C++: Additional test case for FormattingFunction.

geoffw0 · geoffw0 · commit 99b01e7d36e9 · 2020-11-30T15:25:51.000Z
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/WrongTypeFormatArguments.expected
@@ -53,6 +53,8 @@
 | printf1.h:231:25:231:25 | i | This argument should be of type 'char *' but is of type 'int' |
 | printf1.h:234:25:234:25 | i | This argument should be of type 'char *' but is of type 'int' |
 | printf1.h:235:22:235:22 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:276:32:276:32 | s | This argument should be of type 'int' but is of type 'char *' |
+| printf1.h:278:17:278:17 | s | This argument should be of type 'int' but is of type 'char *' |
 | real_world.h:61:21:61:22 | & ... | This argument should be of type 'int *' but is of type 'short *' |
 | real_world.h:62:22:62:23 | & ... | This argument should be of type 'short *' but is of type 'int *' |
 | real_world.h:63:22:63:24 | & ... | This argument should be of type 'short *' but is of type 'unsigned int *' |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/common.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/common.h
@@ -8,10 +8,12 @@ typedef struct _IO_FILE FILE;
 #define va_list void *
 #define va_start(x, y)
 #define va_end(x)
+#define va_arg(ap, type) ((type)0)
 
 extern int printf(const char *fmt, ...);
 extern int vprintf(const char *fmt, va_list ap);
 extern int vfprintf(FILE *stream, const char *format, va_list ap);
+extern int vsnprintf(char *s, size_t n, const char *format, va_list arg);
 
 #include "printf1.h"
 #include "real_world.h"
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/printf1.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Linux_signed_chars/printf1.h
@@ -234,3 +234,46 @@ void complexFormatSymbols(int i, const char *s)
   printf("%2$-*2$s", s, i); // BAD
   printf("%1$-*1$s", s, i); // BAD
 }
+
+void myvsnprintf(const char *format_string, char *target, size_t buffer_size, va_list args)
+{
+	// wraps vsnprintf with different parameter order
+	vsnprintf(target, buffer_size, format_string, args);
+}
+
+void mysprintf(const char *format_string, char *target, size_t buffer_size, ...)
+{
+	// wraps myvsnprintf as an snprintf-like
+	va_list args;
+
+	va_start(args, text);
+		myvsnprintf(format_string, target, buffer_size, args);
+
+		// ...
+
+	va_end(args);
+}
+
+void myprintf(const char *format_string, ...)
+{
+	// wraps myvsnprintf as an printf-like (i.e. doesn't pass in a buffer from the caller)
+	char buffer[1024];
+	va_list args;
+
+	va_start(args, text);
+		myvsnprintf(format_string, buffer, 1024, args);
+
+		// ...
+
+	va_end(args);
+}
+
+void usemyprintf(int i, char *s)
+{
+	char buffer[1024];
+
+	mysprintf("%i", buffer, 1024, i); // GOOD
+	mysprintf("%i", buffer, 1024, s); // BAD
+	myprintf("%i", i); // GOOD
+	myprintf("%i", s); // BAD
+}
