From ccbd8aaebc08456c5d23cfe0b666ee22ec3f2995 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <schack@semmle.com>
Date: Wed, 12 Sep 2018 10:13:57 +0200
Subject: [PATCH 1/3] Java: Improve alert message of IntMultToLong.

---
 java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
index acb99effb005..8027b9176a0b 100644
--- a/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql	
+++ b/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql	
@@ -52,4 +52,4 @@ where
   // not obviously small and ok
   not small(e) and
   e.getEnclosingCallable().fromSource()
-select c, "$@ converted to "+ destType.getName() +" by use in " + ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e, sourceType.getName() + " multiplication"
+select c, "Potential overflow in $@ before it is converted to "+ destType.getName() +" by use in " + ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e, sourceType.getName() + " multiplication"

From 1bbc67b57c8f9136eade0694d8a86a7e4c0ae686 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <schack@semmle.com>
Date: Wed, 12 Sep 2018 10:14:41 +0200
Subject: [PATCH 2/3] Java: Autoformat query.

---
 java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
index 8027b9176a0b..d77a98bcd069 100644
--- a/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql	
+++ b/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql	
@@ -15,6 +15,7 @@
  *       external/cwe/cwe-197
  *       external/cwe/cwe-681
  */
+
 import java
 import semmle.code.java.dataflow.RangeUtils
 import semmle.code.java.Conversions
@@ -25,7 +26,8 @@ predicate small(MulExpr e) {
     lhs = e.getLeftOperand().getProperExpr().(ConstantIntegerExpr).getIntValue() and
     rhs = e.getRightOperand().getProperExpr().(ConstantIntegerExpr).getIntValue() and
     lhs * rhs = res and
-    t.getOrdPrimitiveType().getMinValue() <= res and res <= t.getOrdPrimitiveType().getMaxValue()
+    t.getOrdPrimitiveType().getMinValue() <= res and
+    res <= t.getOrdPrimitiveType().getMaxValue()
   )
 }
 
@@ -52,4 +54,7 @@ where
   // not obviously small and ok
   not small(e) and
   e.getEnclosingCallable().fromSource()
-select c, "Potential overflow in $@ before it is converted to "+ destType.getName() +" by use in " + ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e, sourceType.getName() + " multiplication"
+select c,
+  "Potential overflow in $@ before it is converted to " + destType.getName() + " by use in " +
+    ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e,
+  sourceType.getName() + " multiplication"

From b9acdf573ab2fdea9ec1e9b216569c440e0f0615 Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <schack@semmle.com>
Date: Thu, 13 Sep 2018 10:18:09 +0200
Subject: [PATCH 3/3] Java: Update qltest.

---
 .../security/CWE-190/semmle/tests/IntMultToLong.expected  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected b/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected
index e4a6143ee59c..421575b07a65 100644
--- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected
+++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected
@@ -1,4 +1,4 @@
-| Test.java:20:23:20:48 | ... * ... | $@ converted to long by use in an assignment context. | Test.java:20:23:20:48 | ... * ... | int multiplication |
-| Test.java:27:23:27:52 | ... + ... | $@ converted to long by use in an assignment context. | Test.java:27:23:27:48 | ... * ... | int multiplication |
-| Test.java:34:23:34:63 | ...?...:... | $@ converted to long by use in an assignment context. | Test.java:34:30:34:55 | ... * ... | int multiplication |
-| Test.java:41:25:41:49 | ... * ... | $@ converted to double by use in an assignment context. | Test.java:41:25:41:49 | ... * ... | long multiplication |
\ No newline at end of file
+| Test.java:20:23:20:48 | ... * ... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:20:23:20:48 | ... * ... | int multiplication |
+| Test.java:27:23:27:52 | ... + ... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:27:23:27:48 | ... * ... | int multiplication |
+| Test.java:34:23:34:63 | ...?...:... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:34:30:34:55 | ... * ... | int multiplication |
+| Test.java:41:25:41:49 | ... * ... | Potential overflow in $@ before it is converted to double by use in an assignment context. | Test.java:41:25:41:49 | ... * ... | long multiplication |