C++: Add testcase demonstrating that the model for 'strncpy' is broken.

Author: MathiasVP

cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected

@@ -6591,6 +6591,20 @@
 | taint.cpp:702:4:702:6 | ... ++ | taint.cpp:703:8:703:8 | p | TAINT |
 | taint.cpp:702:10:702:11 | * ... | taint.cpp:702:3:702:11 | ... = ... |  |
 | taint.cpp:702:11:702:11 | s | taint.cpp:702:10:702:11 | * ... | TAINT |
+| taint.cpp:709:25:709:25 | d | taint.cpp:709:25:709:25 | d |  |
+| taint.cpp:709:25:709:25 | d | taint.cpp:711:10:711:10 | d |  |
+| taint.cpp:709:25:709:25 | d | taint.cpp:712:7:712:7 | d |  |
+| taint.cpp:709:34:709:34 | s | taint.cpp:709:34:709:34 | s |  |
+| taint.cpp:709:34:709:34 | s | taint.cpp:710:18:710:18 | s |  |
+| taint.cpp:709:34:709:34 | s | taint.cpp:711:13:711:13 | s |  |
+| taint.cpp:710:18:710:18 | ref arg s | taint.cpp:709:34:709:34 | s |  |
+| taint.cpp:710:18:710:18 | ref arg s | taint.cpp:711:13:711:13 | s |  |
+| taint.cpp:711:10:711:10 | d | taint.cpp:711:2:711:8 | call to strncpy |  |
+| taint.cpp:711:10:711:10 | ref arg d | taint.cpp:709:25:709:25 | d |  |
+| taint.cpp:711:10:711:10 | ref arg d | taint.cpp:712:7:712:7 | d |  |
+| taint.cpp:711:13:711:13 | s | taint.cpp:711:2:711:8 | call to strncpy | TAINT |
+| taint.cpp:711:13:711:13 | s | taint.cpp:711:10:711:10 | ref arg d | TAINT |
+| taint.cpp:712:7:712:7 | ref arg d | taint.cpp:709:25:709:25 | d |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 |  |
 | vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 |  |
 | vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v |  |

cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp

@@ -702,4 +702,12 @@ namespace strings {
 		*p++ = *s;
 		sink(p); // $ ast ir
 	}
+}
+
+char * strncpy (char *, const char *, unsigned long);
+
+void test_strncpy(char* d, char* s) {
+	argument_source(s);
+	strncpy(d, s, 16);
+	sink(d); // $ ast MISSING: ir
 }