C++: Add the examples to the test.

geoffw0 · geoffw0 · commit 4de43e1bfa0e · 2024-07-04T17:11:08.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.expected
@@ -16,3 +16,4 @@
 | test.cpp:151:9:151:24 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:152:15:152:18 | { ... } | This catch block |
 | test.cpp:199:15:199:35 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:201:16:201:19 | { ... } | This catch block |
 | test.cpp:212:14:212:34 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:213:34:213:36 | { ... } | This catch block |
+| test.cpp:246:17:246:31 | new[] | This allocation cannot return null. $@ is unnecessary. | test.cpp:247:8:247:12 | ! ... | This check |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp
@@ -233,3 +233,54 @@ void test_operator_new_without_exception_spec() {
   int* p = new(42, std::nothrow) int; // GOOD
   if(p == nullptr) {}
 }
+
+namespace std {
+  void *memset(void *s, int c, size_t n);
+}
+
+// from the qhelp:
+namespace qhelp {
+  // BAD: the allocation will throw an unhandled exception
+  // instead of returning a null pointer.
+  void bad1(std::size_t length) noexcept {
+    int* dest = new int[length];
+    if(!dest) {
+      return;
+    }
+    std::memset(dest, 0, length);
+    // ...
+  }
+
+  // BAD: the allocation won't throw an exception, but
+  // instead return a null pointer. [NOT DETECTED]
+  void bad2(std::size_t length) noexcept {
+    try {
+      int* dest = new(std::nothrow) int[length];
+      std::memset(dest, 0, length);
+      // ...
+    } catch(std::bad_alloc&) {
+      // ...
+    }
+  }
+
+  // GOOD: the allocation failure is handled appropriately.
+  void good1(std::size_t length) noexcept {
+    try {
+      int* dest = new int[length];
+      std::memset(dest, 0, length);
+      // ...
+    } catch(std::bad_alloc&) {
+      // ...
+    }
+  }
+
+  // GOOD: the allocation failure is handled appropriately.
+  void good2(std::size_t length) noexcept {
+    int* dest = new(std::nothrow) int[length];
+    if(!dest) {
+      return;
+    }
+    std::memset(dest, 0, length);
+    // ...
+  }
+}
