Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2292518

Browse files
zlaski-semmlezlaski-semmle
committed
[CPP-434] Change query so it flags overflows that were cast to unsigned.
1 parent 6772fa1 commit 2292518

4 files changed

Lines changed: 6 additions & 4 deletions

File tree

cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ import cpp
1515
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
1616

1717
private predicate isSignedWithoutUnsignedCast(Expr e) {
18-
e.getType().getUnspecifiedType().(IntegralType).isSigned() and
19-
not e.getExplicitlyConverted().getType().getUnspecifiedType().(IntegralType).isUnsigned()
18+
e.getType().getUnspecifiedType().(IntegralType).isSigned() /*and
19+
not e.getExplicitlyConverted().getType().getUnspecifiedType().(IntegralType).isUnsigned()*/
2020
}
2121

2222
from RelationalOperation ro, AddExpr add, VariableAccess va1, VariableAccess va2

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/SignedOverflowCheck.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ bool shortShort2(unsigned short n1, unsigned short delta) {
3939
// clang 8.0.0 -O2: not deleted
4040
// gcc 9.2 -O2: not deleted
4141
// msvc 19.22 /O2: not deleted
42-
return (unsigned short)(n1 + delta) < n1; // GOOD
42+
return (unsigned short)(n1 + delta) < n1; // BAD: n1 + delta overflow undefined
4343
}
4444

4545
/* Distinguish `varname` from `ptr->varname` and `obj.varname` */

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/SignedOverflowCheck.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
| SignedOverflowCheck.cpp:8:12:8:22 | ... < ... | Testing for signed overflow may produce undefined results. |
22
| SignedOverflowCheck.cpp:18:12:18:26 | ... < ... | Testing for signed overflow may produce undefined results. |
33
| SignedOverflowCheck.cpp:35:9:35:23 | ... < ... | Testing for signed overflow may produce undefined results. |
4+
| SignedOverflowCheck.cpp:42:9:42:41 | ... < ... | Testing for signed overflow may produce undefined results. |
45
| SignedOverflowCheck.cpp:99:10:99:30 | ... <= ... | Testing for signed overflow may produce undefined results. |
56
| SignedOverflowCheck.cpp:106:12:106:62 | ... < ... | Testing for signed overflow may produce undefined results. |
67
| SignedOverflowCheck.cpp:113:12:113:66 | ... < ... | Testing for signed overflow may produce undefined results. |
78
| test.cpp:3:11:3:19 | ... < ... | Testing for signed overflow may produce undefined results. |
9+
| test.cpp:8:11:8:37 | ... < ... | Testing for signed overflow may produce undefined results. |

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BadAdditionOverflowCheck/test.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ bool checkOverflow1(unsigned short a, unsigned short b) {
55

66
// Test for BadAdditionOverflowCheck.
77
bool checkOverflow2(unsigned short a, unsigned short b) {
8-
return ((unsigned short)(a + b) < a); // GOOD: explicit cast
8+
return ((unsigned short)(a + b) < a); // BAD: a + b overflow undefined
99
}
1010

1111
// Test for PointlessSelfComparison.

0 commit comments

Comments
 (0)