C++: Tests for new false negatives

jbj · jbj · commit d864df5b7f39 · 2019-03-19T10:30:14.000+01:00
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
@@ -6,3 +6,4 @@
 | test.cpp:112:2:112:12 | return ... | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
 | test.cpp:119:2:119:19 | return ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
 | test.cpp:149:3:149:22 | return ... | May return stack-allocated memory from $@. | test.cpp:149:11:149:21 | threadLocal | threadLocal |
+| test.cpp:190:3:190:14 | return ... | May return stack-allocated memory from $@. | test.cpp:188:13:188:19 | myLocal | myLocal |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
@@ -164,3 +164,28 @@ char *returnAfterCopy() {
   memcpy(staticBuf, localBuf, sizeof(staticBuf));
   return staticBuf; // GOOD
 }
+
+void *conversionBeforeDataFlow() {
+  int myLocal;
+  void *pointerToLocal = (void *)&myLocal; // has conversion
+  return pointerToLocal; // BAD [NOT DETECTED]
+}
+
+void *arrayConversionBeforeDataFlow() {
+  int localArray[4];
+  int *pointerToLocal = localArray; // has conversion
+  return pointerToLocal; // BAD [NOT DETECTED]
+}
+
+int &dataFlowThroughReference() {
+  int myLocal;
+  int &refToLocal = myLocal; // has conversion
+  return refToLocal; // BAD [NOT DETECTED]
+}
+
+int *&conversionInFlow() {
+  int myLocal;
+  int *p = &myLocal;
+  int *&pRef = p; // has conversion in the middle of data flow
+  return pRef; // BAD [MISLEADING ALERT MESSAGE]
+}
