Skip to content

Commit eec2592

Browse files
MathiasVPMathiasVP
committed
C++: Add another FP test. We already have tests for this, but it doesn't hurt to have another one, I guess.
1 parent a756f86 commit eec2592

File tree

3 files changed

+25
-0
lines changed

3 files changed

+25
-0
lines changed

cpp/ql/test/query-tests/Critical/MemoryFreed/DoubleFree.expected

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,11 @@ edges
2828
| test_free.cpp:346:12:346:24 | *access to array [ptr] | test_free.cpp:346:26:346:28 | ptr | provenance | |
2929
| test_free.cpp:346:12:346:24 | *access to array [ptr] | test_free.cpp:346:26:346:28 | ptr | provenance | |
3030
| test_free.cpp:346:12:346:24 | *access to array [ptr] | test_free.cpp:346:26:346:28 | ptr | provenance | |
31+
| test_free.cpp:356:10:356:10 | *e [post update] [ec, a] | test_free.cpp:357:10:357:10 | *e [ec, a] | provenance | |
32+
| test_free.cpp:356:10:356:17 | *access to array [post update] [a] | test_free.cpp:356:10:356:10 | *e [post update] [ec, a] | provenance | |
33+
| test_free.cpp:356:10:356:19 | pointer to free output argument | test_free.cpp:356:10:356:17 | *access to array [post update] [a] | provenance | |
34+
| test_free.cpp:357:10:357:10 | *e [ec, a] | test_free.cpp:357:10:357:17 | *access to array [a] | provenance | |
35+
| test_free.cpp:357:10:357:17 | *access to array [a] | test_free.cpp:357:10:357:19 | a | provenance | |
3136
nodes
3237
| test_free.cpp:11:10:11:10 | pointer to free output argument | semmle.label | pointer to free output argument |
3338
| test_free.cpp:14:10:14:10 | a | semmle.label | a |
@@ -75,6 +80,12 @@ nodes
7580
| test_free.cpp:346:26:346:28 | ptr | semmle.label | ptr |
7681
| test_free.cpp:346:26:346:28 | ptr | semmle.label | ptr |
7782
| test_free.cpp:346:26:346:28 | ptr | semmle.label | ptr |
83+
| test_free.cpp:356:10:356:10 | *e [post update] [ec, a] | semmle.label | *e [post update] [ec, a] |
84+
| test_free.cpp:356:10:356:17 | *access to array [post update] [a] | semmle.label | *access to array [post update] [a] |
85+
| test_free.cpp:356:10:356:19 | pointer to free output argument | semmle.label | pointer to free output argument |
86+
| test_free.cpp:357:10:357:10 | *e [ec, a] | semmle.label | *e [ec, a] |
87+
| test_free.cpp:357:10:357:17 | *access to array [a] | semmle.label | *access to array [a] |
88+
| test_free.cpp:357:10:357:19 | a | semmle.label | a |
7889
subpaths
7990
#select
8091
| test_free.cpp:14:10:14:10 | a | test_free.cpp:11:10:11:10 | pointer to free output argument | test_free.cpp:14:10:14:10 | a | Memory pointed to by $@ may already have been freed by $@. | test_free.cpp:14:10:14:10 | a | a | test_free.cpp:11:5:11:8 | call to free | call to free |
@@ -97,3 +108,4 @@ subpaths
97108
| test_free.cpp:346:26:346:28 | ptr | test_free.cpp:343:26:343:28 | pointer to operator delete output argument | test_free.cpp:346:26:346:28 | ptr | Memory pointed to by $@ may already have been freed by $@. | test_free.cpp:346:26:346:28 | ptr | ptr | test_free.cpp:343:5:343:28 | delete | delete |
98109
| test_free.cpp:346:26:346:28 | ptr | test_free.cpp:344:26:344:28 | pointer to operator delete output argument | test_free.cpp:346:26:346:28 | ptr | Memory pointed to by $@ may already have been freed by $@. | test_free.cpp:346:26:346:28 | ptr | ptr | test_free.cpp:344:5:344:28 | delete | delete |
99110
| test_free.cpp:346:26:346:28 | ptr | test_free.cpp:345:26:345:28 | pointer to operator delete output argument | test_free.cpp:346:26:346:28 | ptr | Memory pointed to by $@ may already have been freed by $@. | test_free.cpp:346:26:346:28 | ptr | ptr | test_free.cpp:345:5:345:28 | delete | delete |
111+
| test_free.cpp:357:10:357:19 | a | test_free.cpp:356:10:356:19 | pointer to free output argument | test_free.cpp:357:10:357:19 | a | Memory pointed to by $@ may already have been freed by $@. | test_free.cpp:357:19:357:19 | a | a | test_free.cpp:356:5:356:8 | call to free | call to free |

cpp/ql/test/query-tests/Critical/MemoryFreed/MemoryFreed.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,8 @@
115115
| test_free.cpp:344:26:344:28 | ptr |
116116
| test_free.cpp:345:26:345:28 | ptr |
117117
| test_free.cpp:346:26:346:28 | ptr |
118+
| test_free.cpp:356:19:356:19 | a |
119+
| test_free.cpp:357:19:357:19 | a |
118120
| virtual.cpp:18:10:18:10 | a |
119121
| virtual.cpp:19:10:19:10 | c |
120122
| virtual.cpp:38:10:38:10 | b |

cpp/ql/test/query-tests/Critical/MemoryFreed/test_free.cpp

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -345,3 +345,14 @@ void test_array(PtrContainer *containers) {
345345
delete containers[2].ptr; // GOOD [FALSE POSITIVE]
346346
delete containers[2].ptr; // BAD (double free)
347347
}
348+
349+
struct E {
350+
struct EC {
351+
int* a;
352+
} ec[2];
353+
};
354+
355+
void test(E* e) {
356+
free(e->ec[0].a);
357+
free(e->ec[1].a); // GOOD [FALSE POSITIVE]
358+
}

0 commit comments

Comments
 (0)