False negative on C++ CString Format code?

it seems we got a false negative in C++ or at least we wonder if that rule might be added to SonarQube in the future. We are using SonarQube

We realized this code caused our application to crash in some conditons and it got obvious that using the same/own CString as import for CString.Format call leads to unpredictable behaviour in any case as the string passed into the Format (the memory it points to) is cleared during this operation. Depending on when the memory then is finally resused/overtwritten it might work fine or crash, so it is pretty hard to detect.

CString sqlCond = L"something";
sqlCond.Format(L"(c.Security = 2) OR (%s)", sqlCond.GetString());

Is this somthing that could be added as a rule to SQ?


Hi @Wolfgang_Gogg ,

Thanks for raising this point.

At the moment, we have no MFC specific rules. And because we don’t have access to the implementation of CString.Format, the symbolic execution cannot detect the problem either.

If an MFC specific set of rules is developed in the future, we’ll put it in it, but I can’t say if and when that will happen.


1 Like