C++: Use appropriate sizeof in CWE-119 memcpy tests

szsam · szsam · commit 25a46a82ba04 · 2025-11-27T05:15:51.000Z
Signed-off-by: Mingjie Shen &lt;shen497@purdue.edu&gt;
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
@@ -30,10 +30,10 @@ void test2()
 	char *smallbuffer = (char *)malloc(sizeof(char) * 10);
 	char *bigbuffer = (char *)malloc(sizeof(char) * 20);
 
-	memcpy(bigbuffer, smallbuffer, 10); // GOOD
-	memcpy(bigbuffer, smallbuffer, 20); // BAD: over-read
-	memcpy(smallbuffer, bigbuffer, 10); // GOOD
-	memcpy(smallbuffer, bigbuffer, 20); // BAD: over-write
+	memcpy(bigbuffer, smallbuffer, sizeof(char) * 10); // GOOD
+	memcpy(bigbuffer, smallbuffer, sizeof(char) * 20); // BAD: over-read
+	memcpy(smallbuffer, bigbuffer, sizeof(char) * 10); // GOOD
+	memcpy(smallbuffer, bigbuffer, sizeof(char) * 20); // BAD: over-write
 
 	free(bigbuffer);
 	free(smallbuffer);
@@ -46,10 +46,10 @@ void test3()
 	smallbuffer = new char[10];
 	bigbuffer = new char[20];
 
-	memcpy(bigbuffer, smallbuffer, 10); // GOOD
-	memcpy(bigbuffer, smallbuffer, 20); // BAD: over-read
-	memcpy(smallbuffer, bigbuffer, 10); // GOOD
-	memcpy(smallbuffer, bigbuffer, 20); // BAD: over-write
+	memcpy(bigbuffer, smallbuffer, sizeof(char[10])); // GOOD
+	memcpy(bigbuffer, smallbuffer, sizeof(char[20])); // BAD: over-read
+	memcpy(smallbuffer, bigbuffer, sizeof(char[10])); // GOOD
+	memcpy(smallbuffer, bigbuffer, sizeof(char[20])); // BAD: over-write
 
 	delete [] bigbuffer;
 	delete [] smallbuffer;
