C++: Add a test case for WrongTypeFormatArguments involving code that's included twice.

geoffw0 · geoffw0 · commit d23a3f821e6a · 2026-03-06T11:34:16.000Z
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected
@@ -1 +1,7 @@
+| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type 'unsigned long'. |
+| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type 'unsigned long'. |
+| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
+| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
+| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
+| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
 | tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp
@@ -0,0 +1,8 @@
+// semmle-extractor-options: --expect_errors
+
+int printf(const char * format, ...);
+
+// defines type size_t plausibly
+typedef unsigned long size_t;
+
+#include "include_twice.h"
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h
@@ -0,0 +1,25 @@
+// semmle-extractor-options: --expect_errors
+
+void test_size_t() {
+    size_t s = 0;
+
+    printf("%zd", s); // GOOD
+    printf("%zi", s); // GOOD
+    printf("%zu", s); // GOOD
+    printf("%zx", s); // GOOD
+    printf("%d", s); // BAD
+    printf("%ld", s); // BAD [NOT DETECTED]
+    printf("%lld", s); // BAD [NOT DETECTED]
+    printf("%u", s); // BAD
+
+    char buffer[1024];
+
+    printf("%zd", &buffer[1023] - buffer); // GOOD
+    printf("%zi", &buffer[1023] - buffer); // GOOD
+    printf("%zu", &buffer[1023] - buffer); // GOOD
+    printf("%zx", &buffer[1023] - buffer); // GOOD
+    printf("%d", &buffer[1023] - buffer); // BAD
+    printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
+    printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
+    printf("%u", &buffer[1023] - buffer); // BAD
+}
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp
@@ -0,0 +1,8 @@
+// semmle-extractor-options: --expect_errors
+
+int printf(const char * format, ...);
+
+// defines type `myFunctionPointerType`
+typedef int (*myFunctionPointerType) ();
+
+#include "include_twice.h"
