hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19

Browse Source
This commit is contained in:
Max Schaefer
2019-03-19 14:09:03 +00:00
parent a31794f20c 17e8b64f59
commit 6fbf487524
41 changed files with 538 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
View File

@@ -5,3 +5,5 @@
| test.cpp:92:2:92:12 | return ... | May return stack-allocated memory from $@. | test.cpp:89:10:89:11 | mc | mc |
| test.cpp:112:2:112:12 | return ... | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
| test.cpp:119:2:119:19 | return ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
| test.cpp:149:3:149:22 | return ... | May return stack-allocated memory from $@. | test.cpp:149:11:149:21 | threadLocal | threadLocal |
| test.cpp:171:3:171:24 | return ... | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |

46
cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
View File

@@ -143,3 +143,49 @@ char *testArray5()
return arr; // GOOD
}
int *returnThreadLocal() {
thread_local int threadLocal;
return &threadLocal; // GOOD [FALSE POSITIVE]
}
int returnDereferenced() {
int localInt = 2;
int &localRef = localInt;
return localRef; // GOOD
}
typedef unsigned long size_t;
void *memcpy(void *s1, const void *s2, size_t n);
char *returnAfterCopy() {
char localBuf[] = "Data";
static char staticBuf[sizeof(localBuf)];
memcpy(staticBuf, localBuf, sizeof(staticBuf));
return staticBuf; // GOOD
}
void *conversionBeforeDataFlow() {
int myLocal;
void *pointerToLocal = (void *)&myLocal; // has conversion
return pointerToLocal; // BAD
}
void *arrayConversionBeforeDataFlow() {
int localArray[4];
int *pointerToLocal = localArray; // has conversion
return pointerToLocal; // BAD [NOT DETECTED]
}
int &dataFlowThroughReference() {
int myLocal;
int &refToLocal = myLocal; // has conversion
return refToLocal; // BAD [NOT DETECTED]
}
int *&conversionInFlow() {
int myLocal;
int *p = &myLocal;
int *&pRef = p; // has conversion in the middle of data flow
return pRef; // BAD [NOT DETECTED]
}