C++: Now that the flow starts at main's 'argv' parameter (instead of at every use of 'argv') we get problems with linking since the test directory for CWE-190 has multiple main functions. We fix this by renaming each main function and invoking them from a shared main function.

Author: MathiasVP

cpp/ql/test/query-tests/Security/CWE/CWE-190/SAMATE/ArithmeticUncontrolled.expected

@@ -23,6 +23,12 @@ edges
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
 | examples.cpp:35:26:35:33 | call to rand | examples.cpp:38:9:38:12 | data |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:66:9:66:14 | Store |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:66:9:66:14 | Sub |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:66:11:66:14 | data |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:67:31:67:34 | Store |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:67:31:67:34 | data |
+| examples.cpp:63:26:63:30 | fscanf output argument | examples.cpp:68:27:68:32 | result |
 nodes
 | examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
 | examples.cpp:22:26:22:33 | (unsigned int)... | semmle.label | (unsigned int)... |
@@ -50,6 +56,14 @@ nodes
 | examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:35:26:35:33 | call to rand | semmle.label | call to rand |
 | examples.cpp:38:9:38:12 | data | semmle.label | data |
+| examples.cpp:63:26:63:30 | & ... | semmle.label | & ... |
+| examples.cpp:63:26:63:30 | fscanf output argument | semmle.label | fscanf output argument |
+| examples.cpp:66:9:66:14 | Store | semmle.label | Store |
+| examples.cpp:66:9:66:14 | Sub | semmle.label | Sub |
+| examples.cpp:66:11:66:14 | data | semmle.label | data |
+| examples.cpp:67:31:67:34 | Store | semmle.label | Store |
+| examples.cpp:67:31:67:34 | data | semmle.label | data |
+| examples.cpp:68:27:68:32 | result | semmle.label | result |
 subpaths
 #select
 | examples.cpp:25:31:25:34 | data | examples.cpp:22:26:22:33 | (unsigned int)... | examples.cpp:25:31:25:34 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | examples.cpp:22:26:22:33 | call to rand | Uncontrolled value |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected

@@ -1,32 +1,32 @@
 edges
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | (size_t)... |
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | (size_t)... |
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
-| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
-| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | (size_t)... |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | (size_t)... |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
-| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
-| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | (size_t)... |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | (size_t)... |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
+| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
+| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | (size_t)... |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | (size_t)... |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
+| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
 | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
 | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
 | test.cpp:124:18:124:31 | (const char *)... | test.cpp:128:24:128:41 | ... * ... |
@@ -77,8 +77,8 @@ edges
 | test.cpp:305:9:305:16 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
 subpaths
 nodes
-| test.cpp:40:21:40:24 | argv | semmle.label | argv |
-| test.cpp:40:21:40:24 | argv | semmle.label | argv |
+| test.cpp:39:27:39:30 | argv | semmle.label | argv |
+| test.cpp:39:27:39:30 | argv | semmle.label | argv |
 | test.cpp:43:38:43:44 | (size_t)... | semmle.label | (size_t)... |
 | test.cpp:43:38:43:44 | (size_t)... | semmle.label | (size_t)... |
 | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
@@ -157,12 +157,12 @@ nodes
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 #select
-| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
-| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
-| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
-| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
-| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
-| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:40:21:40:24 | argv | user input (argv) |
+| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
+| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
+| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
+| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
+| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
+| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:39:27:39:30 | argv | user input (argv) |
 | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:124:18:124:23 | call to getenv | user input (getenv) |
 | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:133:19:133:24 | call to getenv | user input (getenv) |
 | test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow | test.cpp:148:20:148:25 | call to getenv | user input (getenv) |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected

@@ -11,18 +11,20 @@ edges
 | test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | ReturnValue |
 | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y |
 | test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y |
-| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
-| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
-| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
-| test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
-| test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
-| test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
-| test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
-| test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
-| test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 |
-| test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 |
-| test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 |
-| test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 |
+| test.cpp:12:28:12:31 | *argv | test.cpp:16:15:16:28 | maxConnections |
+| test.cpp:12:28:12:31 | *argv | test.cpp:16:15:16:28 | maxConnections |
+| test.cpp:12:28:12:31 | argv | test.cpp:16:15:16:28 | maxConnections |
+| test.cpp:12:28:12:31 | argv | test.cpp:16:15:16:28 | maxConnections |
+| test.cpp:12:28:12:31 | argv | test.cpp:46:7:46:10 | len2 |
+| test.cpp:12:28:12:31 | argv | test.cpp:46:7:46:10 | len2 |
+| test.cpp:12:28:12:31 | argv | test.cpp:56:7:56:10 | len3 |
+| test.cpp:12:28:12:31 | argv | test.cpp:56:7:56:10 | len3 |
+| test.cpp:139:27:139:30 | argv | test.cpp:140:3:140:7 | argv |
+| test.cpp:139:27:139:30 | argv | test.cpp:140:3:140:7 | argv |
+| test.cpp:139:27:139:30 | argv | test.cpp:140:15:140:18 | argv indirection |
+| test.cpp:139:27:139:30 | argv | test.cpp:140:15:140:18 | argv indirection |
+| test.cpp:140:3:140:7 | argv | test.cpp:12:28:12:31 | argv |
+| test.cpp:140:15:140:18 | argv indirection | test.cpp:12:28:12:31 | *argv |
 subpaths
 nodes
 | test2.cpp:12:21:12:21 | v | semmle.label | v |
@@ -42,28 +44,28 @@ nodes
 | test5.cpp:19:6:19:6 | y | semmle.label | y |
 | test5.cpp:19:6:19:6 | y | semmle.label | y |
 | test5.cpp:19:6:19:6 | y | semmle.label | y |
-| test.c:11:29:11:32 | argv | semmle.label | argv |
-| test.c:11:29:11:32 | argv | semmle.label | argv |
-| test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
-| test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
-| test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
-| test.c:41:17:41:20 | argv | semmle.label | argv |
-| test.c:41:17:41:20 | argv | semmle.label | argv |
-| test.c:44:7:44:10 | len2 | semmle.label | len2 |
-| test.c:44:7:44:10 | len2 | semmle.label | len2 |
-| test.c:44:7:44:10 | len2 | semmle.label | len2 |
-| test.c:51:17:51:20 | argv | semmle.label | argv |
-| test.c:51:17:51:20 | argv | semmle.label | argv |
-| test.c:54:7:54:10 | len3 | semmle.label | len3 |
-| test.c:54:7:54:10 | len3 | semmle.label | len3 |
-| test.c:54:7:54:10 | len3 | semmle.label | len3 |
+| test.cpp:12:28:12:31 | *argv | semmle.label | *argv |
+| test.cpp:12:28:12:31 | argv | semmle.label | argv |
+| test.cpp:16:15:16:28 | maxConnections | semmle.label | maxConnections |
+| test.cpp:16:15:16:28 | maxConnections | semmle.label | maxConnections |
+| test.cpp:16:15:16:28 | maxConnections | semmle.label | maxConnections |
+| test.cpp:46:7:46:10 | len2 | semmle.label | len2 |
+| test.cpp:46:7:46:10 | len2 | semmle.label | len2 |
+| test.cpp:46:7:46:10 | len2 | semmle.label | len2 |
+| test.cpp:56:7:56:10 | len3 | semmle.label | len3 |
+| test.cpp:56:7:56:10 | len3 | semmle.label | len3 |
+| test.cpp:56:7:56:10 | len3 | semmle.label | len3 |
+| test.cpp:139:27:139:30 | argv | semmle.label | argv |
+| test.cpp:139:27:139:30 | argv | semmle.label | argv |
+| test.cpp:140:3:140:7 | argv | semmle.label | argv |
+| test.cpp:140:15:140:18 | argv indirection | semmle.label | argv indirection |
 #select
 | test2.cpp:14:11:14:11 | v | test2.cpp:25:22:25:23 | & ... | test2.cpp:14:11:14:11 | v | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test2.cpp:14:11:14:11 | v | test2.cpp:25:22:25:23 | & ... | test2.cpp:14:11:14:11 | v | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test5.cpp:17:6:17:18 | call to getTaintedInt | test5.cpp:9:7:9:9 | buf | test5.cpp:17:6:17:18 | call to getTaintedInt | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:19:6:19:6 | y | test5.cpp:9:7:9:9 | buf | test5.cpp:19:6:19:6 | y | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:19:6:19:6 | y | test5.cpp:9:7:9:9 | buf | test5.cpp:19:6:19:6 | y | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
-| test.c:14:15:14:28 | maxConnections | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:11:29:11:32 | argv | User-provided value |
-| test.c:14:15:14:28 | maxConnections | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:11:29:11:32 | argv | User-provided value |
-| test.c:44:7:44:10 | len2 | test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:41:17:41:20 | argv | User-provided value |
-| test.c:54:7:54:10 | len3 | test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:51:17:51:20 | argv | User-provided value |
+| test.cpp:16:15:16:28 | maxConnections | test.cpp:139:27:139:30 | argv | test.cpp:16:15:16:28 | maxConnections | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:16:15:16:28 | maxConnections | test.cpp:139:27:139:30 | argv | test.cpp:16:15:16:28 | maxConnections | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:46:7:46:10 | len2 | test.cpp:139:27:139:30 | argv | test.cpp:46:7:46:10 | len2 | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:56:7:56:10 | len3 | test.cpp:139:27:139:30 | argv | test.cpp:56:7:56:10 | len3 | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.cpp:139:27:139:30 | argv | User-provided value |

cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected

@@ -2,15 +2,15 @@
 | test2.cpp:15:11:15:19 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test2.cpp:16:11:16:21 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
 | test2.cpp:17:11:17:22 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test2.cpp:25:22:25:23 | & ... | User-provided value |
-| test3.c:12:31:12:34 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test3.c:11:15:11:18 | argv | User-provided value |
-| test3.c:13:16:13:19 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test3.c:11:15:11:18 | argv | User-provided value |
-| test4.cpp:13:17:13:20 | access to array | $@ flows to here and is used in an expression which might overflow negatively. | test4.cpp:9:13:9:16 | argv | User-provided value |
 | test5.cpp:10:9:10:15 | call to strtoul | $@ flows to here and is used in an expression which might overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:17:6:17:27 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test5.cpp:19:6:19:13 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test6.cpp:11:15:11:15 | s | $@ flows to here and is used in an expression which might overflow. | test6.cpp:39:23:39:24 | & ... | User-provided value |
 | test6.cpp:16:15:16:15 | s | $@ flows to here and is used in an expression which might overflow. | test6.cpp:39:23:39:24 | & ... | User-provided value |
 | test6.cpp:30:16:30:16 | s | $@ flows to here and is used in an expression which might overflow. | test6.cpp:39:23:39:24 | & ... | User-provided value |
-| test.c:14:15:14:35 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test.c:11:29:11:32 | argv | User-provided value |
-| test.c:44:7:44:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:41:17:41:20 | argv | User-provided value |
-| test.c:54:7:54:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.c:51:17:51:20 | argv | User-provided value |
+| test.cpp:16:15:16:35 | ... * ... | $@ flows to here and is used in an expression which might overflow. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:46:7:46:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:56:7:56:12 | ... -- | $@ flows to here and is used in an expression which might overflow negatively. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:112:31:112:34 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:113:16:113:19 | * ... | $@ flows to here and is used in an expression which might overflow negatively. | test.cpp:139:27:139:30 | argv | User-provided value |
+| test.cpp:130:17:130:20 | access to array | $@ flows to here and is used in an expression which might overflow negatively. | test.cpp:139:27:139:30 | argv | User-provided value |