C++: Promote cpp/incorrect-allocation-error-handling out of experimental.

cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.expected

@@ -0,0 +1,18 @@
+| test.cpp:21:9:21:15 | new | This allocation cannot return null. $@ is unnecessary. | test.cpp:21:9:21:15 | new | This check |
+| test.cpp:29:13:29:24 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:30:7:30:13 | ... == ... | This check |
+| test.cpp:33:13:33:24 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:34:8:34:9 | p2 | This check |
+| test.cpp:37:13:37:24 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:38:7:38:16 | ... == ... | This check |
+| test.cpp:41:13:41:24 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:42:7:42:19 | ... == ... | This check |
+| test.cpp:45:13:45:24 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:46:7:46:8 | p5 | This check |
+| test.cpp:49:8:49:19 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:50:7:50:13 | ... == ... | This check |
+| test.cpp:53:8:53:19 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:54:8:54:9 | p7 | This check |
+| test.cpp:58:8:58:19 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:59:7:59:16 | ... == ... | This check |
+| test.cpp:63:8:63:19 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:64:7:64:19 | ... != ... | This check |
+| test.cpp:69:9:69:20 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:70:7:70:14 | ... != ... | This check |
+| test.cpp:75:11:75:22 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:76:13:76:15 | p11 | This check |
+| test.cpp:92:5:92:31 | new[] | This allocation cannot throw. $@ is unnecessary. | test.cpp:97:36:98:3 | { ... } | This catch block |
+| test.cpp:93:15:93:41 | new[] | This allocation cannot throw. $@ is unnecessary. | test.cpp:97:36:98:3 | { ... } | This catch block |
+| test.cpp:96:10:96:36 | new[] | This allocation cannot throw. $@ is unnecessary. | test.cpp:97:36:98:3 | { ... } | This catch block |
+| test.cpp:151:9:151:24 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:152:15:152:18 | { ... } | This catch block |
+| test.cpp:199:15:199:35 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:201:16:201:19 | { ... } | This catch block |
+| test.cpp:212:14:212:34 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:213:34:213:36 | { ... } | This catch block |

cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.qlref

@@ -0,0 +1 @@
+Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql

cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp

@@ -0,0 +1,227 @@
+#define NULL ((void *)0)
+
+namespace std {
+struct nothrow_t {};
+typedef unsigned long size_t;
+
+class exception {};
+class bad_alloc : public exception {};
+
+extern const std::nothrow_t nothrow;
+} // namespace std
+
+using namespace std;
+
+void *operator new(std::size_t);
+void *operator new[](std::size_t);
+void *operator new(std::size_t, const std::nothrow_t &) noexcept;
+void *operator new[](std::size_t, const std::nothrow_t &) noexcept;
+
+void bad_new_in_condition() {
+  if (!(new int)) { // BAD
+    return;
+  }
+}
+
+void foo(int**);
+
+void bad_new_missing_exception_handling() {
+  int *p1 = new int[100]; // BAD
+  if (p1 == 0)
+    return;
+
+  int *p2 = new int[100]; // BAD
+  if (!p2)
+    return;
+
+  int *p3 = new int[100]; // BAD
+  if (p3 == NULL)
+    return;
+
+  int *p4 = new int[100]; // BAD
+  if (p4 == nullptr)
+    return;
+
+  int *p5 = new int[100]; // BAD
+  if (p5) {} else return;
+
+  int *p6;
+  p6 = new int[100]; // BAD
+  if (p6 == 0) return;
+
+  int *p7;
+  p7 = new int[100]; // BAD
+  if (!p7)
+    return;
+
+  int *p8;
+  p8 = new int[100]; // BAD
+  if (p8 == NULL)
+    return;
+
+  int *p9;
+  p9 = new int[100]; // BAD
+  if (p9 != nullptr) {
+  } else
+    return;
+
+  int *p10;
+  p10 = new int[100]; // BAD
+  if (p10 != 0) {
+  }
+
+  int *p11;
+  do {
+    p11 = new int[100]; // BAD
+  } while (!p11);
+
+  int* p12 = new int[100];
+  foo(&p12);
+  if(p12) {} else return; // GOOD: p12 is probably modified in foo, so it's
+                          // not the return value of the new that's checked.
+
+  int* p13 = new int[100];
+  foo(&p13);
+  if(!p13) {
+      return;
+  } else { }; // GOOD: same as above.
+}
+
+void bad_new_nothrow_in_exception_body() {
+  try {
+    new (std::nothrow) int[100];           // BAD
+    int *p1 = new (std::nothrow) int[100]; // BAD
+
+    int *p2;
+    p2 = new (std::nothrow) int[100]; // BAD
+  } catch (const std::bad_alloc &) {
+  }
+}
+
+void good_new_has_exception_handling() {
+  try {
+    int *p1 = new int[100]; // GOOD
+  } catch (...) {
+  }
+}
+
+void good_new_handles_nullptr() {
+  int *p1 = new (std::nothrow) int[100]; // GOOD
+  if (p1 == nullptr)
+    return;
+
+  int *p2;
+  p2 = new (std::nothrow) int[100]; // GOOD
+  if (p2 == nullptr)
+    return;
+
+  int *p3;
+  p3 = new (std::nothrow) int[100]; // GOOD
+  if (p3 != nullptr) {
+  }
+
+  int *p4;
+  p4 = new (std::nothrow) int[100]; // GOOD
+  if (p4) {
+  } else
+    return;
+
+  int *p5;
+  p5 = new (std::nothrow) int[100]; // GOOD
+  if (p5 != nullptr) {
+  } else
+    return;
+
+  if (new (std::nothrow) int[100] == nullptr)
+    return; // GOOD
+}
+
+void* operator new(std::size_t count, void*) noexcept;
+void* operator new[](std::size_t count, void*) noexcept;
+
+struct Foo {
+  Foo() noexcept;
+  Foo(int);
+
+  operator bool();
+};
+
+void bad_placement_new_with_exception_handling() {
+  char buffer[1024];
+  try { new (buffer) Foo; } // BAD
+  catch (...) {  }
+}
+
+void good_placement_new_with_exception_handling() {
+  char buffer[1024];
+  try { new (buffer) Foo(42); } // GOOD: Foo constructor might throw
+  catch (...) {  }
+}
+
+int unknown_value_without_exceptions() noexcept;
+
+void may_throw() {
+  if(unknown_value_without_exceptions()) {
+    throw "bad luck exception!";
+  }
+}
+
+void unknown_code_that_may_throw(int*);
+void unknown_code_that_will_not_throw(int*) noexcept;
+
+void calls_throwing_code(int* p) {
+  if(unknown_value_without_exceptions()) unknown_code_that_may_throw(p);
+}
+
+void calls_non_throwing(int* p) {
+  if (unknown_value_without_exceptions()) unknown_code_that_will_not_throw(p);
+}
+
+void good_new_with_throwing_call() {
+  try {
+    int* p1 = new(std::nothrow) int; // GOOD
+    may_throw();
+  } catch(...) {  }
+
+  try {
+    int* p2 = new(std::nothrow) int; // GOOD
+    Foo f(10);
+  } catch(...) {  }
+
+  try {
+    int* p3 = new(std::nothrow) int; // GOOD
+    calls_throwing_code(p3);
+  } catch(...) {  }
+}
+
+void bad_new_with_nonthrowing_call() {
+  try {
+    int* p1 = new(std::nothrow) int; // BAD
+    calls_non_throwing(p1);
+  } catch(...) {  }
+
+  try {
+    int* p2 = new(std::nothrow) int; // GOOD: boolean conversion constructor might throw
+    Foo f;
+    if(f) { }
+  } catch(...) {  }
+}
+
+void bad_new_catch_baseclass_of_bad_alloc() {
+  try {
+    int* p = new(std::nothrow) int; // BAD
+  } catch(const std::exception&) { }
+}
+
+void good_new_catch_exception_in_assignment() {
+  int* p;
+  try {
+    p = new int; // GOOD
+  } catch(const std::bad_alloc&) { }
+}
+
+void good_new_catch_exception_in_conversion() {
+  try {
+    long* p = (long*) new int; // GOOD
+  } catch(const std::bad_alloc&) { }
+}