From c514b1978654fee264822f113e13db50410ff410 Mon Sep 17 00:00:00 2001
From: Sungkeun Cho <scho@fb.com>
Date: Mon, 12 Feb 2018 03:59:32 -0800
Subject: [PATCH] [inferbo] Add new operator model

Reviewed By: jvillard

Differential Revision: D6960369

fbshipit-source-id: 55d74f5
---
 infer/src/bufferoverrun/bufferOverrunModels.ml       |  1 +
 .../tests/codetoanalyze/cpp/bufferoverrun/class.cpp  | 12 ++++++++++++
 .../tests/codetoanalyze/cpp/bufferoverrun/issues.exp |  1 +
 3 files changed, 14 insertions(+)

diff --git a/infer/src/bufferoverrun/bufferOverrunModels.ml b/infer/src/bufferoverrun/bufferOverrunModels.ml
index 22e1dc7d6..ed205872b 100644
--- a/infer/src/bufferoverrun/bufferOverrunModels.ml
+++ b/infer/src/bufferoverrun/bufferOverrunModels.ml
@@ -283,6 +283,7 @@ module Make (BoUtils : BufferOverrunUtils.S) = struct
         ; -"fgetc" <>--> by_value Dom.Val.Itv.m1_255
         ; -"infer_print" <>$ capt_exp $!--> infer_print
         ; -"malloc" <>$ capt_exp $+...$--> malloc
+        ; -"__new" <>$ capt_exp $+...$--> malloc
         ; -"__new_array" <>$ capt_exp $+...$--> malloc
         ; -"realloc" <>$ any_arg $+ capt_exp $+...$--> realloc
         ; -"__set_array_length" <>$ capt_arg $+ capt_exp $!--> set_array_length
diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp
index 86cb34ca7..64c7e0c3d 100644
--- a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp
+++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp
@@ -24,4 +24,16 @@ class my_class {
     int n = 10;
     return arr[id(n)];
   }
+
+  int access_nth(int n) { return arr[n]; }
 };
+
+void access_after_new_Good() {
+  my_class* x = new my_class();
+  x->access_nth(5);
+}
+
+void access_after_new_Bad() {
+  my_class* x = new my_class();
+  x->access_nth(15);
+}
diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp
index e049974db..e19f30405 100644
--- a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp
+++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp
@@ -1,3 +1,4 @@
+codetoanalyze/cpp/bufferoverrun/class.cpp, access_after_new_Bad, 2, BUFFER_OVERRUN_L1, [Call,ArrayAccess: Offset: [15, 15] Size: [10, 10] @ codetoanalyze/cpp/bufferoverrun/class.cpp:28:34 by call `my_class_access_nth()` ]
 codetoanalyze/cpp/bufferoverrun/class.cpp, my_class_access2_Bad, 2, BUFFER_OVERRUN_L1, [Call,Assignment,Call,Assignment,Return,ArrayAccess: Offset: [10, 10] Size: [10, 10]]
 codetoanalyze/cpp/bufferoverrun/class.cpp, my_class_access_Bad, 2, BUFFER_OVERRUN_L1, [Call,Call,Assignment,ArrayAccess: Offset: [10, 10] Size: [10, 10]]
 codetoanalyze/cpp/bufferoverrun/external.cpp, extern_bad, 5, BUFFER_OVERRUN_L5, [Assignment,ArrayAccess: Offset: [-oo, +oo] Size: [0, +oo]]