Merge pull request #5930 from MathiasVP/promote-incorrect-allocation-error-out

C++: Promote `cpp/incorrect-allocation-error-handling`

cpp/change-notes/2021-05-20-incorrect-allocation-error-handling.md

@@ -0,0 +1,2 @@
+lgtm
+* A new query (`cpp/incorrect-allocation-error-handling`) has been added. The query finds incorrect error-handling of calls to `operator new`. This query was originally [submitted as an experimental query by @ihsinme](https://github.com/github/codeql/pull/5010).

cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.cpp

@@ -21,7 +21,7 @@ void bad2(std::size_t length) noexcept {
   }
 }
 
-// GOOD: the allocation failure is handled appropiately.
+// GOOD: the allocation failure is handled appropriately.
 void good1(std::size_t length) noexcept {
   try {
     int* dest = new int[length];
@@ -32,7 +32,7 @@ void good1(std::size_t length) noexcept {
   }
 }
 
-// GOOD: the allocation failure is handled appropiately.
+// GOOD: the allocation failure is handled appropriately.
 void good2(std::size_t length) noexcept {
   int* dest = new int[length];
   if(!dest) {

cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql

@@ -1,6 +1,6 @@
 /**
  * @name Incorrect allocation-error handling
- * @description `operator new` throws an exception on allocation failures, while `operator new(std::nothrow)` returns a null pointer. Mixing up these two failure conditions can result in unexpected behavior.
+ * @description Mixing up the failure conditions of 'operator new' and 'operator new(std::nothrow)' can result in unexpected behavior.
  * @kind problem
  * @id cpp/incorrect-allocation-error-handling
  * @problem.severity warning

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-570/semmle/tests/IncorrectAllocationErrorHandling.qlref

@@ -1 +0,0 @@
-experimental/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql

cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.qlref

@@ -0,0 +1 @@
+Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql