From 1797b6c7f93f4d2ed672092f59c9e0b02af01cce Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Tue, 20 Apr 2021 10:39:26 +0200
Subject: [PATCH 1/2] C++: Add FP test from the work on smart pointers in
 dataflow.

---
 .../ReturnStackAllocatedMemory.expected       |  1 +
 .../ReturnStackAllocatedMemory/test.cpp       | 27 +++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
index 59a9ee1322c..d84bde030cf 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
@@ -6,3 +6,4 @@
 | test.cpp:112:2:112:12 | return ... | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
 | test.cpp:119:2:119:19 | return ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
 | test.cpp:171:3:171:24 | return ... | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |
+| test.cpp:217:3:217:13 | return ... | May return stack-allocated memory from $@. | test.cpp:216:14:216:17 | port | port |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index 03b202817ca..d39b7d1ee28 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -189,3 +189,30 @@ int *&conversionInFlow() {
   int *&pRef = p; // has conversion in the middle of data flow
   return pRef; // BAD [NOT DETECTED]
 }
+
+namespace std {
+	template<typename T>
+	class shared_ptr {
+	public:
+		shared_ptr() noexcept;
+		explicit shared_ptr(T*);
+		shared_ptr(const shared_ptr&) noexcept;
+		template<class U> shared_ptr(const shared_ptr<U>&) noexcept;
+		template<class U> shared_ptr(shared_ptr<U>&&) noexcept;
+
+		shared_ptr<T>& operator=(const shared_ptr<T>&) noexcept;
+		shared_ptr<T>& operator=(shared_ptr<T>&&) noexcept;
+
+		T& operator*() const noexcept;
+		T* operator->() const noexcept;
+
+		T* get() const noexcept;
+	};
+}
+
+auto make_read_port()
+{
+  auto port = std::shared_ptr<int>(new int);
+  auto ptr = port.get();
+  return ptr; // GOOD [FALSE POSITIVE]
+}
\ No newline at end of file

From 93e55e2631f5f661def6a0877c9b463276e11526 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Tue, 20 Apr 2021 13:58:12 +0200
Subject: [PATCH 2/2] C++: Fix FP in cpp/return-stack-allocated-memory.

---
 .../Memory Management/ReturnStackAllocatedMemory.ql          | 5 +++++
 .../ReturnStackAllocatedMemory.expected                      | 1 -
 .../Memory Management/ReturnStackAllocatedMemory/test.cpp    | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
index fc06ed0a500..f5dda53d484 100644
--- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
+++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
@@ -13,6 +13,7 @@
 
 import cpp
 import semmle.code.cpp.dataflow.EscapesTree
+import semmle.code.cpp.models.interfaces.PointerWrapper
 import semmle.code.cpp.dataflow.DataFlow
 
 /**
@@ -39,6 +40,10 @@ predicate hasNontrivialConversion(Expr e) {
     e instanceof ParenthesisExpr
   )
   or
+  // A smart pointer can be stack-allocated while the data it points to is heap-allocated.
+  // So we exclude such "conversions" from this predicate.
+  e = any(PointerWrapper wrapper).getAnUnwrapperFunction().getACallToThisFunction()
+  or
   hasNontrivialConversion(e.getConversion())
 }
 
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
index d84bde030cf..59a9ee1322c 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected	
@@ -6,4 +6,3 @@
 | test.cpp:112:2:112:12 | return ... | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
 | test.cpp:119:2:119:19 | return ... | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
 | test.cpp:171:3:171:24 | return ... | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |
-| test.cpp:217:3:217:13 | return ... | May return stack-allocated memory from $@. | test.cpp:216:14:216:17 | port | port |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index d39b7d1ee28..1ce2558a34f 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -214,5 +214,5 @@ auto make_read_port()
 {
   auto port = std::shared_ptr<int>(new int);
   auto ptr = port.get();
-  return ptr; // GOOD [FALSE POSITIVE]
+  return ptr; // GOOD
 }
\ No newline at end of file