may not be standard implementations.
 }
 
 private predicate callsVariadicFormatter(
