Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[*.{ql,qll,qlref,dbscheme,qhelp}]
end_of_line = lf
17 changes: 17 additions & 0 deletions .gitattributes
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# The following file types will be normalized to LF line endings in the Git
# database, and will keep those LF line endings in the working tree even on
# Windows. Any other files will have whatever line endings they had when they
# were committed. If you add new entries below, you should renormalize the
# affected files by running the following from the root of this repo (requires
# Git 2.16 or greater):
#
# git add --renormalize .
# git status [just to show what files were renormalized]
# git commit -m "Normalize line endings"
#
# Also, please update .editorconfig to handle any new entries as well.
*.ql eol=lf
*.qll eol=lf
*.qlref eol=lf
*.dbscheme eol=lf
*.qhelp eol=lf
80 changes: 40 additions & 40 deletions cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.qhelp
Original file line number Diff line number Diff line change
@@ -1,41 +1,41 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>In a loop condition, comparison of a value of a narrow type with a value of a wide type may
result in unexpected behavior if the wider value is sufficiently large (or small). This is because
the narrower value may overflow. This can lead to an infinite loop.</p>
</overview>
<recommendation>
<p>Change the types of the compared values so that the value on the narrower side of the
comparison is at least as wide as the value it is being compared with.</p>
</recommendation>
<example>
<p>In this example, <code>bytes_received</code> is compared against <code>max_get</code> in a
<code>while</code> loop. However, <code>bytes_received</code> is an <code>int16_t</code>, and
<code>max_get</code> is an <code>int32_t</code>. Because <code>max_get</code> is larger than
<code>INT16_MAX</code>, the loop condition is always <code>true</code>, so the loop never
terminates.</p>
<p>This problem is avoided in the 'GOOD' case because <code>bytes_received2</code> is an
<code>int32_t</code>, which is as wide as the type of <code>max_get</code>.</p>
<sample src="ComparisonWithWiderType.c" />
</example>
<references>
<li>
<a href="https://docs.microsoft.com/en-us/cpp/cpp/data-type-ranges">Data type ranges</a>
</li>
<li>
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size">INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size </a>
</li>
</references>
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>In a loop condition, comparison of a value of a narrow type with a value of a wide type may
result in unexpected behavior if the wider value is sufficiently large (or small). This is because
the narrower value may overflow. This can lead to an infinite loop.</p>

</overview>
<recommendation>

<p>Change the types of the compared values so that the value on the narrower side of the
comparison is at least as wide as the value it is being compared with.</p>

</recommendation>
<example>

<p>In this example, <code>bytes_received</code> is compared against <code>max_get</code> in a
<code>while</code> loop. However, <code>bytes_received</code> is an <code>int16_t</code>, and
<code>max_get</code> is an <code>int32_t</code>. Because <code>max_get</code> is larger than
<code>INT16_MAX</code>, the loop condition is always <code>true</code>, so the loop never
terminates.</p>

<p>This problem is avoided in the 'GOOD' case because <code>bytes_received2</code> is an
<code>int32_t</code>, which is as wide as the type of <code>max_get</code>.</p>

<sample src="ComparisonWithWiderType.c" />

</example>

<references>
<li>
<a href="https://docs.microsoft.com/en-us/cpp/cpp/data-type-ranges">Data type ranges</a>
</li>

<li>
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size">INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size </a>
</li>
</references>
</qhelp>
18 changes: 9 additions & 9 deletions cpp/ql/src/semmle/code/cpp/PrintAST.ql
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
/**
* @name Print AST
* @description Outputs a representation of the Abstract Syntax Tree.
* @id cpp/print-ast
* @kind graph
*/
import cpp
import PrintAST
/**
* @name Print AST
* @description Outputs a representation of the Abstract Syntax Tree.
* @id cpp/print-ast
* @kind graph
*/

import cpp
import PrintAST
Loading