C++: Update MemoryNeverFreed.ql to exclude alloca (and use the new allocation model directly).

geoffw0 · geoffw0 · commit 9a944a947a4a · 2019-12-17T11:10:03.000Z
diff --git a/cpp/ql/src/Critical/MemoryFreed.qll b/cpp/ql/src/Critical/MemoryFreed.qll
@@ -1,14 +1,7 @@
 import semmle.code.cpp.pointsto.PointsTo
 
 private predicate freed(Expr e) {
-  exists(FunctionCall fc, Expr arg |
-    freeCall(fc, arg) and
-    arg = e
-  )
-  or
-  exists(DeleteExpr de | de.getExpr() = e)
-  or
-  exists(DeleteArrayExpr de | de.getExpr() = e)
+  e = any(DeallocationExpr de).getFreedExpr()
   or
   exists(ExprCall c |
     // cautiously assume that any ExprCall could be a freeCall.
@@ -22,7 +15,6 @@ class FreedExpr extends PointsToExpr {
   override predicate interesting() { freed(this) }
 }
 
-predicate allocMayBeFreed(Expr alloc) {
-  isAllocationExpr(alloc) and
+predicate allocMayBeFreed(AllocationExpr alloc) {
   anythingPointsTo(alloc)
 }
diff --git a/cpp/ql/src/Critical/MemoryNeverFreed.ql b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@@ -11,6 +11,9 @@
 
 import MemoryFreed
 
-from Expr alloc
-where isAllocationExpr(alloc) and not allocMayBeFreed(alloc)
+from AllocationExpr alloc
+where
+  alloc.requiresDealloc() and
+  not exists(alloc.(NewOrNewArrayExpr).getPlacementPointer()) and
+  not allocMayBeFreed(alloc)
 select alloc, "This memory is never freed"
