CPP: Additional AllocaInLoop test cases.

geoffw0 · geoffw0 · commit 5362fef81ced · 2019-07-15T14:50:02.000+01:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop.expected
@@ -1,6 +1,9 @@
 | AllocaInLoop1.cpp:31:18:31:23 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:22:2:39:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1.cpp:55:19:55:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:45:2:64:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1.cpp:80:19:80:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:71:3:88:3 | for(...;...;...) ... | for(...;...;...) ... |
+| AllocaInLoop1.cpp:97:19:97:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:96:2:100:13 | do (...) ... | do (...) ... |
+| AllocaInLoop1.cpp:110:19:110:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:109:2:113:13 | do (...) ... | do (...) ... |
+| AllocaInLoop1.cpp:123:19:123:24 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1.cpp:122:2:126:13 | do (...) ... | do (...) ... |
 | AllocaInLoop1ms.cpp:28:18:28:24 | call to _alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:19:2:36:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1ms.cpp:52:19:52:26 | call to _malloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:42:2:63:2 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop1ms.cpp:79:19:79:25 | call to _alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:70:3:87:3 | for(...;...;...) ... | for(...;...;...) ... |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop1.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/AllocaInLoop/AllocaInLoop1.cpp
@@ -88,3 +88,40 @@ void baz(const struct vtype* vec, int count) {
 		}
 	} while (0);
 }
+
+// case 4: alloca  contained in an unbounded loop, followed by break.
+void case4() {
+	char *buffer;
+
+	do {
+		buffer = (char*)alloca(1024); // GOOD [FALSE POSITIVE]
+
+		break;
+	} while (1);
+
+	delete [] buffer;
+}
+
+// case 5: alloca  contained in an unbounded loop, followed by continue.
+void case5() {
+	char *buffer;
+
+	do {
+		buffer = (char*)alloca(1024); // BAD
+
+		continue;
+	} while (1);
+
+	delete [] buffer;
+}
+
+// case 6: alloca  contained in an unbounded loop, followed by return.
+char *case6() {
+	char *buffer;
+
+	do {
+		buffer = (char*)alloca(1024); // GOOD [FALSE POSITIVE]
+
+		return buffer;
+	} while (1);
+}
