Skip to content

C++: Add use-after-free FP tests #19397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 29, 2025
Merged

C++: Add use-after-free FP tests #19397

merged 1 commit into from
Apr 29, 2025
+50 −1

Conversation

jketema
Copy link
Contributor

@jketema jketema commented Apr 28, 2025

These derive from #19387. Note that these FPs are a known issue.

@github-actions github-actions bot added the C++ label Apr 28, 2025
@jketema jketema marked this pull request as ready for review April 28, 2025 12:42
@Copilot Copilot AI review requested due to automatic review settings April 28, 2025 12:42
@jketema jketema requested a review from a team as a code owner April 28, 2025 12:42
Copilot
Copilot AI reviewed Apr 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds tests for known false positives related to use-after-free issues in C++ code.

  • Removed an unused pointer variable in test9.
  • Introduced new structures and a function (malloc_after_free) to simulate use-after-free scenarios consistent with reported false positives.
Files not reviewed (1)
  • cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree/UseAfterFree.expected: Language not supported

cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseAfterFree/test.cpp
return;
}
use(s->i1.data); // GOOD [FALSE POSITIVE]

Copy link
Preview

Copilot AI Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s->i2 is dereferenced without a prior check for null, which could lead to a segmentation fault if s->i2 is not properly initialized. Consider adding a null check for s->i2 before dereferencing.

Suggested change
if (s->i2 == NULL) {
return;
}

Copilot uses AI. Check for mistakes.

@jketema jketema merged commit 966b746 into github:main Apr 29, 2025
9 checks passed
@jketema jketema deleted the use-after-free branch April 29, 2025 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@redsun82 redsun82 redsun82 approved these changes

Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jketema @redsun82