C++: Address false positive results.

geoffw0 · geoffw0 · commit a57f803b37ae · 2026-03-16T19:03:10.000Z
diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
@@ -168,9 +168,11 @@ where
     formatOtherArgType(ffc, n, expected, arg, actual) and
     not actual.getUnspecifiedType().(IntegralType).getSize() = sizeof_IntType()
   ) and
+  // Exclude some cases where we're less confident the result is correct / clear / valuable
   not arg.isAffectedByMacro() and
   not arg.isFromUninstantiatedTemplate(_) and
   not actual.stripType() instanceof ErroneousType and
+  not arg.getType().stripType().(RoutineType).getReturnType() instanceof ErroneousType and
   not arg.(Call).mayBeFromImplicitlyDeclaredFunction() and
   // Make sure that the format function definition is consistent
   count(ffc.getTarget().getFormatParameterIndex()) = 1
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/WrongTypeFormatArguments.expected
@@ -1,9 +1,3 @@
-| second.cpp:13:19:13:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
-| second.cpp:14:19:14:19 | s | This format specifier for type 'size_t' does not match the argument type '..(*)(..)'. |
-| second.cpp:15:18:15:18 | s | This format specifier for type 'int' does not match the argument type '..(*)(..)'. |
-| second.cpp:16:19:16:19 | s | This format specifier for type 'long' does not match the argument type '..(*)(..)'. |
-| second.cpp:17:20:17:20 | s | This format specifier for type 'long long' does not match the argument type '..(*)(..)'. |
-| second.cpp:18:18:18:18 | s | This format specifier for type 'unsigned int' does not match the argument type '..(*)(..)'. |
 | second.cpp:26:18:26:39 | ... - ... | This format specifier for type 'int' does not match the argument type 'long'. |
 | second.cpp:29:18:29:39 | ... - ... | This format specifier for type 'unsigned int' does not match the argument type 'long'. |
 | tests.c:7:18:7:18 | 1 | This format specifier for type 'char *' does not match the argument type 'int'. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp b/cpp/ql/test/query-tests/Likely Bugs/Format/WrongTypeFormatArguments/Buildless/second.cpp
@@ -10,12 +10,12 @@ void test_size_t() {
 
     printf("%zd", s); // GOOD
     printf("%zi", s); // GOOD
-    printf("%zu", s); // GOOD (we generally permit signedness changes) [FALSE POSITIVE]
-    printf("%zx", s); // GOOD (we generally permit signedness changes) [FALSE POSITIVE]
-    printf("%d", s); // BAD
-    printf("%ld", s); // BAD
-    printf("%lld", s); // BAD
-    printf("%u", s); // BAD
+    printf("%zu", s); // GOOD (we generally permit signedness changes)
+    printf("%zx", s); // GOOD (we generally permit signedness changes)
+    printf("%d", s); // BAD [NOT DETECTED]
+    printf("%ld", s); // BAD [NOT DETECTED]
+    printf("%lld", s); // BAD [NOT DETECTED]
+    printf("%u", s); // BAD [NOT DETECTED]
 
     char buffer[1024];
 
