Merge branch 'main' into rb/diff-informed

asgerf · web-flow · commit 0e100af89e9c · 2024-12-20T13:30:18.000+01:00
diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -6,7 +6,7 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.
 
 ## 1.2.7
 
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
@@ -92,6 +92,8 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
     or
     node2.(PointerOffsetInstruction).getLeftOperand() = node1
   }
+
+  override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
 }
 
 from
diff --git a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
diff --git a/cpp/ql/src/change-notes/released/1.3.0.md b/cpp/ql/src/change-notes/released/1.3.0.md
@@ -6,4 +6,4 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
@@ -248,4 +248,5 @@ char* test_strdupa(const char* s) {
 void* test_strndupa(const char* s, size_t size) {
 	char* s2 = strndupa(s, size);
 	return s2; // BAD
-}
+}
+
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp
@@ -0,0 +1,16 @@
+// semmle-extractor-options: --expect_errors
+
+UNKNOWN_TYPE test_error_value() {
+	UNKNOWN_TYPE x;
+	return x; // GOOD: Error return type
+}
+
+void* test_error_pointer() {
+	UNKNOWN_TYPE x;
+	return &x; // BAD [FALSE NEGATIVE]
+}
+
+int* test_error_pointer_member() {
+	UNKNOWN_TYPE x;
+	return &x.y; // BAD [FALSE NEGATIVE]
+}

Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,8 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {`
`92`	`92`	`or`
`93`	`93`	`node2.(PointerOffsetInstruction).getLeftOperand() = node1`
`94`	`94`	`}`
	`95`	`+`
	`96`	`+ override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }`
`95`	`97`	`}`
`96`	`98`
`97`	`99`	`from`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,4 @@`
`6`	`6`
`7`	`7`	`### Minor Analysis Improvements`
`8`	`8`
`9`		-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
	`9`	+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.