C++: Add some testcases that require path sensitivity.

MathiasVP · MathiasVP · commit d450aa2ce4de · 2021-06-03T18:02:29.000+02:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree.expected
@@ -7,3 +7,6 @@
 | test.cpp:170:6:170:9 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:165:2:165:5 | call to free | here |
 | test.cpp:193:6:193:9 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:191:3:191:6 | call to free | here |
 | test.cpp:201:6:201:6 | x | Memory pointed to by 'x' may have been previously freed $@ | test.cpp:200:2:200:9 | delete | here |
+| test.cpp:222:9:222:12 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:223:5:223:8 | call to free | here |
+| test.cpp:223:10:223:13 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:223:5:223:8 | call to free | here |
+| test.cpp:234:9:234:12 | data | Memory pointed to by 'data' may have been previously freed $@ | test.cpp:230:5:230:8 | call to free | here |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/test.cpp
@@ -213,3 +213,24 @@ void regression_test_for_static_var_handling()
 	data = (char *)malloc(100*sizeof(char));
 	use(data); // GOOD
 }
+
+void test16(int n, bool b) {
+  char* data = NULL;
+	for(int i = 0; i < n; ++i) {
+    if(b) data = (char*)malloc(10 * sizeof(char));
+    if(!b || data == NULL) return;
+    use(data); // GOOD [FALSE POSITIVE]
+    free(data); // GOOD [FALSE POSITIVE]
+  }
+}
+
+void test17(int n, bool b) {
+  char* data = (char*)malloc(10);
+  if(b) {
+    free(data);
+  }
+
+  if(!b) {
+    use(data); // GOOD [FALSE POSITIVE]
+  }
+}
