walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

CWE mapping of sizeofForArrayParameter, sizeofForPointer, sizeofDivisionMemfunc, sizeofwithnumericparameter, sizeofsizeof, sizeofCalculation, sizeofVoid, sizeofDereferencedVoidPointer, arithOperationsOnVoidPointer (#810)

This commit is contained in:
Roberto Martelloni 2016-07-08 08:06:55 +01:00 committed by PKEuS
parent a87b4368cb
commit 87372ccd58
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/checksizeof.cpp
View File

@ -33,7 +33,8 @@ namespace {
// CWE IDs used: // CWE IDs used:
static const struct CWE CWE398(398U); // Indicator of Poor Code Quality static const struct CWE CWE398(398U); // Indicator of Poor Code Quality
static const struct CWE CWE467(467U); // Use of sizeof() on a Pointer Type
static const struct CWE CWE682(682U); // Incorrect Calculation
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
void CheckSizeof::checkSizeofForNumericParameter() void CheckSizeof::checkSizeofForNumericParameter()
@ -60,7 +61,7 @@ void CheckSizeof::sizeofForNumericParameterError(const Token *tok)
"sizeofwithnumericparameter", "Suspicious usage of 'sizeof' with a numeric constant as parameter.\n" "sizeofwithnumericparameter", "Suspicious usage of 'sizeof' with a numeric constant as parameter.\n"
"It is unusual to use a constant value with sizeof. For example, 'sizeof(10)'" "It is unusual to use a constant value with sizeof. For example, 'sizeof(10)'"
" returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 10. 'sizeof('A')'" " returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 10. 'sizeof('A')'"
" and 'sizeof(char)' can return different results."); " and 'sizeof(char)' can return different results.", CWE682, false);
} }
@ -102,7 +103,7 @@ void CheckSizeof::sizeofForArrayParameterError(const Token *tok)
" return sizeof(a);\n" " return sizeof(a);\n"
" }\n" " }\n"
"returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 100 (the " "returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 100 (the "
"size of the array in bytes)." "size of the array in bytes).", CWE467, false
); );
} }
@ -235,13 +236,13 @@ void CheckSizeof::sizeofForPointerError(const Token *tok, const std::string &var
"Size of pointer '" + varname + "' used instead of size of its data.\n" "Size of pointer '" + varname + "' used instead of size of its data.\n"
"Size of pointer '" + varname + "' used instead of size of its data. " "Size of pointer '" + varname + "' used instead of size of its data. "
"This is likely to lead to a buffer overflow. You probably intend to " "This is likely to lead to a buffer overflow. You probably intend to "
"write 'sizeof(*" + varname + ")'."); "write 'sizeof(*" + varname + ")'.", CWE467, false);
} }
void CheckSizeof::divideBySizeofError(const Token *tok, const std::string &memfunc) void CheckSizeof::divideBySizeofError(const Token *tok, const std::string &memfunc)
{ {
reportError(tok, Severity::warning, "sizeofDivisionMemfunc", reportError(tok, Severity::warning, "sizeofDivisionMemfunc",
"Division by result of sizeof(). " + memfunc + "() expects a size in bytes, did you intend to multiply instead?"); "Division by result of sizeof(). " + memfunc + "() expects a size in bytes, did you intend to multiply instead?", CWE682, false);
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
@ -265,7 +266,7 @@ void CheckSizeof::sizeofsizeofError(const Token *tok)
"sizeofsizeof", "Calling 'sizeof' on 'sizeof'.\n" "sizeofsizeof", "Calling 'sizeof' on 'sizeof'.\n"
"Calling sizeof for 'sizeof looks like a suspicious code and " "Calling sizeof for 'sizeof looks like a suspicious code and "
"most likely there should be just one 'sizeof'. The current " "most likely there should be just one 'sizeof'. The current "
"code is equivalent to 'sizeof(size_t)'"); "code is equivalent to 'sizeof(size_t)'", CWE682, false);
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
@ -300,7 +301,7 @@ void CheckSizeof::sizeofCalculation()
void CheckSizeof::sizeofCalculationError(const Token *tok, bool inconclusive) void CheckSizeof::sizeofCalculationError(const Token *tok, bool inconclusive)
{ {
reportError(tok, Severity::warning, reportError(tok, Severity::warning,
"sizeofCalculation", "Found calculation inside sizeof().", CWE(0U), inconclusive); "sizeofCalculation", "Found calculation inside sizeof().", CWE682, inconclusive);
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
@ -379,19 +380,19 @@ void CheckSizeof::sizeofVoidError(const Token *tok)
{ {
const std::string message = "Behaviour of 'sizeof(void)' is not covered by the ISO C standard."; const std::string message = "Behaviour of 'sizeof(void)' is not covered by the ISO C standard.";
const std::string verbose = message + " A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1."; const std::string verbose = message + " A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1.";
reportError(tok, Severity::portability, "sizeofVoid", message + "\n" + verbose, CWE398, false); reportError(tok, Severity::portability, "sizeofVoid", message + "\n" + verbose, CWE682, false);
} }
void CheckSizeof::sizeofDereferencedVoidPointerError(const Token *tok, const std::string &varname) void CheckSizeof::sizeofDereferencedVoidPointerError(const Token *tok, const std::string &varname)
{ {
const std::string message = "'*" + varname + "' is of type 'void', the behaviour of 'sizeof(void)' is not covered by the ISO C standard."; const std::string message = "'*" + varname + "' is of type 'void', the behaviour of 'sizeof(void)' is not covered by the ISO C standard.";
const std::string verbose = message + " A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1."; const std::string verbose = message + " A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1.";
reportError(tok, Severity::portability, "sizeofDereferencedVoidPointer", message + "\n" + verbose); reportError(tok, Severity::portability, "sizeofDereferencedVoidPointer", message + "\n" + verbose, CWE682, false);
} }
void CheckSizeof::arithOperationsOnVoidPointerError(const Token* tok, const std::string &varname, const std::string &vartype) void CheckSizeof::arithOperationsOnVoidPointerError(const Token* tok, const std::string &varname, const std::string &vartype)
{ {
const std::string message = "'" + varname + "' is of type '" + vartype + "'. When using void pointers in calculations, the behaviour is undefined."; const std::string message = "'" + varname + "' is of type '" + vartype + "'. When using void pointers in calculations, the behaviour is undefined.";
const std::string verbose = message + " Arithmetic operations on 'void *' is a GNU C extension, which defines the 'sizeof(void)' to be 1."; const std::string verbose = message + " Arithmetic operations on 'void *' is a GNU C extension, which defines the 'sizeof(void)' to be 1.";
reportError(tok, Severity::portability, "arithOperationsOnVoidPointer", message + "\n" + verbose); reportError(tok, Severity::portability, "arithOperationsOnVoidPointer", message + "\n" + verbose, CWE467, false);
} }