From 14cef6a20722e36ca0cdcdfe008add473183efe8 Mon Sep 17 00:00:00 2001
From: Calum Grant <calumgrant@github.com>
Date: Tue, 17 Dec 2024 15:58:39 +0000
Subject: [PATCH 1/6] C++: Fix FPs to cpp/return-stack-allocated-memory

---
 .../Memory Management/ReturnStackAllocatedMemory.ql      | 2 ++
 .../ReturnStackAllocatedMemory/test.cpp                  | 9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
index 02678beaf124..b87889103322 100644
--- a/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
+++ b/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql	
@@ -92,6 +92,8 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
     or
     node2.(PointerOffsetInstruction).getLeftOperand() = node1
   }
+
+  override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
 }
 
 from
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index 44afcd7ee5f8..e8f772968940 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -1,4 +1,4 @@
-// semmle-extractor-options: -std=c++14
+// semmle-extractor-options: -std=c++14 --expect_errors
 class MyClass
 {
 public:
@@ -248,4 +248,9 @@ char* test_strdupa(const char* s) {
 void* test_strndupa(const char* s, size_t size) {
 	char* s2 = strndupa(s, size);
 	return s2; // BAD
-}
\ No newline at end of file
+}
+
+UNKNOWN_TYPE test_error_type() {
+	UNKNOWN_TYPE x;
+	return x; // GOOD: Don't report error types
+}

From fabacebd4b3bf935ec2023f5bc7b9db92dd2ae91 Mon Sep 17 00:00:00 2001
From: Calum Grant <calumgrant@github.com>
Date: Wed, 18 Dec 2024 14:37:43 +0000
Subject: [PATCH 2/6] C++: Change note

---
 .../change-notes/2024-12-18-return-stack-allocated-memory.md  | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md

diff --git a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
new file mode 100644
index 000000000000..d9db04ae7259
--- /dev/null
+++ b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the type of the function.

From e067ac92a744e109d04885ebd209459c1cdc7daa Mon Sep 17 00:00:00 2001
From: Calum Grant <calumgrant@github.com>
Date: Thu, 19 Dec 2024 14:27:13 +0000
Subject: [PATCH 3/6] C++: Address review comments

---
 .../2024-12-18-return-stack-allocated-memory.md  |  2 +-
 .../ReturnStackAllocatedMemory/test.cpp          |  4 ----
 .../ReturnStackAllocatedMemory/test_errors.cpp   | 16 ++++++++++++++++
 3 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp

diff --git a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
index d9db04ae7259..76f5b9d7eaed 100644
--- a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
+++ b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the type of the function.
+* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression.
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index e8f772968940..06aa37bf03fa 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -250,7 +250,3 @@ void* test_strndupa(const char* s, size_t size) {
 	return s2; // BAD
 }
 
-UNKNOWN_TYPE test_error_type() {
-	UNKNOWN_TYPE x;
-	return x; // GOOD: Don't report error types
-}
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp
new file mode 100644
index 000000000000..be7e430cd3a6
--- /dev/null
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp	
@@ -0,0 +1,16 @@
+// semmle-extractor-options: --expect_errors
+
+UNKNOWN_TYPE test_error_value() {
+	UNKNOWN_TYPE x;
+	return x; // GOOD: Error return type
+}
+
+void* test_error_pointer() {
+	UNKNOWN_TYPE x;
+	return &x; // GOOD: Don't know what &x means
+}
+
+int* test_error_pointer_member() {
+	UNKNOWN_TYPE x;
+	return &x.y; // GOOD: Don't know what x.y means
+}

From 7abe7003dcf5d1f87fc9be51d3a9c38a8ce21661 Mon Sep 17 00:00:00 2001
From: Calum Grant <42069085+calumgrant@users.noreply.github.com>
Date: Thu, 19 Dec 2024 16:01:05 +0000
Subject: [PATCH 4/6] Update cpp/ql/test/query-tests/Likely Bugs/Memory
 Management/ReturnStackAllocatedMemory/test.cpp

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
---
 .../Memory Management/ReturnStackAllocatedMemory/test.cpp       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
index 06aa37bf03fa..abc21aa74d81 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp	
@@ -1,4 +1,4 @@
-// semmle-extractor-options: -std=c++14 --expect_errors
+// semmle-extractor-options: -std=c++14
 class MyClass
 {
 public:

From 3193fe856a84ba3d6e19cc3cdc82ec4c7146b8e1 Mon Sep 17 00:00:00 2001
From: Calum Grant <calumgrant@github.com>
Date: Fri, 20 Dec 2024 09:11:58 +0000
Subject: [PATCH 5/6] C++: Update comments

---
 .../ReturnStackAllocatedMemory/test_errors.cpp                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp
index be7e430cd3a6..4306d85157b8 100644
--- a/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp	
+++ b/cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test_errors.cpp	
@@ -7,10 +7,10 @@ UNKNOWN_TYPE test_error_value() {
 
 void* test_error_pointer() {
 	UNKNOWN_TYPE x;
-	return &x; // GOOD: Don't know what &x means
+	return &x; // BAD [FALSE NEGATIVE]
 }
 
 int* test_error_pointer_member() {
 	UNKNOWN_TYPE x;
-	return &x.y; // GOOD: Don't know what x.y means
+	return &x.y; // BAD [FALSE NEGATIVE]
 }

From 757d5d6e6d97bc095f3e23caba823e75263edf84 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Fri, 20 Dec 2024 11:18:26 +0100
Subject: [PATCH 6/6] C++: Remove duplicate word from change note

---
 cpp/ql/src/CHANGELOG.md                   | 2 +-
 cpp/ql/src/change-notes/released/1.3.0.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
index 74781fe0f872..db16fe6f8b35 100644
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -6,7 +6,7 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.
 
 ## 1.2.7
 
diff --git a/cpp/ql/src/change-notes/released/1.3.0.md b/cpp/ql/src/change-notes/released/1.3.0.md
index 1443206add85..a4aa8d193fe8 100644
--- a/cpp/ql/src/change-notes/released/1.3.0.md
+++ b/cpp/ql/src/change-notes/released/1.3.0.md
@@ -6,4 +6,4 @@
 
 ### Minor Analysis Improvements
 
-* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) query no longer produces results if the function has been implicitly declared.
+* The "Call to function with fewer arguments than declared parameters" query (`cpp/too-few-arguments`) no longer produces results if the function has been implicitly declared.