Merge branch 'main' into rb/diff-informed

github · Dec 20, 2024 · 0e100af · 0e100af
2 parents c9d17cc + d5571c5
commit 0e100af
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 3 deletions.
diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -6,7 +6,7 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.
 
 ## 1.2.7
 

diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
@@ -92,6 +92,8 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
     or
     node2.(PointerOffsetInstruction).getLeftOperand() = node1
   }
+
+  override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
 }
 
 from

diff --git a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
diff --git a/cpp/ql/src/change-notes/released/1.3.0.md b/cpp/ql/src/change-notes/released/1.3.0.md
@@ -6,4 +6,4 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
@@ -248,4 +248,5 @@ char* test_strdupa(const char* s) {
 void* test_strndupa(const char* s, size_t size) {
 	char* s2 = strndupa(s, size);
 	return s2; // BAD
-}
+}
+
diff --git a/...test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp b/...test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp
@@ -0,0 +1,16 @@
+// semmle-extractor-options: --expect_errors
+
+UNKNOWN_TYPE test_error_value() {
+	UNKNOWN_TYPE x;
+	return x; // GOOD: Error return type
+}
+
+void* test_error_pointer() {
+	UNKNOWN_TYPE x;
+	return &x; // BAD [FALSE NEGATIVE]
+}
+
+int* test_error_pointer_member() {
+	UNKNOWN_TYPE x;
+	return &x.y; // BAD [FALSE NEGATIVE]
+}
-Original file line number
+Diff line change
@@ Expand Up @@
         or
         node2.(PointerOffsetInstruction).getLeftOperand() = node1
       }
+      override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
     }
     from
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@

		### Minor Analysis Improvements

		* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
		* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.