diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp index b11a136ed24a..b1245c6ae891 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/test.cpp @@ -332,4 +332,13 @@ void ptr_diff_case() { char* admin_begin_pos = strstr(user, "ADMIN"); int offset = admin_begin_pos ? user - admin_begin_pos : 0; malloc(offset); // GOOD -} \ No newline at end of file +} + +void equality_barrier() { + int size1 = atoi(getenv("USER")); + int size2 = atoi(getenv("USER")); + + if (size1 == size2) { + int* a = (int*)malloc(size1 * sizeof(int)); // GOOD + } +} diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c index 6999795b004f..29ab7cc8f25c 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/test.c @@ -95,5 +95,12 @@ int main(int argc, char** argv) { } } + // GOOD: check the user input first + int maxConnections3 = atoi(argv[1]); + int maxConnections4 = atoi(argv[1]); + if (maxConnections3 == maxConnections4) { + startServer(maxConnections3 * 1000); + } + return 0; }