github · jbj · Aug 9, 2019 · Jul 15, 2019 · Jul 16, 2019 · Aug 9, 2019
diff --git a/...test/query-tests/Likely Bugs/Leap Year/Adding365DaysPerYear/Adding365daysPerYear.expected b/...test/query-tests/Likely Bugs/Leap Year/Adding365DaysPerYear/Adding365daysPerYear.expected
@@ -1,3 +1,5 @@
 | test.cpp:173:2:173:52 | ... = ... | This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... | test.cpp:173:2:173:52 | ... = ... | ... = ... |
 | test.cpp:174:2:174:46 | ... = ... | This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... | test.cpp:174:2:174:46 | ... = ... | ... = ... |
 | test.cpp:193:2:193:24 | ... = ... | This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios. | test.cpp:193:2:193:24 | ... = ... | ... = ... | test.cpp:193:2:193:24 | ... = ... | ... = ... |
+| test.cpp:217:2:217:52 | ... = ... | This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... | test.cpp:217:2:217:52 | ... = ... | ... = ... |
+| test.cpp:218:2:218:46 | ... = ... | This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... | test.cpp:218:2:218:46 | ... = ... | ... = ... |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Leap Year/Adding365DaysPerYear/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Leap Year/Adding365DaysPerYear/test.cpp
@@ -170,8 +170,8 @@ void antipattern2()
 	qwLongTime += 365 * 24 * 60 * 60 * 10000000LLU;
 
 	// copy back to a FILETIME
-	ft.dwLowDateTime = (DWORD)(qwLongTime & 0xFFFFFFFF);
-	ft.dwHighDateTime = (DWORD)(qwLongTime >> 32);
+	ft.dwLowDateTime = (DWORD)(qwLongTime & 0xFFFFFFFF); // BAD
+	ft.dwHighDateTime = (DWORD)(qwLongTime >> 32); // BAD
 
 	// convert back to SYSTEMTIME for display or other usage
 	FileTimeToSystemTime(&ft, &st);
@@ -197,3 +197,29 @@ time_t mkTime(int days)
 
 	return t;
 }
+
+void checkedExample()
+{
+	// get the current time as a FILETIME
+	SYSTEMTIME st; FILETIME ft;
+	GetSystemTime(&st);
+	SystemTimeToFileTime(&st, &ft);
+
+	// convert to a quadword (64-bit integer) to do arithmetic
+	ULONGLONG qwLongTime;
+	qwLongTime = (((ULONGLONG)ft.dwHighDateTime) << 32) + ft.dwLowDateTime;
+
+	// add a year by calculating the ticks in 365 days
+	// (which may be incorrect when crossing a leap day)
+	qwLongTime += 365 * 24 * 60 * 60 * 10000000LLU;
+
+	// copy back to a FILETIME
+	ft.dwLowDateTime = (DWORD)(qwLongTime & 0xFFFFFFFF); // GOOD [FALSE POSITIVE]
+	ft.dwHighDateTime = (DWORD)(qwLongTime >> 32); // GOOD [FALSE POSITIVE]
+
+	// convert back to SYSTEMTIME for display or other usage
+	if (FileTimeToSystemTime(&ft, &st) == 0)
+	{
+		// handle error...
+	}
+}
diff --git a/...ar/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected b/...ar/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected
@@ -9,3 +9,7 @@
 | test.cpp:636:11:636:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:628:12:628:19 | timeinfo | timeinfo |
 | test.cpp:640:5:640:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st |
 | test.cpp:642:5:642:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st |
+| test.cpp:718:5:718:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:712:13:712:14 | st | st |
+| test.cpp:731:5:731:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
+| test.cpp:732:5:732:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
+| test.cpp:733:5:733:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
diff --git a/...Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected b/...Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected
@@ -1,3 +1,5 @@
 | test.cpp:317:2:317:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:309:13:309:14 | st | st |
 | test.cpp:330:2:330:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:322:13:322:14 | st | st |
 | test.cpp:341:2:341:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:333:62:333:63 | st | st |
+| test.cpp:720:2:720:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:712:13:712:14 | st | st |
+| test.cpp:735:2:735:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:725:13:725:14 | st | st |
diff --git a/...ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp b/...ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
@@ -445,7 +445,7 @@ void CorrectPattern_check4()
 	if (fixDate(st.wDay, st.wMonth, st.wYear))
 	{
 		// move back a day when landing on Feb 29 in an non-leap year
-		st.wDay = 28;
+		st.wDay = 28; // GOOD [FALSE POSITIVE]
 	}
 
 	// Safe to use
@@ -680,3 +680,57 @@ void mkDateTest(int year)
 	}
 	// ...
 }
+
+void unmodified1()
+{
+	SYSTEMTIME st;
+	FILETIME ft;
+	WORD w;
+
+	GetSystemTime(&st);
+
+	w = st.wYear;
+
+	SystemTimeToFileTime(&st, &ft); // GOOD - no modification
+}
+
+void unmodified2()
+{
+	SYSTEMTIME st;
+	FILETIME ft;
+	WORD *w_ptr;
+
+	GetSystemTime(&st);
+
+	w_ptr = &(st.wYear);
+
+	SystemTimeToFileTime(&st, &ft); // GOOD - no modification
+}
+
+void modified3()
+{
+	SYSTEMTIME st;
+	FILETIME ft;
+	WORD *w_ptr;
+
+	GetSystemTime(&st);
+
+	st.wYear = st.wYear + 1; // BAD
+
+	SystemTimeToFileTime(&st, &ft);
+}
+
+void modified4()
+{
+	SYSTEMTIME st;
+	FILETIME ft;
+	WORD *w_ptr;
+
+	GetSystemTime(&st);
+
+	st.wYear++; // BAD
+	st.wYear++; // BAD
+	st.wYear++; // BAD
+
+	SystemTimeToFileTime(&st, &ft);
+}