C++: Add test cases involving casts.

geoffw0 · geoffw0 · commit 01d3257d72d4 · 2020-04-17T17:01:58.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected
@@ -11,3 +11,6 @@
 | test.c:103:14:103:33 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:103:19:103:32 | ... & ... | ... & ... |
 | test.c:105:14:105:25 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:105:19:105:24 | ... >> ... | ... >> ... |
 | test.c:107:14:107:26 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:107:19:107:25 | ... >> ... | ... >> ... |
+| test.c:128:15:128:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
+| test.c:139:15:139:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
+| test.c:146:15:146:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c
@@ -114,3 +114,34 @@ void test12() {
 	x = get_a_uint();
 	for (c = 0; c < ((x & 0xFF000000) >> 24); c++) {} // GOOD
 }
+
+int get_an_int();
+
+void test13() {
+	unsigned char uc;
+	int sx, sy;
+	unsigned ux, uy, sz;
+
+	ux = get_a_uint();
+	uy = get_a_uint();
+	sz = ux & uy;
+	for (uc = 0; uc < sz; uc++) {} // BAD
+
+	ux = get_a_uint();
+	uy = get_a_uint();
+	if (ux > 128) {ux = 128;}
+	sz = ux & uy;
+	for (uc = 0; uc < sz; uc++) {} // GOOD
+
+	sx = get_an_int();
+	sy = get_an_int();
+	sz = (unsigned)sx & (unsigned)sy;
+	for (uc = 0; uc < sz; uc++) {} // BAD
+
+	sx = get_an_int();
+	sy = get_an_int();
+	if (sx < 0) {sx = 0;}
+	if (sx > 128) {sx = 128;}
+	sz = (unsigned)sx & (unsigned)sy;
+	for (uc = 0; uc < sz; uc++) {} // GOOD [FALSE POSITIVE]
+}
