C++: Correct UnsignedBitwiseAndExpr.

geoffw0 · geoffw0 · commit de751b0b75da · 2020-04-17T17:10:59.000+01:00
diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
@@ -125,11 +125,11 @@ private string getValue(Expr e) {
 private class UnsignedBitwiseAndExpr extends BitwiseAndExpr {
   UnsignedBitwiseAndExpr() {
     (
-      getLeftOperand().getType().getUnderlyingType().(IntegralType).isUnsigned() or
+      getLeftOperand().getFullyConverted().getType().getUnderlyingType().(IntegralType).isUnsigned() or
       getLeftOperand().getValue().toInt() >= 0
     ) and
     (
-      getRightOperand().getType().getUnderlyingType().(IntegralType).isUnsigned() or
+      getRightOperand().getFullyConverted().getType().getUnderlyingType().(IntegralType).isUnsigned() or
       getRightOperand().getValue().toInt() >= 0
     )
   }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/ComparisonWithWiderType.expected
@@ -13,4 +13,3 @@
 | test.c:107:14:107:26 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:83:16:83:16 | c | c | test.c:107:19:107:25 | ... >> ... | ... >> ... |
 | test.c:128:15:128:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
 | test.c:139:15:139:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
-| test.c:146:15:146:21 | ... < ... | Comparison between $@ of type unsigned char and $@ of wider type unsigned int. | test.c:121:16:121:17 | uc | uc | test.c:123:19:123:20 | sz | sz |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ComparisonWithWiderType/test.c
@@ -143,5 +143,5 @@ void test13() {
 	if (sx < 0) {sx = 0;}
 	if (sx > 128) {sx = 128;}
 	sz = (unsigned)sx & (unsigned)sy;
-	for (uc = 0; uc < sz; uc++) {} // GOOD [FALSE POSITIVE]
+	for (uc = 0; uc < sz; uc++) {} // GOOD
 }

Original file line number	Diff line number	Diff line change
`@@ -125,11 +125,11 @@ private string getValue(Expr e) {`
`125`	`125`	`private class UnsignedBitwiseAndExpr extends BitwiseAndExpr {`
`126`	`126`	`UnsignedBitwiseAndExpr() {`
`127`	`127`	`(`
`128`		`- getLeftOperand().getType().getUnderlyingType().(IntegralType).isUnsigned() or`
	`128`	`+ getLeftOperand().getFullyConverted().getType().getUnderlyingType().(IntegralType).isUnsigned() or`
`129`	`129`	`getLeftOperand().getValue().toInt() >= 0`
`130`	`130`	`) and`
`131`	`131`	`(`
`132`		`- getRightOperand().getType().getUnderlyingType().(IntegralType).isUnsigned() or`
	`132`	`+ getRightOperand().getFullyConverted().getType().getUnderlyingType().(IntegralType).isUnsigned() or`
`133`	`133`	`getRightOperand().getValue().toInt() >= 0`
`134`	`134`	`)`
`135`	`135`	`}`
Original file line number	Diff line number	Diff line change
`@@ -143,5 +143,5 @@ void test13() {`
`143`	`143`	`if (sx < 0) {sx = 0;}`
`144`	`144`	`if (sx > 128) {sx = 128;}`
`145`	`145`	`sz = (unsigned)sx & (unsigned)sy;`
`146`		`- for (uc = 0; uc < sz; uc++) {} // GOOD [FALSE POSITIVE]`
	`146`	`+ for (uc = 0; uc < sz; uc++) {} // GOOD`
`147`	`147`	`}`