You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
217 lines
3.9 KiB
217 lines
3.9 KiB
3 years ago
|
/*
|
||
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
||
|
*
|
||
|
* This source code is licensed under the MIT license found in the
|
||
|
* LICENSE file in the root directory of this source tree.
|
||
|
*/
|
||
|
#include <string>
|
||
|
|
||
|
char last_char1_Bad(char* s, int i) {
|
||
|
char buf[1024];
|
||
|
int n = snprintf(buf, sizeof(buf), "%s%d", s, i);
|
||
|
return buf[n - 1];
|
||
|
}
|
||
|
|
||
|
char last_char1_Good(char* s, int i) {
|
||
|
char buf[1024];
|
||
|
int n = snprintf(buf, sizeof(buf), "%s%d", s, i);
|
||
|
if (n > 0 && n <= sizeof(buf)) {
|
||
|
return buf[n - 1];
|
||
|
} else {
|
||
|
return '\0';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
char last_char2_Bad(const char* fmt, ...) {
|
||
|
char buf[1024];
|
||
|
va_list args;
|
||
|
va_start(args, fmt);
|
||
|
int n = vsnprintf(buf, sizeof(buf), fmt, args);
|
||
|
va_end(args);
|
||
|
return buf[n - 1];
|
||
|
}
|
||
|
|
||
|
std::string to_string1_Bad(char* s, int i) {
|
||
|
char buf[1024];
|
||
|
int n = snprintf(buf, sizeof(buf), "%s%d", s, i);
|
||
|
return std::string(buf, n);
|
||
|
}
|
||
|
|
||
|
std::string to_string1_Good(char* s, int i) {
|
||
|
char buf[1024];
|
||
|
int n = snprintf(buf, sizeof(buf), "%s%d", s, i);
|
||
|
if (n < 0) {
|
||
|
return NULL;
|
||
|
} else if (n > sizeof(buf)) {
|
||
|
n = sizeof(buf);
|
||
|
}
|
||
|
return std::string(buf, n);
|
||
|
}
|
||
|
|
||
|
std::string to_string2_Bad(const char* fmt, ...) {
|
||
|
char buf[1024];
|
||
|
va_list args;
|
||
|
va_start(args, fmt);
|
||
|
int n = vsnprintf(buf, sizeof(buf), fmt, args);
|
||
|
va_end(args);
|
||
|
return std::string(buf, n);
|
||
|
}
|
||
|
|
||
|
std::string to_string2_Good(const char* fmt, ...) {
|
||
|
char buf[1024];
|
||
|
va_list args;
|
||
|
va_start(args, fmt);
|
||
|
int n = vsnprintf(buf, sizeof(buf), fmt, args);
|
||
|
va_end(args);
|
||
|
if (n < 0) {
|
||
|
return NULL;
|
||
|
} else if (n > sizeof(buf)) {
|
||
|
n = sizeof(buf);
|
||
|
}
|
||
|
return std::string(buf, n);
|
||
|
}
|
||
|
|
||
|
/* Inferbo's model ignores the encoding errors for less noise of
|
||
|
analysis results. While [vsnprintf] returns a nagative number when
|
||
|
an encoding error, it is less likely to lead to a security
|
||
|
problem. */
|
||
|
std::string to_string3_Bad_FN(const char* fmt, ...) {
|
||
|
char buf[1024];
|
||
|
va_list args;
|
||
|
va_start(args, fmt);
|
||
|
int n = vsnprintf(buf, sizeof(buf), fmt, args);
|
||
|
va_end(args);
|
||
|
if (n > sizeof(buf)) {
|
||
|
n = sizeof(buf);
|
||
|
}
|
||
|
return std::string(buf, n);
|
||
|
}
|
||
|
|
||
|
void empty_Good(std::string s) {
|
||
|
if (s.empty()) {
|
||
|
if (!s.empty()) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void empty_Bad(std::string s) {
|
||
|
if (s.empty()) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void length_Good() {
|
||
|
std::string s("hello");
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length_Bad() {
|
||
|
std::string s("hellohello");
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length2_Good() {
|
||
|
const char* c = "hello";
|
||
|
std::string s(c);
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length2_Bad() {
|
||
|
const char* c = "hellohello";
|
||
|
std::string s(c);
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length3_Good() {
|
||
|
char* c = "hello";
|
||
|
std::string s(c);
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length3_Bad() {
|
||
|
char* c = "hellohello";
|
||
|
std::string s(c);
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void length4(char* c) {
|
||
|
std::string s(c);
|
||
|
int a[10];
|
||
|
a[s.length()] = 0;
|
||
|
}
|
||
|
|
||
|
void call_length4_1_Good() {
|
||
|
char* c = "hello";
|
||
|
length4(c);
|
||
|
}
|
||
|
|
||
|
void call_length4_1_Bad() {
|
||
|
char* c = "hellohello";
|
||
|
length4(c);
|
||
|
}
|
||
|
|
||
|
void call_length4_2_Good() { length4("hello"); }
|
||
|
|
||
|
void call_length4_2_Bad() { length4("hellohello"); }
|
||
|
|
||
|
void size_Good() {
|
||
|
std::string s("hello");
|
||
|
int a[10];
|
||
|
a[s.size()] = 0;
|
||
|
}
|
||
|
|
||
|
void size_Bad() {
|
||
|
std::string s("hellohello");
|
||
|
int a[10];
|
||
|
a[s.size()] = 0;
|
||
|
}
|
||
|
|
||
|
void compare_Good_FP(std::string s) {
|
||
|
if (s.compare(0, s.size(), s) != 0) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void compare_Bad(std::string s) {
|
||
|
if (s.compare(0, s.size(), s) == 0) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void equal_Good_FP(std::string s) {
|
||
|
if (s != s) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
void equal_Bad() {
|
||
|
std::string s1("hello");
|
||
|
std::string s2("hello");
|
||
|
if (s1 == s2) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
constexpr char const_s[] = "const_s";
|
||
|
|
||
|
void equal2_Good_FP() {
|
||
|
std::string s(const_s);
|
||
|
if (s != const_s) {
|
||
|
int a[10];
|
||
|
a[10] = 0;
|
||
|
}
|
||
|
}
|