CPP: Extend the test.

geoffw0 · geoffw0 · commit 373075e06d3e · 2019-04-05T11:09:13.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/IncorrectPointerScalingChar.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/IncorrectPointerScalingChar.expected
@@ -1,3 +1,4 @@
 | test.cpp:13:19:13:29 | charPointer | This pointer might have type $@ (size 4), but the pointer arithmetic here is done with type char * (size 1). | test.cpp:10:31:10:38 | test.cpp:10:31:10:38 | int |
 | test.cpp:77:17:77:17 | x | This pointer might have type $@ (size 4), but the pointer arithmetic here is done with type char * (size 1). | test.cpp:72:19:72:19 | test.cpp:72:19:72:19 | int |
 | test.cpp:119:26:119:26 | p | This pointer might have type $@ (size 8), but the pointer arithmetic here is done with type char * (size 1). | test.cpp:114:22:114:22 | test.cpp:114:22:114:22 | mystruct |
+| test.cpp:147:19:147:29 | charPointer | This pointer might have type $@ (size 8), but the pointer arithmetic here is done with type char * (size 1). | test.cpp:145:31:145:38 | test.cpp:145:31:145:38 | int[2] |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/IncorrectPointerScaling/test.cpp
@@ -139,3 +139,10 @@ void* test17(int* x) {
   // BAD: void pointer arithmetic is not portable across compilers
   return (void*)x + sizeof(int);
 }
+
+int test18(int i) {
+  int intArray[2][2] = { {1, 2}, {3, 4} };
+  char *charPointer = (char *)intArray;
+  // BAD: the pointer arithmetic uses type char*, so the offset is not scaled by sizeof(int).
+  return *(int *)(charPointer + i);
+}
