C++: Add the examples to the test.

geoffw0 · geoffw0 · commit 5d898727c069 · 2024-07-04T17:11:11.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected
@@ -13,3 +13,4 @@
 | test.cpp:266:10:266:24 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:276:11:276:19 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:288:10:288:18 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:312:9:312:25 | ... > ... | Unsigned subtraction can never be negative. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp
@@ -43,7 +43,7 @@ void test(unsigned x, unsigned y, bool unknown) {
 	while(cond()) {
 		if(unknown) { y--; }
 	}
-	
+
 	if(x - y > 0) { } // GOOD
 
 	x = y;
@@ -298,3 +298,26 @@ int test18() {
 
 	return (a - b > 0); // GOOD (as b = 0)
 }
+
+typedef unsigned int uint32_t;
+typedef long long int64_t;
+uint32_t get_limit();
+uint32_t get_data();
+
+void test19() {
+	// from the doc:
+	uint32_t limit = get_limit();
+	uint32_t total = 0;
+
+	while (limit - total > 0) { // BAD: if `total` is greater than `limit` this will underflow and continue executing the loop.
+		total += get_data();
+	}
+
+	while (total < limit) { // GOOD: never underflows here because there is no arithmetic.
+		total += get_data();
+	}
+
+	while ((int64_t)limit - total > 0) { // GOOD: never underflows here because the result always fits in an `int64_t`.
+		total += get_data();
+	}
+}
