Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bf88df8

Browse files
jbjjbj
committed
C++: CRLF -> LF line endings
1 parent 69ed608 commit bf88df8

3 files changed

Lines changed: 67 additions & 67 deletions

File tree

cpp/ql/src/experimental/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.c

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
1-
unsigned long sizeArray;
2-
3-
// BAD: let's consider several values, taking ULONG_MAX =18446744073709551615
4-
// sizeArray = 60; (sizeArray - 10) = 50; true
5-
// sizeArray = 10; (sizeArray - 10) = 0; false
6-
// sizeArray = 1; (sizeArray - 10) = 18446744073709551607; true
7-
// sizeArray = 0; (sizeArray - 10) = 18446744073709551606; true
8-
if (sizeArray - 10 > 0)
9-
10-
// GOOD: Prevent overflow by checking the input
11-
if (sizeArray > 10)
1+
unsigned long sizeArray;
2+
3+
// BAD: let's consider several values, taking ULONG_MAX =18446744073709551615
4+
// sizeArray = 60; (sizeArray - 10) = 50; true
5+
// sizeArray = 10; (sizeArray - 10) = 0; false
6+
// sizeArray = 1; (sizeArray - 10) = 18446744073709551607; true
7+
// sizeArray = 0; (sizeArray - 10) = 18446744073709551606; true
8+
if (sizeArray - 10 > 0)
9+
10+
// GOOD: Prevent overflow by checking the input
11+
if (sizeArray > 10)

cpp/ql/src/experimental/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.qhelp

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,33 @@
1-
<!DOCTYPE qhelp PUBLIC
2-
"-//Semmle//qhelp//EN"
3-
"qhelp.dtd">
4-
<qhelp>
5-
<overview>
6-
<p>The code compares the unsigned difference with zero.
7-
It is highly probable that the condition is wrong if the difference expression has the unsigned type.
8-
The condition holds in all the cases when difference is not equal to zero.
9-
It means that we may use condition not equal. But the programmer probably wanted to compare the difference of elements.</p>
10-
11-
<p>False positives include code in which the first difference element is always greater than or equal to the second.
12-
For comparison, ">" such conditions are equivalent to "! =", And are recommended for replacement.
13-
For comparison "> =", the conditions are always true and are recommended to be excluded.</p>
14-
15-
</overview>
16-
<recommendation>
17-
18-
<p>Use a simple comparison of two elements, instead of comparing their difference to zero.</p>
19-
20-
</recommendation>
21-
<example>
22-
<p>The following example demonstrates an erroneous and corrected use of comparison.</p>
23-
<sample src="UnsignedDifferenceExpressionComparedZero.c" />
24-
25-
</example>
26-
<references>
27-
28-
<li>CERT C Coding Standard:
29-
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+conversion+rules">INT02-C. Understand integer conversion rules</a>.
30-
</li>
31-
32-
</references>
33-
</qhelp>
1+
<!DOCTYPE qhelp PUBLIC
2+
"-//Semmle//qhelp//EN"
3+
"qhelp.dtd">
4+
<qhelp>
5+
<overview>
6+
<p>The code compares the unsigned difference with zero.
7+
It is highly probable that the condition is wrong if the difference expression has the unsigned type.
8+
The condition holds in all the cases when difference is not equal to zero.
9+
It means that we may use condition not equal. But the programmer probably wanted to compare the difference of elements.</p>
10+
11+
<p>False positives include code in which the first difference element is always greater than or equal to the second.
12+
For comparison, ">" such conditions are equivalent to "! =", And are recommended for replacement.
13+
For comparison "> =", the conditions are always true and are recommended to be excluded.</p>
14+
15+
</overview>
16+
<recommendation>
17+
18+
<p>Use a simple comparison of two elements, instead of comparing their difference to zero.</p>
19+
20+
</recommendation>
21+
<example>
22+
<p>The following example demonstrates an erroneous and corrected use of comparison.</p>
23+
<sample src="UnsignedDifferenceExpressionComparedZero.c" />
24+
25+
</example>
26+
<references>
27+
28+
<li>CERT C Coding Standard:
29+
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+conversion+rules">INT02-C. Understand integer conversion rules</a>.
30+
</li>
31+
32+
</references>
33+
</qhelp>

cpp/ql/src/experimental/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,23 @@
1-
/**
2-
* @name Unsigned difference expression compared to zero
3-
* @description It is highly probable that the condition is wrong if the difference expression has the unsigned type.
4-
* The condition holds in all the cases when difference is not equal to zero. It means that we may use condition not equal.
5-
* But the programmer probably wanted to compare the difference of elements.
6-
* @kind problem
7-
* @id cpp/unsigned-difference-expression-compared-zero
8-
* @problem.severity warning
9-
* @precision medium
10-
* @tags security
11-
* external/cwe/cwe-191
12-
*/
13-
14-
import cpp
15-
import semmle.code.cpp.commons.Exclusions
16-
17-
from RelationalOperation ro, SubExpr sub
18-
where
19-
not isFromMacroDefinition(ro) and
20-
ro.getLesserOperand().getValue().toInt() = 0 and
21-
ro.getGreaterOperand() = sub and
22-
sub.getFullyConverted().getUnspecifiedType().(IntegralType).isUnsigned()
23-
select ro , " difference in condition is always greater than or equal to zero "
1+
/**
2+
* @name Unsigned difference expression compared to zero
3+
* @description It is highly probable that the condition is wrong if the difference expression has the unsigned type.
4+
* The condition holds in all the cases when difference is not equal to zero. It means that we may use condition not equal.
5+
* But the programmer probably wanted to compare the difference of elements.
6+
* @kind problem
7+
* @id cpp/unsigned-difference-expression-compared-zero
8+
* @problem.severity warning
9+
* @precision medium
10+
* @tags security
11+
* external/cwe/cwe-191
12+
*/
13+
14+
import cpp
15+
import semmle.code.cpp.commons.Exclusions
16+
17+
from RelationalOperation ro, SubExpr sub
18+
where
19+
not isFromMacroDefinition(ro) and
20+
ro.getLesserOperand().getValue().toInt() = 0 and
21+
ro.getGreaterOperand() = sub and
22+
sub.getFullyConverted().getUnspecifiedType().(IntegralType).isUnsigned()
23+
select ro , " difference in condition is always greater than or equal to zero "

0 commit comments

Comments
 (0)