Merge pull request github#6471 from MathiasVP/fix-fp-in-incorrect-allocation-error-handling

geoffw0 · web-flow · commit 3f72a1abea32 · 2021-08-11T15:56:55.000+01:00
C++: Fix false-positive in 'cpp/incorrect-allocation-error-handling'
diff --git a/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql b/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
@@ -182,7 +182,7 @@ class ThrowingAllocator extends Function {
       // 3. the allocator isn't marked with `throw()` or `noexcept`.
       not exists(this.getBlock()) and
       not exists(Parameter p | p = this.getAParameter() |
-        p.getUnspecifiedType() instanceof NoThrowType
+        p.getUnspecifiedType().stripType() instanceof NoThrowType
       ) and
       not this.isNoExcept() and
       not this.isNoThrow()
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp
@@ -224,4 +224,12 @@ void good_new_catch_exception_in_conversion() {
   try {
     long* p = (long*) new int; // GOOD
   } catch(const std::bad_alloc&) { }
-}
+}
+
+// The 'n' parameter is just to distinquish it from the overload further up in this file.
+void *operator new(std::size_t, int n, const std::nothrow_t &);
+
+void test_operator_new_without_exception_spec() {
+  int* p = new(42, std::nothrow) int; // GOOD
+  if(p == nullptr) {}
+}
