CPP: More test cases for ArithmeticWithExtremeValues.

geoffw0 · geoffw0 · commit a7fb2e12616f · 2019-06-26T15:38:23.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/extreme/ArithmeticWithExtremeValues.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/extreme/ArithmeticWithExtremeValues.expected
@@ -6,3 +6,5 @@
 | test.c:63:3:63:5 | sc8 | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:62:9:62:16 | - ... | Extreme value |
 | test.c:75:3:75:5 | sc1 | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:74:9:74:16 | 127 | Extreme value |
 | test.c:76:3:76:5 | sc1 | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:74:9:74:16 | 127 | Extreme value |
+| test.c:114:9:114:9 | x | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:108:17:108:23 | 2147483647 | Extreme value |
+| test.c:124:9:124:9 | x | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:118:17:118:23 | 2147483647 | Extreme value |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/extreme/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/extreme/test.c
@@ -83,3 +83,43 @@ void test_negatives() {
   sc5 = -1;
   sc5 += CHAR_MIN; // BAD [NOT DETECTED]
 }
+
+void test_guards1(int cond) {
+	int x = cond ? INT_MAX : 0;
+
+	// ...
+
+	if (x > 128) return;
+
+	return x + 1; // GOOD
+}
+
+void test_guards2(int cond) {
+	int x = cond ? INT_MAX : 0;
+
+	// ...
+
+	if (x < 128) return;
+
+	return x + 1; // BAD [NOT DETECTED]
+}
+
+void test_guards3(int cond) {
+	int x = cond ? INT_MAX : 0;
+
+	// ...
+
+	if (x != 0) return;
+
+	return x + 1; // GOOD [FALSE POSITIVE]
+}
+
+void test_guards4(int cond) {
+	int x = cond ? INT_MAX : 0;
+
+	// ...
+
+	if (x == 0) return;
+
+	return x + 1; // BAD
+}
