C++: Add more test cases, inspired by FPs on LGTM with the query.

Author: geoffw0

cpp/ql/test/query-tests/Likely Bugs/Memory Management/ImproperNullTermination/ImproperNullTermination.expected

@@ -17,9 +17,13 @@
 | test.cpp:285:10:285:15 | buffer | Variable $@ may not be null terminated. | test.cpp:282:8:282:13 | buffer | buffer |
 | test.cpp:302:10:302:16 | buffer2 | Variable $@ may not be null terminated. | test.cpp:297:8:297:14 | buffer2 | buffer2 |
 | test.cpp:314:10:314:15 | buffer | Variable $@ may not be null terminated. | test.cpp:310:8:310:13 | buffer | buffer |
+| test.cpp:328:10:328:15 | buffer | Variable $@ may not be null terminated. | test.cpp:325:8:325:13 | buffer | buffer |
 | test.cpp:336:18:336:23 | buffer | Variable $@ may not be null terminated. | test.cpp:335:8:335:13 | buffer | buffer |
 | test.cpp:355:11:355:16 | buffer | Variable $@ may not be null terminated. | test.cpp:350:8:350:13 | buffer | buffer |
 | test.cpp:364:11:364:16 | buffer | Variable $@ may not be null terminated. | test.cpp:359:8:359:13 | buffer | buffer |
+| test.cpp:392:11:392:16 | buffer | Variable $@ may not be null terminated. | test.cpp:381:8:381:13 | buffer | buffer |
+| test.cpp:410:11:410:16 | buffer | Variable $@ may not be null terminated. | test.cpp:397:8:397:13 | buffer | buffer |
 | test.cpp:421:19:421:25 | buffer2 | Variable $@ may not be null terminated. | test.cpp:419:8:419:14 | buffer2 | buffer2 |
 | test.cpp:448:17:448:22 | buffer | Variable $@ may not be null terminated. | test.cpp:446:8:446:13 | buffer | buffer |
 | test.cpp:454:18:454:23 | buffer | Variable $@ may not be null terminated. | test.cpp:452:8:452:13 | buffer | buffer |
+| test.cpp:502:10:502:18 | after_ptr | Variable $@ may not be null terminated. | test.cpp:497:9:497:17 | after_ptr | after_ptr |

cpp/ql/test/query-tests/Likely Bugs/Memory Management/ImproperNullTermination/test.cpp

@@ -6,7 +6,7 @@ size_t strlen(const char *s);
 char *strcpy(char *s1, const char *s2);
 char *strcat(char *s1, const char *s2);
 char *strdup(const char *s1);
-
+long int strtol(const char* nptr, char** endptr, int base);
 void *malloc(size_t size);
 void *memset(void *s, int c, size_t n);
 void *memcpy(void *s1, const void *s2, size_t n);
@@ -226,7 +226,7 @@ void test_readlink(int fd, const char *path, size_t sz)
 void doNothing(char *data) { };
 void doNothing2(const char *data);
 void clearBuffer(char *data, size_t size);
-
+char *id(char *data) { return data; }
 
 void test_strcat()
 {
@@ -321,12 +321,12 @@ void test_strcat()
 		strcat(buffer, "content"); // GOOD
 	}
 
+	{
+		char buffer[1024];
 
-
-
-
-
-
+		clearBuffer(id(buffer), 1024);
+		strcat(buffer, "content"); // GOOD [FALSE POSITIVE]
+	}
 }
 
 void test_strlen(bool cond1, bool cond2)
@@ -364,52 +364,52 @@ void test_strlen(bool cond1, bool cond2)
 			strlen(buffer); // BAD
 	}
 
+	{
+		char buffer[1024];
 
+		if (cond1)
+		{
+			buffer[0] = 0;
+		} else {
+			buffer[0] = 0;
+		}
 
+		strlen(buffer); // GOOD
+	}
 
+	{
+		char buffer[1024];
+		int init = 0;
 
+		if (cond1)
+		{
+			buffer[0] = 0;
+			init = 1;
+		}
 
+		if (init != 0)
+		{
+			strlen(buffer); // GOOD [FALSE POSITIVE]
+		}
+	}
 
+	{
+		char buffer[1024];
+		int init = 0;
 
+		if (cond1)
+		{
+			buffer[0] = 0;
+			init = 1;
+		}
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+		if (init == 0)
+		{
+			// ...
+		} else {
+			strlen(buffer); // GOOD [FALSE POSITIVE]
+		}
+	}
 }
 
 void test_strcpy()
@@ -489,3 +489,16 @@ void test_read_fread(int read_src, FILE *s)
 		strlen(buffer); // GOOD
 	}
 }
+
+void test_strtol()
+{
+	{
+		char buffer[100];
+		char *after_ptr;
+		long int num;
+
+		strcpy(buffer, "123abc");
+		num = strtol("123abc", &after_ptr, 10);
+		strlen(after_ptr); // GOOD [FALSE POSITIVE]
+	}
+}