Skip to content

Commit d999e0e

Browse files
d10cd10c
committed
Add more MissingCheckScanf test cases
1 parent ce8d05a commit d999e0e

File tree

2 files changed

+51
-6
lines changed

2 files changed

+51
-6
lines changed

cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
| test.cpp:23:3:23:7 | call to scanf | This is a call to scanf. |
22
| test.cpp:39:3:39:7 | call to scanf | This is a call to scanf. |
3-
| test.cpp:48:3:48:8 | call to fscanf | This is a call to scanf. |
4-
| test.cpp:55:3:55:8 | call to sscanf | This is a call to scanf. |
5-
| test.cpp:156:3:156:7 | call to scanf | This is a call to scanf. |
6-
| test.cpp:164:3:164:7 | call to scanf | This is a call to scanf. |
7-
| test.cpp:172:3:172:7 | call to scanf | This is a call to scanf. |
8-
| test.cpp:184:3:184:7 | call to scanf | This is a call to scanf. |
3+
| test.cpp:56:3:56:7 | call to scanf | This is a call to scanf. |
4+
| test.cpp:70:3:70:8 | call to fscanf | This is a call to scanf. |
5+
| test.cpp:77:3:77:8 | call to sscanf | This is a call to scanf. |
6+
| test.cpp:178:3:178:7 | call to scanf | This is a call to scanf. |
7+
| test.cpp:186:3:186:7 | call to scanf | This is a call to scanf. |
98
| test.cpp:194:3:194:7 | call to scanf | This is a call to scanf. |
9+
| test.cpp:206:3:206:7 | call to scanf | This is a call to scanf. |
10+
| test.cpp:216:3:216:7 | call to scanf | This is a call to scanf. |

cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,30 @@ int main()
3636
{
3737
int i = 0;
3838

39+
scanf("%d", &i); // BAD. Design choice: already initialized variables shouldn't make a difference.
40+
use(i);
41+
}
42+
43+
{
44+
int i;
45+
use(i);
46+
47+
if (scanf("%d", &i) == 1) // GOOD: only care about uses after scanf call
48+
{
49+
use(i);
50+
}
51+
}
52+
53+
{
54+
int i; // Reused variable
55+
3956
scanf("%d", &i); // BAD
4057
use(i);
58+
59+
if (scanf("%d", &i) == 1) // GOOD
60+
{
61+
use(i);
62+
}
4163
}
4264

4365
// --- different scanf functions ---
@@ -224,3 +246,25 @@ int main()
224246
}
225247
}
226248
}
249+
250+
// Non-local cases:
251+
252+
bool my_scan_int(int &i)
253+
{
254+
return scanf("%d", &i) == 1; // GOOD
255+
}
256+
257+
void my_scan_int_test()
258+
{
259+
int i;
260+
261+
use(i); // GOOD: used before scanf
262+
263+
my_scan_int(i); // BAD [NOT DETECTED]
264+
use(i);
265+
266+
if (my_scan_int(i)) // GOOD
267+
{
268+
use(i);
269+
}
270+
}

0 commit comments

Comments
 (0)