Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd63658

Browse files
committed
CPP: Add test cases involving fread.
1 parent 2aca40a commit fd63658

1 file changed

Lines changed: 39 additions & 0 deletions

File tree

  • cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -522,6 +522,44 @@ void test19(bool b)
522522
}
523523
}
524524

525+
typedef struct {} FILE;
526+
FILE *fileSource;
527+
528+
size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream);
529+
530+
void test20()
531+
{
532+
char charBuffer[100];
533+
int intBuffer[100];
534+
int num;
535+
536+
if (fread(charBuffer, sizeof(char), 100, fileSource) > 0) // GOOD
537+
{
538+
// ...
539+
}
540+
541+
if (fread(charBuffer, sizeof(char), 101, fileSource) > 0) // BAD [NOT DETECTED]
542+
{
543+
// ...
544+
}
545+
546+
if (fread(charBuffer, sizeof(int), 100, fileSource) > 0) // BAD [NOT DETECTED]
547+
{
548+
// ...
549+
}
550+
551+
if (fread(intBuffer, sizeof(int), 100, fileSource) > 0) // GOOD
552+
{
553+
// ...
554+
}
555+
556+
num = 101;
557+
if (fread(intBuffer, sizeof(int), num, fileSource) > 0) // BAD [NOT DETECTED]
558+
{
559+
// ...
560+
}
561+
}
562+
525563
int main(int argc, char *argv[])
526564
{
527565
long long arr17[19];
@@ -543,6 +581,7 @@ int main(int argc, char *argv[])
543581
test17(arr17);
544582
test18();
545583
test19(argc == 0);
584+
test20();
546585

547586
return 0;
548587
}

0 commit comments

Comments
 (0)