From 366ebcad834dc2a8b93e314fa80624f7ed7b5124 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Mon, 16 Feb 2026 18:58:39 +0100
Subject: [PATCH] C++: Add `cpp/return-stack-allocated-memory` test case

---
 .../ReturnStackAllocatedMemory.expected                   | 8 ++++++++
 .../Memory Management/ReturnStackAllocatedMemory/test.cpp | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
index 6aa457b1e8a..23b23dc4a3b 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
@@ -48,6 +48,9 @@ edges
 | test.cpp:249:13:249:20 | call to strndupa | test.cpp:249:13:249:20 | call to strndupa |
 | test.cpp:249:13:249:20 | call to strndupa | test.cpp:250:9:250:10 | s2 |
 | test.cpp:250:9:250:10 | s2 | test.cpp:250:9:250:10 | (void *)... |
+| test.cpp:253:17:253:17 | p | test.cpp:256:10:256:10 | p |
+| test.cpp:255:19:255:20 | & ... | test.cpp:253:17:253:17 | p |
+| test.cpp:255:20:255:20 | x | test.cpp:255:19:255:20 | & ... |
 nodes
 | test.cpp:17:9:17:11 | & ... | semmle.label | & ... |
 | test.cpp:17:10:17:11 | mc | semmle.label | mc |
@@ -114,6 +117,10 @@ nodes
 | test.cpp:249:13:249:20 | call to strndupa | semmle.label | call to strndupa |
 | test.cpp:250:9:250:10 | (void *)... | semmle.label | (void *)... |
 | test.cpp:250:9:250:10 | s2 | semmle.label | s2 |
+| test.cpp:253:17:253:17 | p | semmle.label | p |
+| test.cpp:255:19:255:20 | & ... | semmle.label | & ... |
+| test.cpp:255:20:255:20 | x | semmle.label | x |
+| test.cpp:256:10:256:10 | p | semmle.label | p |
 #select
 | test.cpp:17:9:17:11 | CopyValue: & ... | test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | & ... | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
 | test.cpp:25:9:25:11 | Load: ptr | test.cpp:23:18:23:19 | mc | test.cpp:25:9:25:11 | ptr | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
@@ -131,3 +138,4 @@ nodes
 | test.cpp:238:9:238:9 | Load: p | test.cpp:237:12:237:17 | call to alloca | test.cpp:238:9:238:9 | p | May return stack-allocated memory from $@. | test.cpp:237:12:237:17 | call to alloca | call to alloca |
 | test.cpp:245:9:245:15 | Call: call to strdupa | test.cpp:245:9:245:15 | call to strdupa | test.cpp:245:9:245:15 | call to strdupa | May return stack-allocated memory from $@. | test.cpp:245:9:245:15 | call to strdupa | call to strdupa |
 | test.cpp:250:9:250:10 | Convert: (void *)... | test.cpp:249:13:249:20 | call to strndupa | test.cpp:250:9:250:10 | (void *)... | May return stack-allocated memory from $@. | test.cpp:249:13:249:20 | call to strndupa | call to strndupa |
+| test.cpp:256:10:256:10 | Load: p | test.cpp:255:20:255:20 | x | test.cpp:256:10:256:10 | p | May return stack-allocated memory from $@. | test.cpp:255:20:255:20 | x | x |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index abc21aa74d8..ab1a626a4b0 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -250,3 +250,8 @@ void* test_strndupa(const char* s, size_t size) {
 	return s2; // BAD
 }
 
+int* f_rec(int *p, bool b) {
+  int x;
+  int* px = f_rec(&x, b); // GOOD [FALSE POSITIVE]
+  return p;
+}