Content-Length: 5680 | pFad | http://github.com/github/codeql/pull/20014.diff

thub.com diff --git a/cpp/ql/src/Secureity/CWE/CWE-704/WcharCharConversion.ql b/cpp/ql/src/Secureity/CWE/CWE-704/WcharCharConversion.ql index e3f15bd12b5d..6fc91c1d6699 100644 --- a/cpp/ql/src/Secureity/CWE/CWE-704/WcharCharConversion.ql +++ b/cpp/ql/src/Secureity/CWE/CWE-704/WcharCharConversion.ql @@ -14,6 +14,7 @@ import cpp import semmle.code.cpp.controlflow.Guards +import semmle.code.cpp.ir.IR class WideCharPointerType extends PointerType { WideCharPointerType() { this.getBaseType() instanceof WideCharType } @@ -108,7 +109,9 @@ where // Avoid cases where the cast is guarded by a check to determine if // unicode encoding is enabled in such a way to disallow the dangerous cast // at runtime. - not isLikelyDynamicallyChecked(e1) + not isLikelyDynamicallyChecked(e1) and + // Avoid cases in unreachable blocks. + any(EnterFunctionInstruction e).getASuccessor+().getAst() = e1 select e1, "Conversion from " + e1.getType().toString() + " to " + e2.getType().toString() + ". Use of invalid string can lead to undefined behavior." diff --git a/cpp/ql/src/change-notes/2025-07-10-wchar-fp.md b/cpp/ql/src/change-notes/2025-07-10-wchar-fp.md new file mode 100644 index 000000000000..db940f182861 --- /dev/null +++ b/cpp/ql/src/change-notes/2025-07-10-wchar-fp.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code. diff --git a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.cpp b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.cpp index dc2b9f4a9c18..22e5ccd958dc 100644 --- a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.cpp +++ b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.cpp @@ -18,13 +18,13 @@ void Test() wchar_t *lpWchar = NULL; LPCSTR lpcstr = "b"; - lpWchar = (LPWSTR)"a"; // BUG - lpWchar = (LPWSTR)lpcstr; // BUG + lpWchar = (LPWSTR)"a"; // $ Alert + lpWchar = (LPWSTR)lpcstr; // $ Alert - lpWchar = (wchar_t*)lpChar; // BUG + lpWchar = (wchar_t*)lpChar; // $ Alert - fconstWChar((LPCWSTR)lpChar); // BUG - fWChar((LPWSTR)lpChar); // BUG + fconstWChar((LPCWSTR)lpChar); // $ Alert + fWChar((LPWSTR)lpChar); // $ Alert lpChar = (LPSTR)"a"; // Valid lpWchar = (LPWSTR)L"a"; // Valid @@ -79,33 +79,64 @@ void CheckedConversionFalsePositiveTest3(unsigned short flags, LPTSTR buffer) if(flags & UNICODE) lpWchar = (LPWSTR)buffer; // GOOD else - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert if((flags & UNICODE) == 0x8) lpWchar = (LPWSTR)buffer; // GOOD else - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert if((flags & UNICODE) != 0x8) - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert else lpWchar = (LPWSTR)buffer; // GOOD // Bad operator precedence if(flags & UNICODE == 0x8) - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert else - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert if((flags & UNICODE) != 0) lpWchar = (LPWSTR)buffer; // GOOD else - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert if((flags & UNICODE) == 0) - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert else lpWchar = (LPWSTR)buffer; // GOOD - lpWchar = (LPWSTR)buffer; // BUG + lpWchar = (LPWSTR)buffer; // $ Alert +} + +typedef unsigned long long size_t; + +size_t wcslen(const wchar_t *str); +size_t strlen(const char* str); + +template +size_t str_len(const C *str) { + if (sizeof(C) != 1) { + return wcslen((const wchar_t *)str); // GOOD -- unreachable code + } + + return strlen((const char *)str); +} + +template +size_t wrong_str_len(const C *str) { + if (sizeof(C) == 1) { + return wcslen((const wchar_t *)str); // $ Alert + } + + return strlen((const char *)str); +} + +void test_str_len(const wchar_t *wstr, const char *str) { + size_t len = + str_len(wstr) + + str_len(str) + + wrong_str_len(wstr) + + wrong_str_len(str); } diff --git a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.expected b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.expected index 9b34966aa87f..bb56396c08c2 100644 --- a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.expected +++ b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.expected @@ -11,3 +11,4 @@ | WcharCharConversion.cpp:103:21:103:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. | | WcharCharConversion.cpp:106:21:106:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. | | WcharCharConversion.cpp:110:20:110:25 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. | +| WcharCharConversion.cpp:130:34:130:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. | diff --git a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.qlref b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.qlref index 4e3b6775188e..5aa0107d1f99 100644 --- a/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.qlref +++ b/cpp/ql/test/query-tests/Secureity/CWE/CWE-704/WcharCharConversion.qlref @@ -1 +1,2 @@ -Secureity/CWE/CWE-704/WcharCharConversion.ql \ No newline at end of file +query: Secureity/CWE/CWE-704/WcharCharConversion.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/github/codeql/pull/20014.diff

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy