CPP: Add exception for pow.

geoffw0 · geoffw0 · commit f983391cbfe6 · 2019-01-09T15:06:23.000Z
diff --git a/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql b/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql
@@ -31,9 +31,21 @@ predicate whitelist(string fName) {
   fName = "truncl"
 }
 
+predicate whitelistPow(FunctionCall fc) {
+  (
+    fc.getTarget().getName() = "pow" or
+    fc.getTarget().getName() = "powf" or
+    fc.getTarget().getName() = "powl"
+  ) and exists(float value |
+    value = fc.getArgument(0).getValue().toFloat() and
+    (value.floor() - value).abs() < 0.001
+  )
+}
+
 from FunctionCall c, FloatingPointType t1, IntegralType t2
 where t1 = c.getTarget().getType().getUnderlyingType() and
       t2 = c.getActualType() and
       c.hasImplicitConversion() and
-      not whitelist(c.getTarget().getName())
+      not whitelist(c.getTarget().getName()) and
+      not whitelistPow(c)
 select c, "Return value of type " + t1.toString() + " is implicitly converted to " + t2.toString() + " here."
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/ImplicitDowncastFromBitfield.expected b/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/ImplicitDowncastFromBitfield.expected
@@ -4,8 +4,6 @@
 | test.cpp:40:13:40:21 | call to getDouble | Return value of type double is implicitly converted to int here. |
 | test.cpp:43:6:43:12 | call to getMyLD | Return value of type long double is implicitly converted to bool here. |
 | test.cpp:45:13:45:19 | call to getMyLD | Return value of type long double is implicitly converted to int here. |
-| test.cpp:97:10:97:12 | call to pow | Return value of type double is implicitly converted to int here. |
-| test.cpp:99:10:99:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:101:10:101:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:103:10:103:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:105:10:105:12 | call to pow | Return value of type double is implicitly converted to int here. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/test.cpp
@@ -94,9 +94,9 @@ int test2(double v, double w, int n)
 	switch (n)
 	{
 	case 1:
-		return pow(2, v); // GOOD [FALSE POSITIVE]
+		return pow(2, v); // GOOD
 	case 2:
-		return pow(10, v); // GOOD [FALSE POSITIVE]
+		return pow(10, v); // GOOD
 	case 3:
 		return pow(2.5, v); // BAD
 	case 4:
