C++: Turns out we can simplify.

geoffw0 · geoffw0 · commit da99d3660d40 · 2026-03-06T11:53:43.000Z
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected
@@ -1,13 +1,9 @@
-| include_twice.h:8:19:8:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
-| include_twice.h:9:19:9:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
-| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. |
-| include_twice.h:10:18:10:18 | s | This format specifier for type 'int' does not match the argument type 'unsigned long'. |
-| include_twice.h:11:19:11:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. |
-| include_twice.h:12:20:12:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. |
-| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. |
-| include_twice.h:13:18:13:18 | s | This format specifier for type 'unsigned int' does not match the argument type 'unsigned long'. |
-| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
-| include_twice.h:21:18:21:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
-| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
-| include_twice.h:24:18:24:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
+| second.cpp:13:19:13:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
+| second.cpp:14:19:14:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
+| second.cpp:15:18:15:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. |
+| second.cpp:16:19:16:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. |
+| second.cpp:17:20:17:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. |
+| second.cpp:18:18:18:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. |
+| second.cpp:26:18:26:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
+| second.cpp:29:18:29:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
 | tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/first.cpp
@@ -1,8 +1,3 @@
-// semmle-extractor-options: --expect_errors
-
-int printf(const char * format, ...);
 
 // defines type size_t plausibly
 typedef unsigned long size_t;
-
-#include "include_twice.h"
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/include_twice.h
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp
@@ -5,4 +5,26 @@ int printf(const char * format, ...);
 // defines type `myFunctionPointerType`, referencing `size_t`
 typedef size_t (*myFunctionPointerType) ();
 
-#include "include_twice.h"
+void test_size_t() {
+    size_t s = 0;
+
+    printf("%zd", s); // GOOD
+    printf("%zi", s); // GOOD
+    printf("%zu", s); // GOOD [FALSE POSITIVE]
+    printf("%zx", s); // GOOD [FALSE POSITIVE]
+    printf("%d", s); // BAD
+    printf("%ld", s); // BAD
+    printf("%lld", s); // BAD
+    printf("%u", s); // BAD
+
+    char buffer[1024];
+
+    printf("%zd", &buffer[1023] - buffer); // GOOD
+    printf("%zi", &buffer[1023] - buffer); // GOOD
+    printf("%zu", &buffer[1023] - buffer); // GOOD
+    printf("%zx", &buffer[1023] - buffer); // GOOD
+    printf("%d", &buffer[1023] - buffer); // BAD
+    printf("%ld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
+    printf("%lld", &buffer[1023] - buffer); // BAD [NOT DETECTED]
+    printf("%u", &buffer[1023] - buffer); // BAD
+}
