File tree Expand file tree Collapse file tree
cpp/ql/test/library-tests/dataflow/taint-tests Expand file tree Collapse file tree Original file line number Diff line number Diff line change 324324| taint.cpp:347:13:347:13 | d | taint.cpp:347:12:347:13 | & ... | |
325325| taint.cpp:348:14:348:14 | ref arg e | taint.cpp:355:7:355:7 | e | |
326326| taint.cpp:348:17:348:17 | ref arg t | taint.cpp:350:7:350:7 | t | |
327+ | taint.cpp:365:24:365:29 | source | taint.cpp:369:13:369:18 | source | |
328+ | taint.cpp:365:24:365:29 | source | taint.cpp:371:14:371:19 | source | |
329+ | taint.cpp:369:6:369:11 | call to strdup | taint.cpp:369:2:369:19 | ... = ... | |
330+ | taint.cpp:369:6:369:11 | call to strdup | taint.cpp:372:7:372:7 | a | |
331+ | taint.cpp:370:6:370:11 | call to strdup | taint.cpp:370:2:370:27 | ... = ... | |
332+ | taint.cpp:370:6:370:11 | call to strdup | taint.cpp:373:7:373:7 | b | |
333+ | taint.cpp:371:6:371:12 | call to strndup | taint.cpp:371:2:371:25 | ... = ... | |
334+ | taint.cpp:371:6:371:12 | call to strndup | taint.cpp:374:7:374:7 | c | |
335+ | taint.cpp:377:23:377:28 | source | taint.cpp:381:30:381:35 | source | |
336+ | taint.cpp:381:6:381:12 | call to strndup | taint.cpp:381:2:381:36 | ... = ... | |
337+ | taint.cpp:381:6:381:12 | call to strndup | taint.cpp:382:7:382:7 | a | |
338+ | taint.cpp:385:27:385:32 | source | taint.cpp:389:13:389:18 | source | |
339+ | taint.cpp:389:6:389:11 | call to wcsdup | taint.cpp:389:2:389:19 | ... = ... | |
340+ | taint.cpp:389:6:389:11 | call to wcsdup | taint.cpp:391:7:391:7 | a | |
341+ | taint.cpp:390:6:390:11 | call to wcsdup | taint.cpp:390:2:390:28 | ... = ... | |
342+ | taint.cpp:390:6:390:11 | call to wcsdup | taint.cpp:392:7:392:7 | b | |
Original file line number Diff line number Diff line change @@ -354,3 +354,40 @@ void test_outparams()
354354 sink (d); // tainted [NOT DETECTED]
355355 sink (e);
356356}
357+
358+ // --- strdup ---
359+
360+ typedef unsigned long size_t ;
361+ char *strdup (const char *s1);
362+ char *strndup (const char *s1, size_t n);
363+ wchar_t * wcsdup (const wchar_t * s1);
364+
365+ void test_strdup (char *source)
366+ {
367+ char *a, *b, *c;
368+
369+ a = strdup (source);
370+ b = strdup (" hello, world"
371+ c = strndup (source, 100 );
372+ sink (a); // tainted [NOT DETECTED]
373+ sink (b);
374+ sink (c); // tainted [NOT DETECTED]
375+ }
376+
377+ void test_strndup (int source)
378+ {
379+ char *a;
380+
381+ a = strndup (" hello, world"
382+ sink (a);
383+ }
384+
385+ void test_wcsdup (wchar_t *source)
386+ {
387+ wchar_t *a, *b;
388+
389+ a = wcsdup (source);
390+ b = wcsdup (L" hello, world"
391+ sink (a); // tainted [NOT DETECTED]
392+ sink (b);
393+ }
You can’t perform that action at this time.
0 commit comments