Merge pull request #2 from geoffw0/assignadd2

kevinbackhouse · web-flow · commit b7ac03d07b74 · 2019-05-29T08:36:29.000+01:00
CPP: Minor corrections to: Better overflow detection for AssignAdd/AssignSub
diff --git a/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c b/cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c
@@ -422,5 +422,5 @@ void test17() {
   out(i); // 50
 
   i = 20 + (j -= 10);
-  out(i); // 60
+  out(i); // 60 [BUG: the analysis thinks it's 2^-31 .. 2^31-1]
 }
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected
@@ -2,3 +2,5 @@
 | test3.c:13:16:13:19 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test3.c:11:15:11:18 | argv | User-provided value |
 | test4.cpp:13:17:13:20 | access to array | $@ flows to here and is used in an expression which might overflow negatively. | test4.cpp:9:13:9:16 | argv | User-provided value |
 | test5.cpp:10:9:10:15 | call to strtoul | $@ flows to here and is used in an expression which might overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
+| test.c:44:7:44:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:41:17:41:20 | argv | User-provided value |
+| test.c:54:7:54:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:51:17:51:20 | argv | User-provided value |

Original file line number	Diff line number	Diff line change
`@@ -422,5 +422,5 @@ void test17() {`
`422`	`422`	`out(i); // 50`
`423`	`423`
`424`	`424`	`i = 20 + (j -= 10);`
`425`		`- out(i); // 60`
	`425`	`+ out(i); // 60 [BUG: the analysis thinks it's 2^-31 .. 2^31-1]`
`426`	`426`	`}`