CPP: Test a common false positive.

geoffw0 · geoffw0 · commit 34d307ecef32 · 2019-07-04T17:27:40.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
@@ -1,4 +1,5 @@
 | test.c:15:20:15:25 | call to malloc | This allocation does not include space to null-terminate the string. |
 | test.c:29:20:29:25 | call to malloc | This allocation does not include space to null-terminate the string. |
 | test.c:44:20:44:25 | call to malloc | This allocation does not include space to null-terminate the string. |
+| test.c:72:17:72:22 | call to malloc | This allocation does not include space to null-terminate the string. |
 | test.cpp:18:35:18:40 | call to malloc | This allocation does not include space to null-terminate the string. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.c
@@ -63,3 +63,15 @@ void good3(char *str) {
     char *buffer = malloc((strlen(str) + 1) * sizeof(char));
     free(buffer);
 }
+
+void *memcpy(void *s1, const void *s2, size_t n);
+
+void good4(char *str) {
+	// GOOD -- allocating a non zero-terminated string [FALSE POSITIVE]
+	int len = strlen(str);
+	char *buffer = malloc(len);
+
+	memcpy(buffer, str, len);
+
+	free(buffer);
+}
