File tree Expand file tree Collapse file tree
cpp/ql/test/query-tests/Likely Bugs/Arithmetic/BitwiseSignCheck Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11| bsc.cpp:2:10:2:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
22| bsc.cpp:6:10:6:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
33| bsc.cpp:10:10:10:33 | ... >= ... | Potential unsafe sign check of a bitwise operation. |
4+ | bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
5+ | bsc.cpp:30:10:30:20 | ... < ... | Potential unsafe sign check of a bitwise operation. |
Original file line number Diff line number Diff line change 11bool is_bit_set_v1 (int x, int bitnum) {
2- return (x & (1 << bitnum)) > 0 ;
2+ return (x & (1 << bitnum)) > 0 ; // BAD
33}
44
55bool is_bit_set_v2 (int x, int bitnum) {
6- return ((1 << bitnum) & x) > 0 ;
6+ return ((1 << bitnum) & x) > 0 ; // BAD
77}
88
99bool plain_wrong (int x, int bitnum) {
10- return (x & (1 << bitnum)) >= 0 ;
10+ return (x & (1 << bitnum)) >= 0 ; // ???
1111}
1212
1313bool is_bit24_set (int x) {
14- return (x & (1 << 24 )) > 0 ;
14+ return (x & (1 << 24 )) > 0 ; // GOOD (result will always be positive)
15+ }
16+
17+ bool is_bit31_set_bad_v1 (int x) {
18+ return (x & (1 << 31 )) > 0 ; // BAD
19+ }
20+
21+ bool is_bit31_set_bad_v2 (int x) {
22+ return 0 < (x & (1 << 31 )); // BAD [NOT DETECTED]
23+ }
24+
25+ bool is_bit31_set_good (int x) {
26+ return (x & (1 << 31 )) != 0 ; // GOOD (uses `!=`)
27+ }
28+
29+ bool deliberately_checking_sign (int x, int y) {
30+ return (x & y) < 0 ; // GOOD (use of `<` implies the sign check is intended) [FALSE POSITIVE]
1531}
You can’t perform that action at this time.
0 commit comments