File tree Expand file tree Collapse file tree
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-125/semmle/tests Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ #define NULL 0
2+ typedef unsigned int size_t ;
3+
4+ unsigned char * _mbsnbcpy (unsigned char * strDest,const unsigned char * strSource,size_t count);
5+ size_t _mbclen (const unsigned char *c);
6+ void _mbccpy (unsigned char *dest,const unsigned char *src);
7+ unsigned char *_mbsinc (const unsigned char *current);
8+ void goodTest1 (unsigned char *src){
9+ unsigned char dst[50 ];
10+ _mbsnbcpy (dst,src,sizeof (dst)); // GOOD
11+ }
12+ size_t badTest1 (unsigned char *src){
13+ int cb = 0 ;
14+ unsigned char dst[50 ];
15+ while ( cb < sizeof (dst) )
16+ dst[cb++]=*src++; // BAD
17+ return _mbclen (dst);
18+ }
19+ void goodTest2 (unsigned char *src){
20+
21+ int cb = 0 ;
22+ unsigned char dst[50 ];
23+ while ( (cb + _mbclen (src)) <= sizeof (dst) )
24+ {
25+ _mbccpy (dst+cb,src); // GOOD
26+ cb+=_mbclen (src);
27+ src=_mbsinc (src);
28+ }
29+ }
30+ void badTest2 (unsigned char *src){
31+
32+ int cb = 0 ;
33+ unsigned char dst[50 ];
34+ while ( cb < sizeof (dst) )
35+ {
36+ _mbccpy (dst+cb,src); // BAD
37+ cb+=_mbclen (src);
38+ src=_mbsinc (src);
39+ }
40+ }
41+ void goodTest3 (){
42+ wchar_t name[50 ];
43+ name[sizeof (name) / sizeof (*name) - 1 ] = L' \0 ' // GOOD
44+ }
45+ void badTest3 (){
46+ wchar_t name[50 ];
47+ name[sizeof (name) - 1 ] = L' \0 ' // BAD
48+ }
You can’t perform that action at this time.
0 commit comments