C++: Respond to review comments.

cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted-bad.c

@@ -1,4 +1,3 @@
-char * password = malloc(PASSWORD_SIZE);
-// ... read and check password
-memset(password, 0, PASSWORD_SIZE);
-free(password);
+char password[MAX_PASSWORD_LENGTH];
+// read and verify password
+memset(password, 0, MAX_PASSWORD_LENGTH);

cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted-good.c

@@ -1,4 +1,3 @@
-char * password = malloc(PASSWORD_SIZE);
-// ... read and check password
-memset_s(password, PASSWORD_SIZE, 0, PASSWORD_SIZE);
-free(password);
+char password[MAX_PASSWORD_LENGTH];
+// read and verify password
+memset_s(password, MAX_PASSWORD_LENGTH, 0, MAX_PASSWORD_LENGTH);

cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.qhelp

@@ -36,6 +36,10 @@ longer needed:</p>
 CERT C Coding Standard:
 <a href="https://wiki.sei.cmu.edu/confluence/display/c/MSC06-C.+Beware+of+compiler+optimizations">MSC06-C. Beware of compiler optimizations</a>.
 </li>
+<li>
+USENIX: The Advanced Computing Systems Association:
+<a href="https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf">Dead Store Elimination (Still) Considered Harmfuls</a>
+</li>
 
 </references>
 </qhelp>