C++: Demonstrate ArrayExpr FP

jbj · jbj · commit e99c68885c6e · 2019-06-20T14:00:42.000+02:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -18,3 +18,4 @@
 | test.cpp:85:12:85:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | test.cpp:90:12:90:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | test.cpp:107:12:107:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
+| test.cpp:142:10:142:20 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/test.cpp
@@ -133,3 +133,11 @@ void another_func(void) {
   printf("Hello, World\n"); // GOOD
   printf(gettext("Hello, World\n")); // GOOD
 }
+
+void set_value_of(int *i);
+
+void print_ith_message() {
+  int i;
+  set_value_of(&i);
+  printf(messages[i], 1U); // GOOD [FALSE POSITIVE]
+}
