File tree Expand file tree Collapse file tree
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -522,6 +522,44 @@ void test19(bool b)
522522 }
523523}
524524
525+ typedef struct {} FILE;
526+ FILE *fileSource;
527+
528+ size_t fread (void *ptr, size_t size, size_t nmemb, FILE *stream);
529+
530+ void test20 ()
531+ {
532+ char charBuffer[100 ];
533+ int intBuffer[100 ];
534+ int num;
535+
536+ if (fread (charBuffer, sizeof (char ), 100 , fileSource) > 0 ) // GOOD
537+ {
538+ // ...
539+ }
540+
541+ if (fread (charBuffer, sizeof (char ), 101 , fileSource) > 0 ) // BAD [NOT DETECTED]
542+ {
543+ // ...
544+ }
545+
546+ if (fread (charBuffer, sizeof (int ), 100 , fileSource) > 0 ) // BAD [NOT DETECTED]
547+ {
548+ // ...
549+ }
550+
551+ if (fread (intBuffer, sizeof (int ), 100 , fileSource) > 0 ) // GOOD
552+ {
553+ // ...
554+ }
555+
556+ num = 101 ;
557+ if (fread (intBuffer, sizeof (int ), num, fileSource) > 0 ) // BAD [NOT DETECTED]
558+ {
559+ // ...
560+ }
561+ }
562+
525563int main (int argc, char *argv[])
526564{
527565 long long arr17[19 ];
@@ -543,6 +581,7 @@ int main(int argc, char *argv[])
543581 test17 (arr17);
544582 test18 ();
545583 test19 (argc == 0 );
584+ test20 ();
546585
547586 return 0 ;
548587}
You can’t perform that action at this time.
0 commit comments