CPP: Fix %I length specifier.

Author: geoffw0

cpp/ql/src/semmle/code/cpp/commons/Printf.qll

@@ -578,7 +578,7 @@ class FormatLiteral extends Literal {
       or ((len="z" or len="Z")
                   and (result = this.getSize_t() or result = this.getSsize_t()))
       or (len="t" and result = this.getPtrdiff_t())
-      or (len="I" and result instanceof IntType)
+      or (len="I" and (result = this.getSize_t() or result = this.getPtrdiff_t()))
       or (len="I32" and exists(MicrosoftInt32Type t |
         t.getUnsigned() = result.(IntegralType).getUnsigned() 
       ))
@@ -604,7 +604,7 @@ class FormatLiteral extends Literal {
       or ((len="z" or len="Z")
                   and (result = this.getSize_t() or result = this.getSsize_t()))
       or (len="t" and result = this.getPtrdiff_t())
-      or (len="I" and result instanceof IntType)
+      or (len="I" and (result = this.getSize_t() or result = this.getPtrdiff_t()))
       or (len="I32" and exists(MicrosoftInt32Type t |
         t.getUnsigned() = result.(IntegralType).getUnsigned()
       ))

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Microsoft/WrongTypeFormatArguments.expected

@@ -21,8 +21,6 @@
 | printf1.h:130:18:130:18 | 0 | This argument should be of type 'void *' but is of type 'int' |
 | printf1.h:153:18:153:18 | c | This argument should be of type '__wchar_t *' but is of type 'char *' |
 | printf1.h:156:18:156:19 | wc | This argument should be of type 'char *' but is of type '__wchar_t *' |
-| printf1.h:174:19:174:21 | pdt | This argument should be of type 'int' but is of type 'long long' |
-| printf1.h:175:19:175:20 | sz | This argument should be of type 'unsigned int' but is of type 'unsigned long long' |
 | printf1.h:181:21:181:22 | ll | This argument should be of type 'int' but is of type 'long long' |
 | printf1.h:182:21:182:23 | ull | This argument should be of type 'unsigned int' but is of type 'unsigned long long' |
 | printf1.h:185:21:185:23 | i64 | This argument should be of type 'int' but is of type 'long long' |

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Microsoft/printf1.h

@@ -171,8 +171,8 @@ void fun4()
   __int64 i64;
   unsigned __int64 u64;
 
-  printf("%Ii\n", pdt); // GOOD [FALSE POSITIVE]
-  printf("%Iu\n", sz); // GOOD [FALSE POSITIVE]
+  printf("%Ii\n", pdt); // GOOD
+  printf("%Iu\n", sz); // GOOD
 
   printf("%I32i\n", i); // GOOD
   printf("%I32u\n", ui); // GOOD

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Microsoft_no_wchar/WrongTypeFormatArguments.expected

@@ -17,8 +17,6 @@
 | printf1.h:75:19:75:28 | sizeof(<expr>) | This argument should be of type 'ssize_t' but is of type 'unsigned long long' |
 | printf1.h:84:23:84:35 | ... - ... | This argument should be of type 'ssize_t' but is of type 'long long' |
 | printf1.h:130:18:130:18 | 0 | This argument should be of type 'void *' but is of type 'int' |
-| printf1.h:148:19:148:21 | pdt | This argument should be of type 'int' but is of type 'long long' |
-| printf1.h:149:19:149:20 | sz | This argument should be of type 'unsigned int' but is of type 'unsigned long long' |
 | printf1.h:155:21:155:22 | ll | This argument should be of type 'int' but is of type 'long long' |
 | printf1.h:156:21:156:23 | ull | This argument should be of type 'unsigned int' but is of type 'unsigned long long' |
 | printf1.h:159:21:159:23 | i64 | This argument should be of type 'int' but is of type 'long long' |

cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Microsoft_no_wchar/printf1.h

@@ -145,8 +145,8 @@ void fun4()
   __int64 i64;
   unsigned __int64 u64;
 
-  printf("%Ii\n", pdt); // GOOD [FALSE POSITIVE]
-  printf("%Iu\n", sz); // GOOD [FALSE POSITIVE]
+  printf("%Ii\n", pdt); // GOOD
+  printf("%Iu\n", sz); // GOOD
 
   printf("%I32i\n", i); // GOOD
   printf("%I32u\n", ui); // GOOD