C++: incorrect string type conversion

[raulgarciamsft]

Cast between semantically different string types: char* from/to wchar_t*
NOTE: Please let me know if you want to use a different CWE than CWE-704

[rdmarsh2]

I ran this on both Linux and Windows builds of ChakraCore. It finds 0 results on the Linux build and 59 on the Windows build, so I suspect we'll want changes so that it produces results on ChakraCore on LGTM.com.

@geoffw0 I believe you're the most familiar with how string types are handled in ChakraCore on Linux, so I've assigned this PR to you.

[raulgarciamsft]

Thanks.
Please let me know if there are any instructions I should follow to access ChakraCode for Linux on lgtm (feel free to send the instructions to me privately via email).

[rdmarsh2]

Unfortunately, the ChakraCore build on LGTM.com is currently broken. There should be a fix for it in the next couple days, but I can send you the snapshot I've been testing with in the meantime.

[raulgarciamsft]

That will work. Thanks a lot.

[raulgarciamsft]

I tried building a snapshot for ChakraCore (https://github.com/microsoft/ChakraCore) for Windows, and I haven’t been able to find any instance of code that matches this new rule on it, nor on the Linux Snapshot that Robert shared with me.
Do you have any hints on what files/lines should I look at?
Thanks

[jbj]

I ran this query on 43 projects and was surprised that it found results on only two projects. On the Suspicious pointer scaling query we've had to assume that all casts to a char type are fine because people tend to convert to char * and then do a memcpy-like operation.

The results of this query also fall in this category. In fish-shell, the char pointers are used to copy wide chars into a block of memory returned from malloc where data of various types is manually laid out. In pwsafe, such a cast is used to take the SHA1 hash of a wide-char string. It seems reasonable to me that a SHA1 function takes a char * argument, and it also seems reasonable to want to call that function with an array of elements where there is no padding.

The @description and qhelp suggest that the primary use case for this query is to catch conversions from char * to wchar_t *. What do you say to ignoring conversions that go the other way? I ran that version of the query and found that it gave fewer and better results. The results on pwsafe look dodgy: I can't see how the memory allocated to an unsigned char[] will be suitably aligned for wchar_t *. Maybe the qhelp should specifically mention alignment.

[jbj]

Please state this example in terms of wchar_t, which is a standard type.

[jbj]

I don't think it's accurate to say that char is ANSI and wchar_t is Unicode. That's what they're called in Windows APIs, but other platforms use char for both 7-bit ASCII, 8-bit legacy charsets, and UTF-8 Unicode.

I suggest replacing "ANSI string" with "byte string" and "Unicode string" with "wide-character string". Also below.

[jbj]

"casting" -> "cast"

[jbj]

Ideally we should give a recommendation that can make the alert go away and keep the code working. What is the typical remedy for this sort of error? For string literals we can recommend prepending L. For other cases, should we recommend calling an appropriate (platform-dependent) conversion function?

[jbj]

"casted as" -> "cast to"

[raulgarciamsft]

Thanks a lot. I will work on all your suggestions and submit them ASAP.

[jbj]

I'd like a shorter @name for consistency with our existing queries. I propose "Cast from char* to wchar_t*".

[jbj]

The @description is out of date with the recent changes. For consistency with our other queries, I suggest rephrasing it as follows: "Casting a byte string to a wide-character string is likely to yield a string that is incorrectly terminated or aligned. This can lead to undefined behavior, including buffer overruns."

[raulgarciamsft]

Fixes ready.

[jbj]

Thanks for the query and the fixes. I'll merge this now, and I look forward to seeing the results on lgtm.com. The next deployment should happen in a week or two.

[geoffw0]

Sorry I didn't get around to looking at this last week. The new query looks good, and we really appreciate the tests and qhelp alongside.