C++: Add FP testcase with an 'new' that has a 'std::nothrow&' parameter, but not a 'noexcept' specifier. This case was previously not reported because of the 'noexcept' specifier, and apparently the 'std::nothrow' case was broken all along.

Author: MathiasVP

cpp/ql/test/query-tests/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.expected

@@ -16,3 +16,4 @@
 | test.cpp:151:9:151:24 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:152:15:152:18 | { ... } | This catch block |
 | test.cpp:199:15:199:35 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:201:16:201:19 | { ... } | This catch block |
 | test.cpp:212:14:212:34 | new | This allocation cannot throw. $@ is unnecessary. | test.cpp:213:34:213:36 | { ... } | This catch block |
+| test.cpp:233:12:233:36 | new | This allocation cannot return null. $@ is unnecessary. | test.cpp:234:6:234:17 | ... == ... | This check |

cpp/ql/test/query-tests/Security/CWE/CWE-570/test.cpp

@@ -224,4 +224,12 @@ void good_new_catch_exception_in_conversion() {
   try {
     long* p = (long*) new int; // GOOD
   } catch(const std::bad_alloc&) { }
-}
+}
+
+// The 'n' parameter is just to distinquish it from the overload further up in this file.
+void *operator new(std::size_t, int n, const std::nothrow_t &);
+
+void test_operator_new_without_exception_spec() {
+  int* p = new(42, std::nothrow) int; // GOOD [FALSE POSITIVE]
+  if(p == nullptr) {}
+}