C++: Add testcase demonstrating the fix from a8c57ec.

MathiasVP · MathiasVP · commit 2938ad5f8ff7 · 2021-06-23T23:01:49.000+02:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree.expected
@@ -7,3 +7,4 @@
 | test.cpp:170:6:170:9 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:165:2:165:5 | call to free | here |
 | test.cpp:193:6:193:9 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:191:3:191:6 | call to free | here |
 | test.cpp:201:6:201:6 | x | Memory pointed to by 'x' may have been previously freed $@ | test.cpp:200:2:200:9 | delete | here |
+| test.cpp:242:14:242:17 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:243:11:243:14 | call to free | here |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/test.cpp
@@ -234,3 +234,21 @@ void test17(int n, bool b) {
     use(data); // GOOD
   }
 }
+
+void test18(int* array) {
+	char* data = (char*)malloc(10 * sizeof(char));
+	for (int i = 0; i < 4; ++i) {
+  	int b = array[i];
+  	if(b) use(data); // BAD
+  	if(!b) free(data);
+	}
+}
+
+void test19(int* array) {
+	char* data = (char*)malloc(10 * sizeof(char));
+	int b = array[0];
+	for (int i = 0; i < 4; ++i) {
+  	if(b) use(data); // GOOD
+  	if(!b) free(data);
+	}
+}
