C++: Add ComPtr tests.

MathiasVP · MathiasVP · commit 6f64129b0441 · 2025-08-27T14:05:13.000+02:00
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -1241,4 +1241,134 @@ namespace ATL {
     sink(static_cast<CStrBufT<char>::PCXSTR>(b)); // $ ir
     sink(static_cast<CStrBufT<char>::PXSTR>(b)); // $ ir
   }
+}
+
+namespace Microsoft {
+  namespace WRL {
+  template <typename T>
+  class ComPtr;
+
+  struct GUID;
+
+  typedef GUID IID;
+
+  typedef IID *REFIID;
+
+  class IUnknown;
+
+  class WeakRef;
+
+  template <typename T>
+  class ComPtr
+  {
+  public:
+    using InterfaceType = T;
+
+    ComPtr();
+    ComPtr(const ComPtr &);
+    ComPtr(&&other);
+
+    template <typename U>
+    ComPtr(U *);
+
+    ~ComPtr();
+
+    template <typename U>
+    HRESULT As(ComPtr<U> *p) const;
+
+    HRESULT AsWeak(WeakRef *);
+
+    void Attach(InterfaceType *);
+
+    HRESULT CopyTo(InterfaceType **);
+
+    HRESULT CopyTo(REFIID, void **) const;
+
+    template <typename U>
+    HRESULT CopyTo(U **) const;
+
+    T *Detach();
+
+    T *Get() const;
+
+    T *const *GetAddressOf() const;
+    T **GetAddressOf();
+
+    T **ReleaseAndGetAddressOf();
+
+    unsigned long Reset();
+
+    void Swap(ComPtr &&r);
+
+    void Swap(ComPtr &r);
+  };
+
+  }
+}
+
+namespace std {
+  template<class T> T&& move(T& t) noexcept; // simplified signature
+}
+
+void test_constructor()
+{
+  Microsoft::WRL::ComPtr<int> p0;
+  sink(*p0.Get()); // clean
+
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  sink(*p1.Get()); // $ MISSING: ast,ir
+  sink(*p1.Detach()); // $ MISSING: ast,ir
+
+  Microsoft::WRL::ComPtr<int> p2(p1);
+  sink(*p2.Get()); // $ MISSING: ast,ir
+
+  Microsoft::WRL::ComPtr<int> p3(std::move(p1));
+  sink(*p3.Get()); // $ MISSING: ast,ir
+}
+
+void test_As()
+{
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  Microsoft::WRL::ComPtr<int> p2;
+  p1.As(&p2);
+  sink(*p2.Get()); // $ MISSING: ast,ir
+}
+
+void test_CopyTo()
+{
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  int *raw = nullptr;
+  p1.CopyTo(&raw);
+  sink(*raw); // $ MISSING: ast,ir
+
+  Microsoft::WRL::ComPtr<int> p2;
+  p1.CopyTo(nullptr, (void**)&raw);
+  sink(*raw); // $ MISSING: ast,ir
+}
+
+void test_Swap()
+{
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  Microsoft::WRL::ComPtr<int> p2;
+  p1.Swap(p2);
+  sink(*p2.Get()); // $ MISSING: ast,ir
+  sink(*p1.Get()); // clean
+}
+
+void test_GetAddressOf()
+{
+  int x = source<int>();
+  Microsoft::WRL::ComPtr<int> p1(new int(x));
+  sink(**p1.GetAddressOf()); // $ MISSING: ast,ir
+ 
+  const Microsoft::WRL::ComPtr<int> p2(new int(x));
+  sink(**p2.GetAddressOf()); // $ MISSING: ast,ir
+
+  Microsoft::WRL::ComPtr<int> p3(new int(x));
+  int **pp = p3.ReleaseAndGetAddressOf();
+  sink(**pp); // $ MISSING: ast,ir
 }
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
@@ -1278,6 +1278,118 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future
 | atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1241:46:1241:46 | b |  |
 | atl.cpp:1240:22:1240:30 | call to CStrBufT | atl.cpp:1242:45:1242:45 | b |  |
 | atl.cpp:1241:46:1241:46 | ref arg b | atl.cpp:1242:45:1242:45 | b |  |
+| atl.cpp:1315:31:1315:32 | call to ComPtr | atl.cpp:1316:9:1316:10 | p0 |  |
+| atl.cpp:1315:31:1315:32 | call to ComPtr | atl.cpp:1328:1:1328:1 | p0 |  |
+| atl.cpp:1316:9:1316:10 | ref arg p0 | atl.cpp:1328:1:1328:1 | p0 |  |
+| atl.cpp:1316:12:1316:14 | call to Get | atl.cpp:1316:8:1316:16 | * ... | TAINT |
+| atl.cpp:1318:11:1318:21 | call to source | atl.cpp:1319:42:1319:42 | x |  |
+| atl.cpp:1319:34:1319:43 | new | atl.cpp:1319:34:1319:44 | call to ComPtr | TAINT |
+| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1320:9:1320:10 | p1 |  |
+| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1321:9:1321:10 | p1 |  |
+| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1323:34:1323:35 | p1 |  |
+| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1326:44:1326:45 | p1 |  |
+| atl.cpp:1319:34:1319:44 | call to ComPtr | atl.cpp:1328:1:1328:1 | p1 |  |
+| atl.cpp:1319:42:1319:42 | x | atl.cpp:1319:34:1319:43 | new |  |
+| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1321:9:1321:10 | p1 |  |
+| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1323:34:1323:35 | p1 |  |
+| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1326:44:1326:45 | p1 |  |
+| atl.cpp:1320:9:1320:10 | ref arg p1 | atl.cpp:1328:1:1328:1 | p1 |  |
+| atl.cpp:1320:12:1320:14 | call to Get | atl.cpp:1320:8:1320:16 | * ... | TAINT |
+| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1323:34:1323:35 | p1 |  |
+| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1326:44:1326:45 | p1 |  |
+| atl.cpp:1321:9:1321:10 | ref arg p1 | atl.cpp:1328:1:1328:1 | p1 |  |
+| atl.cpp:1321:12:1321:17 | call to Detach | atl.cpp:1321:8:1321:19 | * ... | TAINT |
+| atl.cpp:1323:34:1323:35 | p1 | atl.cpp:1323:34:1323:36 | call to ComPtr |  |
+| atl.cpp:1323:34:1323:36 | call to ComPtr | atl.cpp:1324:9:1324:10 | p2 |  |
+| atl.cpp:1323:34:1323:36 | call to ComPtr | atl.cpp:1328:1:1328:1 | p2 |  |
+| atl.cpp:1324:9:1324:10 | ref arg p2 | atl.cpp:1328:1:1328:1 | p2 |  |
+| atl.cpp:1324:12:1324:14 | call to Get | atl.cpp:1324:8:1324:16 | * ... | TAINT |
+| atl.cpp:1326:34:1326:42 | call to move | atl.cpp:1326:34:1326:47 | call to ComPtr | TAINT |
+| atl.cpp:1326:34:1326:47 | call to ComPtr | atl.cpp:1327:9:1327:10 | p3 |  |
+| atl.cpp:1326:34:1326:47 | call to ComPtr | atl.cpp:1328:1:1328:1 | p3 |  |
+| atl.cpp:1326:44:1326:45 | p1 | atl.cpp:1326:34:1326:42 | call to move | TAINT |
+| atl.cpp:1326:44:1326:45 | p1 | atl.cpp:1326:34:1326:47 | call to ComPtr |  |
+| atl.cpp:1327:9:1327:10 | ref arg p3 | atl.cpp:1328:1:1328:1 | p3 |  |
+| atl.cpp:1327:12:1327:14 | call to Get | atl.cpp:1327:8:1327:16 | * ... | TAINT |
+| atl.cpp:1332:11:1332:21 | call to source | atl.cpp:1333:42:1333:42 | x |  |
+| atl.cpp:1333:34:1333:43 | new | atl.cpp:1333:34:1333:44 | call to ComPtr | TAINT |
+| atl.cpp:1333:34:1333:44 | call to ComPtr | atl.cpp:1335:3:1335:4 | p1 |  |
+| atl.cpp:1333:34:1333:44 | call to ComPtr | atl.cpp:1337:1:1337:1 | p1 |  |
+| atl.cpp:1333:42:1333:42 | x | atl.cpp:1333:34:1333:43 | new |  |
+| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1335:10:1335:11 | p2 |  |
+| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1336:9:1336:10 | p2 |  |
+| atl.cpp:1334:31:1334:32 | call to ComPtr | atl.cpp:1337:1:1337:1 | p2 |  |
+| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1335:10:1335:11 | p2 [inner post update] |  |
+| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1336:9:1336:10 | p2 |  |
+| atl.cpp:1335:9:1335:11 | ref arg & ... | atl.cpp:1337:1:1337:1 | p2 |  |
+| atl.cpp:1335:10:1335:11 | p2 | atl.cpp:1335:9:1335:11 | & ... |  |
+| atl.cpp:1336:9:1336:10 | ref arg p2 | atl.cpp:1337:1:1337:1 | p2 |  |
+| atl.cpp:1336:12:1336:14 | call to Get | atl.cpp:1336:8:1336:16 | * ... | TAINT |
+| atl.cpp:1341:11:1341:21 | call to source | atl.cpp:1342:42:1342:42 | x |  |
+| atl.cpp:1342:34:1342:43 | new | atl.cpp:1342:34:1342:44 | call to ComPtr | TAINT |
+| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1344:3:1344:4 | p1 |  |
+| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1348:3:1348:4 | p1 |  |
+| atl.cpp:1342:34:1342:44 | call to ComPtr | atl.cpp:1350:1:1350:1 | p1 |  |
+| atl.cpp:1342:42:1342:42 | x | atl.cpp:1342:34:1342:43 | new |  |
+| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1344:14:1344:16 | raw |  |
+| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1345:9:1345:11 | raw |  |
+| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1348:31:1348:33 | raw |  |
+| atl.cpp:1343:14:1343:20 | 0 | atl.cpp:1349:9:1349:11 | raw |  |
+| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1348:3:1348:4 | p1 |  |
+| atl.cpp:1344:3:1344:4 | ref arg p1 | atl.cpp:1350:1:1350:1 | p1 |  |
+| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1344:14:1344:16 | raw [inner post update] |  |
+| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1345:9:1345:11 | raw |  |
+| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw |  |
+| atl.cpp:1344:13:1344:16 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
+| atl.cpp:1344:14:1344:16 | raw | atl.cpp:1344:13:1344:16 | & ... |  |
+| atl.cpp:1345:9:1345:11 | raw | atl.cpp:1345:8:1345:11 | * ... | TAINT |
+| atl.cpp:1347:31:1347:32 | call to ComPtr | atl.cpp:1350:1:1350:1 | p2 |  |
+| atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1348:31:1348:33 | raw [inner post update] |  |
+| atl.cpp:1348:30:1348:33 | ref arg & ... | atl.cpp:1349:9:1349:11 | raw |  |
+| atl.cpp:1348:31:1348:33 | raw | atl.cpp:1348:30:1348:33 | & ... |  |
+| atl.cpp:1349:9:1349:11 | raw | atl.cpp:1349:8:1349:11 | * ... | TAINT |
+| atl.cpp:1354:11:1354:21 | call to source | atl.cpp:1355:42:1355:42 | x |  |
+| atl.cpp:1355:34:1355:43 | new | atl.cpp:1355:34:1355:44 | call to ComPtr | TAINT |
+| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1357:3:1357:4 | p1 |  |
+| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1359:9:1359:10 | p1 |  |
+| atl.cpp:1355:34:1355:44 | call to ComPtr | atl.cpp:1360:1:1360:1 | p1 |  |
+| atl.cpp:1355:42:1355:42 | x | atl.cpp:1355:34:1355:43 | new |  |
+| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1357:11:1357:12 | p2 |  |
+| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1358:9:1358:10 | p2 |  |
+| atl.cpp:1356:31:1356:32 | call to ComPtr | atl.cpp:1360:1:1360:1 | p2 |  |
+| atl.cpp:1357:3:1357:4 | ref arg p1 | atl.cpp:1359:9:1359:10 | p1 |  |
+| atl.cpp:1357:3:1357:4 | ref arg p1 | atl.cpp:1360:1:1360:1 | p1 |  |
+| atl.cpp:1357:11:1357:12 | ref arg p2 | atl.cpp:1358:9:1358:10 | p2 |  |
+| atl.cpp:1357:11:1357:12 | ref arg p2 | atl.cpp:1360:1:1360:1 | p2 |  |
+| atl.cpp:1358:9:1358:10 | ref arg p2 | atl.cpp:1360:1:1360:1 | p2 |  |
+| atl.cpp:1358:12:1358:14 | call to Get | atl.cpp:1358:8:1358:16 | * ... | TAINT |
+| atl.cpp:1359:9:1359:10 | ref arg p1 | atl.cpp:1360:1:1360:1 | p1 |  |
+| atl.cpp:1359:12:1359:14 | call to Get | atl.cpp:1359:8:1359:16 | * ... | TAINT |
+| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1365:42:1365:42 | x |  |
+| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1368:48:1368:48 | x |  |
+| atl.cpp:1364:11:1364:21 | call to source | atl.cpp:1371:42:1371:42 | x |  |
+| atl.cpp:1365:34:1365:43 | new | atl.cpp:1365:34:1365:44 | call to ComPtr | TAINT |
+| atl.cpp:1365:34:1365:44 | call to ComPtr | atl.cpp:1366:10:1366:11 | p1 |  |
+| atl.cpp:1365:34:1365:44 | call to ComPtr | atl.cpp:1374:1:1374:1 | p1 |  |
+| atl.cpp:1365:42:1365:42 | x | atl.cpp:1365:34:1365:43 | new |  |
+| atl.cpp:1366:9:1366:26 | * ... | atl.cpp:1366:8:1366:26 | * ... | TAINT |
+| atl.cpp:1366:10:1366:11 | ref arg p1 | atl.cpp:1374:1:1374:1 | p1 |  |
+| atl.cpp:1366:13:1366:24 | call to GetAddressOf | atl.cpp:1366:9:1366:26 | * ... | TAINT |
+| atl.cpp:1368:40:1368:49 | new | atl.cpp:1368:40:1368:50 | call to ComPtr | TAINT |
+| atl.cpp:1368:40:1368:50 | call to ComPtr | atl.cpp:1369:10:1369:11 | p2 |  |
+| atl.cpp:1368:40:1368:50 | call to ComPtr | atl.cpp:1374:1:1374:1 | p2 |  |
+| atl.cpp:1368:48:1368:48 | x | atl.cpp:1368:40:1368:49 | new |  |
+| atl.cpp:1369:9:1369:26 | * ... | atl.cpp:1369:8:1369:26 | * ... | TAINT |
+| atl.cpp:1369:10:1369:11 | ref arg p2 | atl.cpp:1374:1:1374:1 | p2 |  |
+| atl.cpp:1369:13:1369:24 | call to GetAddressOf | atl.cpp:1369:9:1369:26 | * ... | TAINT |
+| atl.cpp:1371:34:1371:43 | new | atl.cpp:1371:34:1371:44 | call to ComPtr | TAINT |
+| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1372:14:1372:15 | p3 |  |
+| atl.cpp:1371:34:1371:44 | call to ComPtr | atl.cpp:1374:1:1374:1 | p3 |  |
+| atl.cpp:1371:42:1371:42 | x | atl.cpp:1371:34:1371:43 | new |  |
+| atl.cpp:1372:14:1372:15 | ref arg p3 | atl.cpp:1374:1:1374:1 | p3 |  |
+| atl.cpp:1372:17:1372:38 | call to ReleaseAndGetAddressOf | atl.cpp:1373:10:1373:11 | pp |  |
+| atl.cpp:1373:9:1373:11 | * ... | atl.cpp:1373:8:1373:11 | * ... | TAINT |
+| atl.cpp:1373:10:1373:11 | pp | atl.cpp:1373:9:1373:11 | * ... | TAINT |
 | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr |  |
 | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr |  |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected
@@ -5567,6 +5567,8 @@ signatureMatches
 | atl.cpp:1231:5:1231:12 | CStrBufT | (const char *,const char *,unsigned long) |  | __ngettext | 2 |
 | atl.cpp:1231:5:1231:12 | CStrBufT | (unsigned char *,int,unsigned long) |  | UTF8_putc | 1 |
 | atl.cpp:1231:5:1231:12 | CStrBufT | (unsigned char *,int,unsigned long) |  | UTF8_putc | 2 |
+| atl.cpp:1285:13:1285:18 | CopyTo | (Curl_easy *,void **) |  | Curl_resolver_init | 1 |
+| atl.cpp:1285:13:1285:18 | CopyTo | (size_t,void **) |  | __libc_alloc_buffer_allocate | 1 |
 | bsd.cpp:12:5:12:10 | accept | (CURLM *,curl_socket_t,int *) |  | curl_multi_socket | 2 |
 | bsd.cpp:12:5:12:10 | accept | (Curl_easy *,ssize_t *,int *) |  | Curl_GetFTPResponse | 2 |
 | bsd.cpp:12:5:12:10 | accept | (EVP_CIPHER_CTX *,unsigned char *,int *) |  | EVP_CipherFinal | 2 |
@@ -46404,6 +46406,16 @@ getParameterTypeName
 | atl.cpp:1231:5:1231:12 | CStrBufT | 1 | int |
 | atl.cpp:1231:5:1231:12 | CStrBufT | 2 | DWORD |
 | atl.cpp:1231:5:1231:12 | CStrBufT | 2 | unsigned long |
+| atl.cpp:1268:5:1268:10 | ComPtr | 0 | const ComPtr & |
+| atl.cpp:1272:5:1272:10 | ComPtr | 0 | func:0 * |
+| atl.cpp:1277:13:1277:14 | As | 0 | ComPtr * |
+| atl.cpp:1283:13:1283:18 | CopyTo | 0 | Interfaceclass:0ype ** |
+| atl.cpp:1283:13:1283:18 | CopyTo | 0 | class:0 ** |
+| atl.cpp:1285:13:1285:18 | CopyTo | 0 | GUID * |
+| atl.cpp:1285:13:1285:18 | CopyTo | 0 | REFIID |
+| atl.cpp:1285:13:1285:18 | CopyTo | 1 | void ** |
+| atl.cpp:1303:10:1303:13 | Swap | 0 | ComPtr & |
+| atl.cpp:1310:25:1310:28 | move | 0 | func:0 & |
 | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & |
 | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && |
 | bsd.cpp:12:5:12:10 | accept | 0 | int |
