Merge pull request #13647 from purs3lab/uninitialized-local

C++: exclude uninitialized uses inside pure expression statements

cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql

@@ -72,6 +72,11 @@ VariableAccess commonException() {
   or
   result.getParent() instanceof BuiltInOperation
   or
+  // Ignore any uninitialized use that is explicitly cast to void and
+  // is an expression statement.
+  result.getActualType() instanceof VoidType and
+  result.getParent() instanceof ExprStmt
+  or
   // Finally, exclude functions that contain assembly blocks. It's
   // anyone's guess what happens in those.
   containsInlineAssembly(result.getEnclosingFunction())

cpp/ql/src/change-notes/2023-07-03-improve-uninitialized-local.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/uninitialized-local` query now excludes uninitialized uses that are explicitly cast to void and are expression statements. As a result, the query will report less false positives.