Skip to content

Commit 51758aa

Browse files
MathiasVPMathiasVP
committed
C++: Add tests to 'cpp/overrun-write'.
1 parent f761e57 commit 51758aa

File tree

2 files changed

+293
-6
lines changed

2 files changed

+293
-6
lines changed

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-119/OverrunWriteProductFlow.expected

Lines changed: 182 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
edges
22
| test.cpp:16:11:16:21 | VariableAddress indirection [string] | test.cpp:24:21:24:31 | Call indirection [string] |
33
| test.cpp:16:11:16:21 | VariableAddress indirection [string] | test.cpp:34:21:34:31 | Call indirection [string] |
4+
| test.cpp:16:11:16:21 | VariableAddress indirection [string] | test.cpp:39:21:39:31 | Call indirection [string] |
45
| test.cpp:18:5:18:30 | Store | test.cpp:18:10:18:15 | Load indirection [post update] [string] |
56
| test.cpp:18:10:18:15 | Load indirection [post update] [string] | test.cpp:16:11:16:21 | VariableAddress indirection [string] |
67
| test.cpp:18:19:18:24 | call to malloc | test.cpp:18:5:18:30 | Store |
@@ -12,6 +13,94 @@ edges
1213
| test.cpp:30:18:30:23 | FieldAddress indirection | test.cpp:30:18:30:23 | Load |
1314
| test.cpp:34:21:34:31 | Call indirection [string] | test.cpp:35:21:35:23 | str indirection [string] |
1415
| test.cpp:35:21:35:23 | str indirection [string] | test.cpp:29:32:29:34 | str indirection [string] |
16+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:41:13:41:15 | Load indirection [string] |
17+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:42:13:42:15 | Load indirection [string] |
18+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:44:13:44:15 | Load indirection [string] |
19+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:45:13:45:15 | Load indirection [string] |
20+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:48:17:48:19 | Load indirection [string] |
21+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:52:17:52:19 | Load indirection [string] |
22+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:56:17:56:19 | Load indirection [string] |
23+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:60:17:60:19 | Load indirection [string] |
24+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:64:17:64:19 | Load indirection [string] |
25+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:68:17:68:19 | Load indirection [string] |
26+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:72:17:72:19 | Load indirection [string] |
27+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:76:17:76:19 | Load indirection [string] |
28+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:80:17:80:19 | Load indirection [string] |
29+
| test.cpp:39:21:39:31 | Call indirection [string] | test.cpp:84:17:84:19 | Load indirection [string] |
30+
| test.cpp:41:13:41:15 | Load indirection [string] | test.cpp:41:18:41:23 | FieldAddress indirection |
31+
| test.cpp:41:18:41:23 | FieldAddress indirection | test.cpp:41:18:41:23 | Load |
32+
| test.cpp:42:13:42:15 | Load indirection [string] | test.cpp:42:18:42:23 | FieldAddress indirection |
33+
| test.cpp:42:18:42:23 | FieldAddress indirection | test.cpp:42:18:42:23 | Load |
34+
| test.cpp:44:13:44:15 | Load indirection [string] | test.cpp:44:18:44:23 | FieldAddress indirection |
35+
| test.cpp:44:18:44:23 | FieldAddress indirection | test.cpp:44:18:44:23 | Load |
36+
| test.cpp:45:13:45:15 | Load indirection [string] | test.cpp:45:18:45:23 | FieldAddress indirection |
37+
| test.cpp:45:18:45:23 | FieldAddress indirection | test.cpp:45:18:45:23 | Load |
38+
| test.cpp:48:17:48:19 | Load indirection [string] | test.cpp:48:22:48:27 | FieldAddress indirection |
39+
| test.cpp:48:22:48:27 | FieldAddress indirection | test.cpp:48:22:48:27 | Load |
40+
| test.cpp:52:17:52:19 | Load indirection [string] | test.cpp:52:22:52:27 | FieldAddress indirection |
41+
| test.cpp:52:22:52:27 | FieldAddress indirection | test.cpp:52:22:52:27 | Load |
42+
| test.cpp:56:17:56:19 | Load indirection [string] | test.cpp:56:22:56:27 | FieldAddress indirection |
43+
| test.cpp:56:22:56:27 | FieldAddress indirection | test.cpp:56:22:56:27 | Load |
44+
| test.cpp:60:17:60:19 | Load indirection [string] | test.cpp:60:22:60:27 | FieldAddress indirection |
45+
| test.cpp:60:22:60:27 | FieldAddress indirection | test.cpp:60:22:60:27 | Load |
46+
| test.cpp:64:17:64:19 | Load indirection [string] | test.cpp:64:22:64:27 | FieldAddress indirection |
47+
| test.cpp:64:22:64:27 | FieldAddress indirection | test.cpp:64:22:64:27 | Load |
48+
| test.cpp:68:17:68:19 | Load indirection [string] | test.cpp:68:22:68:27 | FieldAddress indirection |
49+
| test.cpp:68:22:68:27 | FieldAddress indirection | test.cpp:68:22:68:27 | Load |
50+
| test.cpp:72:17:72:19 | Load indirection [string] | test.cpp:72:22:72:27 | FieldAddress indirection |
51+
| test.cpp:72:22:72:27 | FieldAddress indirection | test.cpp:72:22:72:27 | Load |
52+
| test.cpp:76:17:76:19 | Load indirection [string] | test.cpp:76:22:76:27 | FieldAddress indirection |
53+
| test.cpp:76:22:76:27 | FieldAddress indirection | test.cpp:76:22:76:27 | Load |
54+
| test.cpp:80:17:80:19 | Load indirection [string] | test.cpp:80:22:80:27 | FieldAddress indirection |
55+
| test.cpp:80:22:80:27 | FieldAddress indirection | test.cpp:80:22:80:27 | Load |
56+
| test.cpp:84:17:84:19 | Load indirection [string] | test.cpp:84:22:84:27 | FieldAddress indirection |
57+
| test.cpp:84:22:84:27 | FieldAddress indirection | test.cpp:84:22:84:27 | Load |
58+
| test.cpp:88:11:88:30 | VariableAddress indirection [string] | test.cpp:96:21:96:40 | Call indirection [string] |
59+
| test.cpp:90:5:90:34 | Store | test.cpp:90:10:90:15 | Load indirection [post update] [string] |
60+
| test.cpp:90:10:90:15 | Load indirection [post update] [string] | test.cpp:88:11:88:30 | VariableAddress indirection [string] |
61+
| test.cpp:90:19:90:24 | call to malloc | test.cpp:90:5:90:34 | Store |
62+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:98:13:98:15 | Load indirection [string] |
63+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:99:13:99:15 | Load indirection [string] |
64+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:101:13:101:15 | Load indirection [string] |
65+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:102:13:102:15 | Load indirection [string] |
66+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:105:17:105:19 | Load indirection [string] |
67+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:109:17:109:19 | Load indirection [string] |
68+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:113:17:113:19 | Load indirection [string] |
69+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:117:17:117:19 | Load indirection [string] |
70+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:121:17:121:19 | Load indirection [string] |
71+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:125:17:125:19 | Load indirection [string] |
72+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:129:17:129:19 | Load indirection [string] |
73+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:133:17:133:19 | Load indirection [string] |
74+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:137:17:137:19 | Load indirection [string] |
75+
| test.cpp:96:21:96:40 | Call indirection [string] | test.cpp:141:17:141:19 | Load indirection [string] |
76+
| test.cpp:98:13:98:15 | Load indirection [string] | test.cpp:98:18:98:23 | FieldAddress indirection |
77+
| test.cpp:98:18:98:23 | FieldAddress indirection | test.cpp:98:18:98:23 | Load |
78+
| test.cpp:99:13:99:15 | Load indirection [string] | test.cpp:99:18:99:23 | FieldAddress indirection |
79+
| test.cpp:99:18:99:23 | FieldAddress indirection | test.cpp:99:18:99:23 | Load |
80+
| test.cpp:101:13:101:15 | Load indirection [string] | test.cpp:101:18:101:23 | FieldAddress indirection |
81+
| test.cpp:101:18:101:23 | FieldAddress indirection | test.cpp:101:18:101:23 | Load |
82+
| test.cpp:102:13:102:15 | Load indirection [string] | test.cpp:102:18:102:23 | FieldAddress indirection |
83+
| test.cpp:102:18:102:23 | FieldAddress indirection | test.cpp:102:18:102:23 | Load |
84+
| test.cpp:105:17:105:19 | Load indirection [string] | test.cpp:105:22:105:27 | FieldAddress indirection |
85+
| test.cpp:105:22:105:27 | FieldAddress indirection | test.cpp:105:22:105:27 | Load |
86+
| test.cpp:109:17:109:19 | Load indirection [string] | test.cpp:109:22:109:27 | FieldAddress indirection |
87+
| test.cpp:109:22:109:27 | FieldAddress indirection | test.cpp:109:22:109:27 | Load |
88+
| test.cpp:113:17:113:19 | Load indirection [string] | test.cpp:113:22:113:27 | FieldAddress indirection |
89+
| test.cpp:113:22:113:27 | FieldAddress indirection | test.cpp:113:22:113:27 | Load |
90+
| test.cpp:117:17:117:19 | Load indirection [string] | test.cpp:117:22:117:27 | FieldAddress indirection |
91+
| test.cpp:117:22:117:27 | FieldAddress indirection | test.cpp:117:22:117:27 | Load |
92+
| test.cpp:121:17:121:19 | Load indirection [string] | test.cpp:121:22:121:27 | FieldAddress indirection |
93+
| test.cpp:121:22:121:27 | FieldAddress indirection | test.cpp:121:22:121:27 | Load |
94+
| test.cpp:125:17:125:19 | Load indirection [string] | test.cpp:125:22:125:27 | FieldAddress indirection |
95+
| test.cpp:125:22:125:27 | FieldAddress indirection | test.cpp:125:22:125:27 | Load |
96+
| test.cpp:129:17:129:19 | Load indirection [string] | test.cpp:129:22:129:27 | FieldAddress indirection |
97+
| test.cpp:129:22:129:27 | FieldAddress indirection | test.cpp:129:22:129:27 | Load |
98+
| test.cpp:133:17:133:19 | Load indirection [string] | test.cpp:133:22:133:27 | FieldAddress indirection |
99+
| test.cpp:133:22:133:27 | FieldAddress indirection | test.cpp:133:22:133:27 | Load |
100+
| test.cpp:137:17:137:19 | Load indirection [string] | test.cpp:137:22:137:27 | FieldAddress indirection |
101+
| test.cpp:137:22:137:27 | FieldAddress indirection | test.cpp:137:22:137:27 | Load |
102+
| test.cpp:141:17:141:19 | Load indirection [string] | test.cpp:141:22:141:27 | FieldAddress indirection |
103+
| test.cpp:141:22:141:27 | FieldAddress indirection | test.cpp:141:22:141:27 | Load |
15104
nodes
16105
| test.cpp:16:11:16:21 | VariableAddress indirection [string] | semmle.label | VariableAddress indirection [string] |
17106
| test.cpp:18:5:18:30 | Store | semmle.label | Store |
@@ -27,7 +116,98 @@ nodes
27116
| test.cpp:30:18:30:23 | Load | semmle.label | Load |
28117
| test.cpp:34:21:34:31 | Call indirection [string] | semmle.label | Call indirection [string] |
29118
| test.cpp:35:21:35:23 | str indirection [string] | semmle.label | str indirection [string] |
119+
| test.cpp:39:21:39:31 | Call indirection [string] | semmle.label | Call indirection [string] |
120+
| test.cpp:41:13:41:15 | Load indirection [string] | semmle.label | Load indirection [string] |
121+
| test.cpp:41:18:41:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
122+
| test.cpp:41:18:41:23 | Load | semmle.label | Load |
123+
| test.cpp:42:13:42:15 | Load indirection [string] | semmle.label | Load indirection [string] |
124+
| test.cpp:42:18:42:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
125+
| test.cpp:42:18:42:23 | Load | semmle.label | Load |
126+
| test.cpp:44:13:44:15 | Load indirection [string] | semmle.label | Load indirection [string] |
127+
| test.cpp:44:18:44:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
128+
| test.cpp:44:18:44:23 | Load | semmle.label | Load |
129+
| test.cpp:45:13:45:15 | Load indirection [string] | semmle.label | Load indirection [string] |
130+
| test.cpp:45:18:45:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
131+
| test.cpp:45:18:45:23 | Load | semmle.label | Load |
132+
| test.cpp:48:17:48:19 | Load indirection [string] | semmle.label | Load indirection [string] |
133+
| test.cpp:48:22:48:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
134+
| test.cpp:48:22:48:27 | Load | semmle.label | Load |
135+
| test.cpp:52:17:52:19 | Load indirection [string] | semmle.label | Load indirection [string] |
136+
| test.cpp:52:22:52:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
137+
| test.cpp:52:22:52:27 | Load | semmle.label | Load |
138+
| test.cpp:56:17:56:19 | Load indirection [string] | semmle.label | Load indirection [string] |
139+
| test.cpp:56:22:56:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
140+
| test.cpp:56:22:56:27 | Load | semmle.label | Load |
141+
| test.cpp:60:17:60:19 | Load indirection [string] | semmle.label | Load indirection [string] |
142+
| test.cpp:60:22:60:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
143+
| test.cpp:60:22:60:27 | Load | semmle.label | Load |
144+
| test.cpp:64:17:64:19 | Load indirection [string] | semmle.label | Load indirection [string] |
145+
| test.cpp:64:22:64:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
146+
| test.cpp:64:22:64:27 | Load | semmle.label | Load |
147+
| test.cpp:68:17:68:19 | Load indirection [string] | semmle.label | Load indirection [string] |
148+
| test.cpp:68:22:68:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
149+
| test.cpp:68:22:68:27 | Load | semmle.label | Load |
150+
| test.cpp:72:17:72:19 | Load indirection [string] | semmle.label | Load indirection [string] |
151+
| test.cpp:72:22:72:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
152+
| test.cpp:72:22:72:27 | Load | semmle.label | Load |
153+
| test.cpp:76:17:76:19 | Load indirection [string] | semmle.label | Load indirection [string] |
154+
| test.cpp:76:22:76:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
155+
| test.cpp:76:22:76:27 | Load | semmle.label | Load |
156+
| test.cpp:80:17:80:19 | Load indirection [string] | semmle.label | Load indirection [string] |
157+
| test.cpp:80:22:80:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
158+
| test.cpp:80:22:80:27 | Load | semmle.label | Load |
159+
| test.cpp:84:17:84:19 | Load indirection [string] | semmle.label | Load indirection [string] |
160+
| test.cpp:84:22:84:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
161+
| test.cpp:84:22:84:27 | Load | semmle.label | Load |
162+
| test.cpp:88:11:88:30 | VariableAddress indirection [string] | semmle.label | VariableAddress indirection [string] |
163+
| test.cpp:90:5:90:34 | Store | semmle.label | Store |
164+
| test.cpp:90:10:90:15 | Load indirection [post update] [string] | semmle.label | Load indirection [post update] [string] |
165+
| test.cpp:90:19:90:24 | call to malloc | semmle.label | call to malloc |
166+
| test.cpp:96:21:96:40 | Call indirection [string] | semmle.label | Call indirection [string] |
167+
| test.cpp:98:13:98:15 | Load indirection [string] | semmle.label | Load indirection [string] |
168+
| test.cpp:98:18:98:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
169+
| test.cpp:98:18:98:23 | Load | semmle.label | Load |
170+
| test.cpp:99:13:99:15 | Load indirection [string] | semmle.label | Load indirection [string] |
171+
| test.cpp:99:18:99:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
172+
| test.cpp:99:18:99:23 | Load | semmle.label | Load |
173+
| test.cpp:101:13:101:15 | Load indirection [string] | semmle.label | Load indirection [string] |
174+
| test.cpp:101:18:101:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
175+
| test.cpp:101:18:101:23 | Load | semmle.label | Load |
176+
| test.cpp:102:13:102:15 | Load indirection [string] | semmle.label | Load indirection [string] |
177+
| test.cpp:102:18:102:23 | FieldAddress indirection | semmle.label | FieldAddress indirection |
178+
| test.cpp:102:18:102:23 | Load | semmle.label | Load |
179+
| test.cpp:105:17:105:19 | Load indirection [string] | semmle.label | Load indirection [string] |
180+
| test.cpp:105:22:105:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
181+
| test.cpp:105:22:105:27 | Load | semmle.label | Load |
182+
| test.cpp:109:17:109:19 | Load indirection [string] | semmle.label | Load indirection [string] |
183+
| test.cpp:109:22:109:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
184+
| test.cpp:109:22:109:27 | Load | semmle.label | Load |
185+
| test.cpp:113:17:113:19 | Load indirection [string] | semmle.label | Load indirection [string] |
186+
| test.cpp:113:22:113:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
187+
| test.cpp:113:22:113:27 | Load | semmle.label | Load |
188+
| test.cpp:117:17:117:19 | Load indirection [string] | semmle.label | Load indirection [string] |
189+
| test.cpp:117:22:117:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
190+
| test.cpp:117:22:117:27 | Load | semmle.label | Load |
191+
| test.cpp:121:17:121:19 | Load indirection [string] | semmle.label | Load indirection [string] |
192+
| test.cpp:121:22:121:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
193+
| test.cpp:121:22:121:27 | Load | semmle.label | Load |
194+
| test.cpp:125:17:125:19 | Load indirection [string] | semmle.label | Load indirection [string] |
195+
| test.cpp:125:22:125:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
196+
| test.cpp:125:22:125:27 | Load | semmle.label | Load |
197+
| test.cpp:129:17:129:19 | Load indirection [string] | semmle.label | Load indirection [string] |
198+
| test.cpp:129:22:129:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
199+
| test.cpp:129:22:129:27 | Load | semmle.label | Load |
200+
| test.cpp:133:17:133:19 | Load indirection [string] | semmle.label | Load indirection [string] |
201+
| test.cpp:133:22:133:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
202+
| test.cpp:133:22:133:27 | Load | semmle.label | Load |
203+
| test.cpp:137:17:137:19 | Load indirection [string] | semmle.label | Load indirection [string] |
204+
| test.cpp:137:22:137:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
205+
| test.cpp:137:22:137:27 | Load | semmle.label | Load |
206+
| test.cpp:141:17:141:19 | Load indirection [string] | semmle.label | Load indirection [string] |
207+
| test.cpp:141:22:141:27 | FieldAddress indirection | semmle.label | FieldAddress indirection |
208+
| test.cpp:141:22:141:27 | Load | semmle.label | Load |
30209
subpaths
31210
#select
32-
| test.cpp:26:18:26:23 | Load | test.cpp:18:19:18:24 | call to malloc | test.cpp:26:18:26:23 | Load | Overrunning write allocated at $@ bounded by $@. | test.cpp:18:19:18:24 | call to malloc | call to malloc | test.cpp:26:31:26:39 | Convert | Convert |
33-
| test.cpp:30:18:30:23 | Load | test.cpp:18:19:18:24 | call to malloc | test.cpp:30:18:30:23 | Load | Overrunning write allocated at $@ bounded by $@. | test.cpp:18:19:18:24 | call to malloc | call to malloc | test.cpp:30:31:30:39 | Convert | Convert |
211+
| test.cpp:26:18:26:23 | Load | test.cpp:18:19:18:24 | call to malloc | test.cpp:26:18:26:23 | Load | Overrunning write allocated at $@ bounded by $@. | test.cpp:18:19:18:24 | call to malloc | call to malloc | test.cpp:26:36:26:39 | Load | Load |
212+
| test.cpp:30:18:30:23 | Load | test.cpp:18:19:18:24 | call to malloc | test.cpp:30:18:30:23 | Load | Overrunning write allocated at $@ bounded by $@. | test.cpp:18:19:18:24 | call to malloc | call to malloc | test.cpp:30:36:30:39 | Load | Load |
213+
| test.cpp:41:18:41:23 | Load | test.cpp:18:19:18:24 | call to malloc | test.cpp:41:18:41:23 | Load | Overrunning write allocated at $@ bounded by $@. | test.cpp:18:19:18:24 | call to malloc | call to malloc | test.cpp:41:36:41:39 | Load | Load |

0 commit comments

Comments
 (0)