C++: Add a second example.

cpp/ql/src/Critical/DoubleFree.qhelp

@@ -31,6 +31,15 @@ Reviewing the code above, the issue can be fixed by simply deleting the additona
 not to free <code>new_buffer</code> as this pointer is returned by the function.
 </p>
 <sample src="DoubleFreeGood.cpp" />
+In the next example, <code>task</code> may be deleted twice, if an exception occurs inside the <code>try</code>
+block after the first <code>delete</code>:
+</p>
+<sample src="DoubleFreeBad2.cpp" />
+<p>
+The problem can be solved by assigning a null value to the pointer after the first <code>delete</code>, as
+calling <code>delete</code> a second time on the null pointer is harmless.
+</p>
+<sample src="DoubleFreeGood2.cpp" />
 </example>
 <references>
 

cpp/ql/src/Critical/DoubleFreeBad2.cpp

@@ -0,0 +1,16 @@
+void g() {
+	MyTask *task = NULL;
+
+	try
+	{
+		task = new MyTask;
+
+		...
+
+		delete task;
+
+		...
+	} catch (...) {
+		delete task; // BAD: potential double-free
+	}
+}

cpp/ql/src/Critical/DoubleFreeGood2.cpp

@@ -0,0 +1,17 @@
+void g() {
+	MyTask *task = NULL;
+
+	try
+	{
+		task = new MyTask;
+
+		...
+
+		delete task;
+		task = NULL;
+
+		...
+	} catch (...) {
+		delete task; // GOOD: harmless if task is NULL
+	}
+}