[CPP-434] Drop the requirement that RHS not be cast to unsigned, since overflow occurs on LHS. Adjust test case.

zlaski-semmle · zlaski-semmle · commit 5558922b31f4 · 2019-10-11T17:01:16.000-07:00
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
@@ -25,6 +25,5 @@ where
   add.getAnOperand() = va1 and
   ro.getAnOperand() = va2 and
   globalValueNumber(va1) = globalValueNumber(va2) and
-  isSignedWithoutUnsignedCast(add) and
-  isSignedWithoutUnsignedCast(va2)
+  isSignedWithoutUnsignedCast(add)
 select ro, "Testing for signed overflow may produce undefined results."
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.cpp b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.cpp
@@ -94,11 +94,7 @@ int checkOverflow4(unsigned int ioff, C c) {
   return 1;
 }
 
-#define AV_INPUT_BUFFER_PADDING_SIZE 64
-
-int overflow12(int codecdata_length) {
-	if(codecdata_length + AV_INPUT_BUFFER_PADDING_SIZE <= (unsigned)codecdata_length) { // GOOD
-	  return -1;
-	}
-	return 1;
+int overflow12(int n) {
+    // not deleted by gcc or clang
+	return (n + 32 <= (unsigned)n? -1: 1); // BAD
 }
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.expected b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/SignedOverflowCheck/SignedOverflowCheck.expected
@@ -1,3 +1,4 @@
 | SignedOverflowCheck.cpp:8:12:8:22 | ... < ... | Testing for signed overflow may produce undefined results. |
 | SignedOverflowCheck.cpp:18:12:18:26 | ... < ... | Testing for signed overflow may produce undefined results. |
 | SignedOverflowCheck.cpp:35:9:35:23 | ... < ... | Testing for signed overflow may produce undefined results. |
+| SignedOverflowCheck.cpp:99:10:99:30 | ... <= ... | Testing for signed overflow may produce undefined results. |

Original file line number	Diff line number	Diff line change
`@@ -94,11 +94,7 @@ int checkOverflow4(unsigned int ioff, C c) {`
`94`	`94`	`return 1;`
`95`	`95`	`}`
`96`	`96`
`97`		`-#define AV_INPUT_BUFFER_PADDING_SIZE 64`
`98`		`-`
`99`		`-int overflow12(int codecdata_length) {`
`100`		`- if(codecdata_length + AV_INPUT_BUFFER_PADDING_SIZE <= (unsigned)codecdata_length) { // GOOD`
`101`		`- return -1;`
`102`		`- }`
`103`		`- return 1;`
	`97`	`+int overflow12(int n) {`
	`98`	`+ // not deleted by gcc or clang`
	`99`	`+ return (n + 32 <= (unsigned)n? -1: 1); // BAD`
`104`	`100`	`}`