From d224f85b243a066f34f3a699adeecd0227648482 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Thu, 11 Sep 2025 10:22:41 +0200
Subject: [PATCH 1/3] C++: Add uninitialized variable FP test

---
 .../semmle/tests/UninitializedLocal.expected  |  2 +
 .../semmle/tests/too_many_constants.cpp       | 42 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
index 6773f5aef942..2c2120b0443f 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
@@ -14,6 +14,7 @@ nodes
 | test.cpp:466:6:466:6 | definition of x | semmle.label | definition of x |
 | test.cpp:472:6:472:6 | definition of x | semmle.label | definition of x |
 | test.cpp:479:6:479:6 | definition of x | semmle.label | definition of x |
+| too_many_constants.cpp:32:9:32:9 | definition of m | semmle.label | definition of m |
 #select
 | errors.cpp:14:18:14:18 | x | errors.cpp:13:7:13:7 | definition of x | errors.cpp:13:7:13:7 | definition of x | The variable $@ may not be initialized at this access. | errors.cpp:13:7:13:7 | x | x |
 | test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
@@ -29,3 +30,4 @@ nodes
 | test.cpp:468:7:468:7 | x | test.cpp:466:6:466:6 | definition of x | test.cpp:466:6:466:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:466:6:466:6 | x | x |
 | test.cpp:475:2:475:2 | x | test.cpp:472:6:472:6 | definition of x | test.cpp:472:6:472:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:472:6:472:6 | x | x |
 | test.cpp:482:7:482:7 | x | test.cpp:479:6:479:6 | definition of x | test.cpp:479:6:479:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:479:6:479:6 | x | x |
+| too_many_constants.cpp:41:10:41:10 | m | too_many_constants.cpp:32:9:32:9 | definition of m | too_many_constants.cpp:32:9:32:9 | definition of m | The variable $@ may not be initialized at this access. | too_many_constants.cpp:32:9:32:9 | m | m |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
new file mode 100644
index 000000000000..c71680d8bb56
--- /dev/null
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
@@ -0,0 +1,42 @@
+struct S {
+  int a;
+  int b;
+  int c;
+  unsigned long *d;
+
+  union {
+    struct {
+      const char *e;
+      int f;
+      S *g;
+      const char *h;
+      int i;
+      bool j;
+      bool k;
+      const char *l;
+      char **m;
+    } n;
+
+    struct {
+      bool o;
+      bool p;
+    } q;
+  } r;
+};
+
+int too_many_constants_init(S *s);
+
+char *too_many_constants(const char *h, bool k, int i) {
+  const char *e = "";
+  char l[64] = "";
+  char *m;
+
+  S s[] = {
+      {.a = 0, .c = 0, .d = nullptr, .r = {.n = {.e = e, .f = 1, .g = nullptr, .h = h, .i = i, .j = false, .k = k, .l = l, .m = &m}}},
+      {.a = 0, .c = 0, .d = nullptr, .r = {.q = {.o = true, .p = true}}}
+  };
+
+  too_many_constants_init(s);
+
+  return m;
+}

From 2bc035cfcfc553827e877c4d6d9e6fab4066b164 Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Thu, 11 Sep 2025 10:24:51 +0200
Subject: [PATCH 2/3] C++: Update test results after extractor changes

---
 .../CWE/CWE-457/semmle/tests/UninitializedLocal.expected        | 2 --
 1 file changed, 2 deletions(-)

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
index 2c2120b0443f..6773f5aef942 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
@@ -14,7 +14,6 @@ nodes
 | test.cpp:466:6:466:6 | definition of x | semmle.label | definition of x |
 | test.cpp:472:6:472:6 | definition of x | semmle.label | definition of x |
 | test.cpp:479:6:479:6 | definition of x | semmle.label | definition of x |
-| too_many_constants.cpp:32:9:32:9 | definition of m | semmle.label | definition of m |
 #select
 | errors.cpp:14:18:14:18 | x | errors.cpp:13:7:13:7 | definition of x | errors.cpp:13:7:13:7 | definition of x | The variable $@ may not be initialized at this access. | errors.cpp:13:7:13:7 | x | x |
 | test.cpp:12:6:12:8 | foo | test.cpp:11:6:11:8 | definition of foo | test.cpp:11:6:11:8 | definition of foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
@@ -30,4 +29,3 @@ nodes
 | test.cpp:468:7:468:7 | x | test.cpp:466:6:466:6 | definition of x | test.cpp:466:6:466:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:466:6:466:6 | x | x |
 | test.cpp:475:2:475:2 | x | test.cpp:472:6:472:6 | definition of x | test.cpp:472:6:472:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:472:6:472:6 | x | x |
 | test.cpp:482:7:482:7 | x | test.cpp:479:6:479:6 | definition of x | test.cpp:479:6:479:6 | definition of x | The variable $@ may not be initialized at this access. | test.cpp:479:6:479:6 | x | x |
-| too_many_constants.cpp:41:10:41:10 | m | too_many_constants.cpp:32:9:32:9 | definition of m | too_many_constants.cpp:32:9:32:9 | definition of m | The variable $@ may not be initialized at this access. | too_many_constants.cpp:32:9:32:9 | m | m |

From 352610d651f02934d1e5e9faf897d8f4b7fd9c4a Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Fri, 12 Sep 2025 10:29:27 +0200
Subject: [PATCH 3/3] C++: Add `GOOD` annotation

---
 .../Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
index c71680d8bb56..2e794f387ce8 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/too_many_constants.cpp
@@ -38,5 +38,5 @@ char *too_many_constants(const char *h, bool k, int i) {
 
   too_many_constants_init(s);
 
-  return m;
+  return m; // GOOD - initialized by too_many_constants_init
 }