Merge pull request #846 from geoffw0/returnstack

CPP: Improve ReturnStackAllocatedMemory.ql
2026-05-05 21:55:19 +02:00 · 2019-02-21 22:04:53 +01:00
parent a0c12c46e5 c10c65cefe
commit 7649e8758b
5 changed files with 192 additions and 36 deletions
--- a/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
+++ b/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
@@ -0,0 +1,7 @@
+| test.cpp:17:2:17:12 | return ... | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
+| test.cpp:25:2:25:12 | return ... | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
+| test.cpp:47:2:47:11 | return ... | May return stack-allocated memory from $@. | test.cpp:47:9:47:10 | mc | mc |
+| test.cpp:54:2:54:16 | return ... | May return stack-allocated memory from $@. | test.cpp:54:11:54:12 | mc | mc |
+| test.cpp:92:2:92:12 | return ... | May return stack-allocated memory from $@. | test.cpp:89:10:89:11 | mc | mc |
+| test.cpp:112:2:112:12 | return ... | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
+| test.cpp:119:2:119:19 | return ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
--- a/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.qlref
+++ b/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.qlref
@@ -0,0 +1 @@
+Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
--- a/Management/ReturnStackAllocatedMemory/test.cpp
+++ b/Management/ReturnStackAllocatedMemory/test.cpp
@@ -0,0 +1,145 @@
+
+class MyClass
+{
+public:
+	int a, b;
+};
+
+MyClass makeMyClass()
+{
+	return { 0, 0 }; // GOOD
+}
+
+MyClass *test1()
+{
+	MyClass mc;
+
+	return &mc; // BAD
+}
+
+MyClass *test2()
+{
+	MyClass mc;
+	MyClass *ptr = &mc;
+
+	return ptr; // BAD
+}
+
+MyClass *test3()
+{
+	MyClass mc;
+	MyClass *ptr = &mc;
+	ptr = nullptr;
+	return ptr; // GOOD
+}
+
+MyClass *test4()
+{
+	MyClass mc;
+	MyClass &ref = mc;
+
+	return &ref; // BAD [NOT DETECTED]
+}
+
+MyClass &test5()
+{
+	MyClass mc;
+	return mc; // BAD
+}
+
+int *test6()
+{
+	MyClass mc;
+
+	return &(mc.a); // BAD
+}
+
+MyClass test7()
+{
+	MyClass mc;
+
+	return mc; // GOOD
+}
+
+MyClass *test8()
+{
+	MyClass *mc = new MyClass;
+
+	return mc; // GOOD
+}
+
+MyClass test9()
+{
+	return MyClass(); // GOOD
+}
+
+int test10()
+{
+	MyClass mc;
+
+	return mc.a; // GOOD
+}
+
+MyClass *test11()
+{
+	MyClass *ptr;
+
+	{
+		MyClass mc;
+		ptr = &mc;
+	}
+
+	return ptr; // BAD
+}
+
+MyClass *test12(MyClass *param)
+{
+	return param; // GOOD
+}
+
+MyClass *test13()
+{
+	static MyClass mc;
+	MyClass &ref = mc;
+
+	return &ref; // GOOD
+}
+
+char *testArray1()
+{
+	char arr[256];
+
+	return arr; // BAD
+}
+
+char *testArray2()
+{
+	char arr[256];
+
+	return &(arr[10]); // BAD
+}
+
+char testArray3()
+{
+	char arr[256];
+
+	return arr[10]; // GOOD
+}
+
+char *testArray4()
+{
+	char arr[256];
+	char *ptr;
+
+	ptr = arr + 1;
+	ptr++;
+
+	return ptr; // BAD [NOT DETECTED]
+}
+
+char *testArray5()
+{
+	static char arr[256];
+
+	return arr; // GOOD
+}
				`@@ -0,0 +1 @@`
				`Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql`