`RULE-21-15`: Improve detection of compatible types #573

lcartey · 2024-04-25T11:04:10Z

Affected rules

RULE-21-15

Description

The query for this rule is currently too strict - it requires the types be identical (after stripping specifiers), instead of compatible. For example, it does not allow a combination of pointers and arrays, or array types with different sizes, or types which are compatible but not identical (e.g. signed int and int.

Example

void example_function(int i1[80], int *i2, int i3[10], signed int *i4) {
  memcpy(i1,i2,1); // COMPLIANT[FALSE_POSITIVE]
  memcpy(i1,i3,1); // COMPLIANT[FALSE_POSITIVE]
  memcpy(i2,i3,1); // COMPLIANT[FALSE_POSITIVE]
  memcpy(i2,i4,1); // COMPLIANT[FALSE_POSITIVE]
}

The text was updated successfully, but these errors were encountered:

lcartey added Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium labels Apr 25, 2024

lcartey self-assigned this Apr 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`RULE-21-15`: Improve detection of compatible types #573

`RULE-21-15`: Improve detection of compatible types #573

lcartey commented Apr 25, 2024

RULE-21-15: Improve detection of compatible types #573

RULE-21-15: Improve detection of compatible types #573

Comments

lcartey commented Apr 25, 2024

Affected rules

Description

Example

`RULE-21-15`: Improve detection of compatible types #573

`RULE-21-15`: Improve detection of compatible types #573