9653760547
CheckBufferOverrun: Improved CTU analysis for array
2019-03-23 11:20:35 +01:00
15fc9a622d
CheckBufferOverrun: Add CTU analysis
2019-03-23 08:36:10 +01:00
031362ae01
CheckBufferOverrun: Fix false positive
2019-03-19 21:07:08 +01:00
a0e58f0039
Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
...
This reverts commit 9d1755f449
2019-03-19 13:16:22 +01:00
9d1755f449
Revert "CheckBufferOverrun: Handle multidimensional arrays"
...
This reverts commit e98a4a6f14
2019-03-19 13:13:29 +01:00
e98a4a6f14
CheckBufferOverrun: Handle multidimensional arrays
2019-03-19 09:29:32 +01:00
03f8535c71
Better multiline warning when there is buffer overflow
2019-03-17 20:12:02 +01:00
3c85d8a8ac
ValueFlow: Better info for buffer size values
2019-03-17 19:02:36 +01:00
0771929518
Buffer overflow: Handling of dynamically allocated buffer
2019-03-17 13:40:56 +01:00
92f4113b59
Array index: Checking array index out of bounds for dynamic buffers
2019-03-17 13:09:15 +01:00
ebef16b8a3
Travis: Try to remove temporary fix
2019-03-16 18:29:02 +01:00
e9d29e826f
Travis: Temporarily comment out failing test
2019-03-16 09:48:32 +01:00
fb2198fd6b
Travis: Try to fix test
2019-03-16 09:28:00 +01:00
f40a80c349
Use 'normal' checking instead of 'simplified'
2019-03-16 07:19:48 +01:00
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
4b37f276c2
ValueFlow: Set arrays to true when converting to a boolean
...
This sets it by checking the parent. It doesn't handle function parameters yet.
2019-01-21 20:05:35 +01:00
8dd641b8be
Use OVERRIDE in test
2019-01-12 15:45:25 +01:00
bc34f0239d
Disable the subfunction value flow analysis. It does not work well and needs to be rewritten. There are false positives.
2018-12-18 14:36:49 +01:00
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
acb0b9f07e
Ticket #8679 : Add support for C++11 thread_local and GCC's (among others) __thread extension. ( #1351 )
2018-08-26 19:46:36 +02:00
42a65c5160
Fix crash bug #8579 ( #1238 )
...
* Added declaration for deletePrevious function
* Added definition for deletePrevious function
* Fixed crash from deleteThis invalidating pointers
The crash was caused by deleteThis() invalidating the pointer to a constant variable usage. This happened when a usage followed an assignment. This fixes bug #8579 .
* Added tokensFront to match tokensBack
This means deletePrevious can set the list's front if necessary.
* Initialised tokensFront in appropriate places
* Switched to using default Token constructor
* Switched to using Token default constructor
* Switched to using default constructor for Token
* Added missing argument to Token constructor
* Changed to use default constructor for Tokens
* Switched to using default constructor for Tokens
* Switched to using default constructor for Token
* Added new test for deleting front Token
Also made sure to use the correct constructor for Token in other tests.
* Syntax error
* Replaced tokensFront and tokensBack with a struct
This decreases the size of the Token class for performance purposes.
* Replaced tokensFront and tokensBack with a struct
* Added tokensFrontBack to destructor
* Reworked to use TokensBackFront struct
Also ran astyle.
* Reworked to use TokenList's TokensFrontBack member
* Reworked to use TokensFrontBack struct
* Reworked to use TokensFrontBack struct
* Reworked to work with TokensFrontBack struct
* Removed unnecessary scope operator
* Added missing parentheses
* Fixed syntax error
* Removed unnecessary constructor
* Default constructor now 0-initialises everything
This is safer for not using a temporary TokensFrontBack object, and doesn't use delegating constructors which aren't supported yet.
* Fixed unsafe null check
* Added missing explicit keyword
* Fixing stylistic nits
Removed default constructor as it has been superseded by the single-argument constructor with a default argument value.
Renamed listEnds to tokensFrontBack.
Fixed if statement that was supposed to be adding safety but would actually cause a crash if tokensFrontBack was null.
* Fixing stylistic nits
Removed default constructor and replaced it with a single-argument constructor with a default value.
* Fixing stylistic nits
Renamed _listEnds to _tokensFrontBack.
* Fixing stylistic nits
Renamed _listEnds to _tokensFrontBack.
2018-05-25 07:15:05 +02:00
ce50df8047
Fix override warnings. ( #1234 )
2018-05-15 16:37:40 +02:00
8c2a5c9813
astyle formatting
...
[ci skip]
2018-05-06 09:50:53 +02:00
0561877182
Fix false positive with negative array index in issue 8536 ( #1202 )
...
* Fix FP with negative array index in valueflow
* Remove values when valueflow fails
* Add valueflow test
2018-05-06 08:35:29 +02:00
bbfcccf078
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:41:24 +02:00
7e4dba6a7e
Updated copyright year
2018-03-31 20:59:09 +02:00
5bc039b7da
Fix #6367 and #8439 (improve sizeof value flow support) ( #1132 )
2018-03-23 08:28:12 +01:00
bc40f5041d
Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun)
2018-01-27 15:39:39 +01:00
c4caee6b18
Updated copyright year
2018-01-14 15:37:52 +01:00
7d2450e445
Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)
2017-12-31 14:58:26 +01:00
28aa939d69
iwyu - include what you use
2017-05-27 04:33:47 +02:00
040d2f0012
Use simplecpp lexer in test cases
2017-05-18 21:52:31 +02:00
7fd04cd8d0
Updated Token::expressionString(), write '->' instead of '.'
2017-04-30 14:22:18 +02:00
b526fd7c49
Ticket #7964 : Don't crash on valid code using function pointers named strcpy or strcat in main().
2017-04-21 23:36:10 +02:00
b97779591e
Fixed unit test in testbufferoverrun.cpp
2017-04-11 23:00:33 +02:00
680828788b
Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests
2017-03-27 11:30:07 +02:00
171e1b8244
Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck()
2017-03-27 11:07:49 +02:00
f0d91fb74b
Fixed #7869 (False positive: Array index out of bounds)
2016-12-20 22:01:19 +01:00
f5ad7482a8
CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member.
2016-12-18 22:10:30 +01:00
461e5cc5c9
CheckBufferOverrun: Moved check from simplified to normal. This fixes a FP in asterisk.
2016-12-18 11:14:05 +01:00
a61f4e9c94
Fixed #7831 (false-positive: terminateStrncpy)
2016-11-24 07:04:58 +01:00
5b377ea2e4
Fixed #7821 (segmentation fault, invalid last token)
2016-11-20 14:15:51 +01:00
3f4fe8f578
Refactorized CheckBufferOverrun:
...
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
44a19b527e
Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums ( #7576 )
2016-07-08 20:53:08 +02:00
644a216394
Fixed two false positives related to char arrays initialized by a literal:
...
- Run check for writing to string literals on non-simplified token list (#7283 )
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/ )
2016-07-07 19:38:15 +02:00
0f11007c19
Fixed #7083 (false positive: typedef and initialization with strings)
2016-06-21 22:42:46 +02:00
8c0eab3eb3
Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays ( #5975 )
...
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
659cd96b03
Fixed #7209 (False positive: Array index used before limits check reported in sizeof)
2016-01-24 14:06:02 +01:00
996c9244d8
Update copyright year to 2007-2016.
2016-01-01 15:34:45 +02:00
9c3f25603e
CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead ( #6973 )
2015-11-30 16:36:52 +01:00
0f9d90d2be
Changed Copyrights. Removed my name.
2015-11-18 20:04:50 +01:00
5074c11b53
CheckBufferOverrun: Fixed FP when accessing string that contains '\0'. Refactoring address-of.
2015-11-09 10:30:39 +01:00
ef5be435c7
Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast)
2015-11-08 17:21:32 +01:00
7d6e1974eb
Fixed #7104 (False positive arrayIndexOutOfBounds)
2015-11-08 09:30:23 +01:00
9c7271a5e9
CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead
2015-11-07 18:12:01 +01:00
0a34b206e8
Refactorization: Reduced code duplication in test suite
2015-10-08 11:35:51 +02:00
3a5cef8a7e
Refactorization: Improved usage of Settings instances in test suite
2015-10-07 18:40:03 +02:00
8d2c4453ad
Small optimizations for C code in Tokenizer. Add some regression tests for recently fixed results
2015-08-29 19:00:09 +02:00
66e4faa621
Add regression test for true negative argumentSize
2015-08-29 11:14:13 +02:00
128a926d9d
Collected some more garbage code tests in testgarbage.cpp; Avoid std::string creation in testgarbage.cpp
2015-08-16 19:12:12 +02:00
42a406ac5f
testbufferoverrun: Removed duplicate test case.
2015-07-30 22:42:45 +02:00
6790d91fbb
Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884 .
2015-07-29 19:54:57 +02:00
c5bbea2994
Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value)
2015-07-27 16:39:41 +02:00
176b3925b3
Removed "verify" code in testrunner. Fixing its messages reduces the accuracy of the test suite.
2015-07-25 14:18:41 +02:00
fef251ac76
negative array size: fixed noise when array is not vla
2015-07-04 09:42:42 +02:00
0ca410a4d7
Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)
2015-06-07 14:01:20 +02:00
baa1ae079d
New check: negative size in array declaration. Ticket #1760
2015-05-03 15:00:47 +02:00
d735918a8a
Constructor parameter type need not be a number
2015-03-25 14:56:45 +03:00
bc5132e0ac
Refactorization: Moved declaration of errout, ... to testsuite.h, uniformized style
2015-03-11 22:54:43 +01:00
cc0f61376a
more cleanup of std.cfg testing in TestBufferOverrun
2015-02-14 18:55:54 +01:00
e510902d58
TestBufferOverrun cleanup some more std.cfg testing
2015-02-14 17:30:08 +01:00
360ec9d853
updated TestBufferOverrun test case. Since checker doesn't use library dont load std.cfg.
2015-02-14 16:44:08 +01:00
0c0d62171e
removed duplicate testcase. See testcase for #836
2015-02-14 16:41:51 +01:00
a57d5d7eda
moved testcases
2015-02-14 16:37:48 +01:00
e01b30345e
move testcases in TestBufferOverrun
2015-02-14 16:29:05 +01:00
166db40af2
Fix TestBufferOverrun test case, it was wrongly written.
2015-02-14 15:51:13 +01:00
c43d537726
renamed TestBufferOverrun test method to same name as CheckBufferOverrun method that is tested
2015-02-14 15:49:17 +01:00
2b7c7134e1
TestBufferOverrun: move memset test
2015-02-14 15:46:00 +01:00
e0d90c00be
TestBufferOverrun: Cleanup testcases for memory functions
2015-02-13 16:16:59 +01:00
2d21eb07ba
Cleaned up snprintf hardcoding in CheckBufferOverrun
2015-02-13 06:44:38 +01:00
a6cfd15bde
refactoring TestBufferOverrun
2015-02-12 17:36:22 +01:00
9aad4fa8ca
CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead
2015-02-12 17:29:36 +01:00
d9deabe2ce
TestBufferOverrun: clean up
2015-02-10 17:29:36 +01:00
53718047f1
refactoring TestBufferOverrun
2015-02-10 06:49:48 +01:00
9aa0420472
TestBufferOverrun: Moved out cfg tests. Created minsize-mul testing in TestBufferOverrun
2015-02-10 06:44:19 +01:00
ce1d0099cf
TestBufferOverrun: Moved out cfg tests. Created minsize-argvalue testing in TestBufferOverrun
2015-02-10 06:35:41 +01:00
631536980c
TestBufferOverrun: split up strncpy testing, keep checker testing in TestBufferOverrun and move cfg tests to cfg test
2015-02-09 16:20:28 +01:00
f78744ac30
Fixed AST generation if expression starts with ternary operator
2015-02-01 14:02:19 +01:00
21cb0cfd60
Take simplifyIfNotNull and simplifyIfNot out of simplifyTokenList1 (first step for #6072 )
2015-01-31 20:12:02 +01:00
73113c67e7
Fixed #6480 (False positive unreachableCode - member function exit called instead of ::exit())
2015-01-31 16:55:55 +01:00
57ec1aea91
Library: Don't rely on ast in isNotLibraryFunction since it's used in tokenizer
2015-01-31 10:24:10 +01:00
98e33a189f
Enhanced CheckBufferOverrun:
...
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
3274a00b82
Moved some more tests to testgarbage.cpp
2015-01-21 10:04:46 +01:00
6a8293a8b7
Library: More strict matching of functions
2015-01-08 19:31:41 +01:00
ff11ba9847
Updated copyright year to 2015
2015-01-03 12:14:58 +01:00
6194a4eefd
Fixed #6357 (Improve check: pointer arithmetic 'p+x' overrun, conditional x)
2014-12-26 09:12:00 +01:00
7ab12cea63
Improved pointer arithmetic message
2014-12-25 14:31:46 +01:00
bc594d52c8
Fixed #6349 (Pointer arithmetic: clarify message)
2014-12-25 10:05:55 +01:00
7cfa54f0e0
Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter)
2014-12-24 14:03:52 +01:00
1b2a23b3fe
Fixed #6350 (Tokenizer::simplifyCast: set Token::isCasted when cast is removed)
2014-12-23 16:16:14 +01:00
10ae551fef
CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended.
2014-12-22 10:56:17 +01:00
93ac5a41cd
Fixed #6346 (pointer calculation overflow)
2014-12-22 09:38:00 +01:00
a95e5bff2b
Fixed #6344 (false positive: out of bounds access when array size is unknown)
2014-12-20 18:50:08 +01:00
a1537e1a6e
Fixed #6339 (false negative: array index out of bounds on allocated buffer using valueflow)
2014-12-17 16:23:48 +01:00
c2584aa635
#6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope().
2014-12-04 20:49:58 +01:00
051d42ae6b
astyle formatting
2014-11-20 14:20:09 +01:00
f5d804f71a
running astyle
2014-11-20 10:13:03 +01:00
71c5d4bd60
Ticket #6232 (cppOut of bounds array access)
...
--HG--
extra : rebase_source : 79ed3533a12a486ea3ed3f09f9bc55b1a4771161
2014-10-21 22:56:53 +02:00
6955e719cf
Collected garbage code tests and moved them to testgarbage.cpp
2014-10-16 10:59:46 +02:00
68b26f8faa
Fixed subsequent false negatives in CheckBufferOverrun::checkInsecureCmdLineArgs() ( #5835 )
2014-09-29 15:38:33 +02:00
ccd80e3407
#6141 FP: Unknown type is assumed to have size 0.
2014-09-27 21:51:11 +02:00
1e298a31cf
Refactoring tests. Use utility function to warn about unsimplified code in tests.
2014-09-13 12:59:32 +02:00
4c18967329
Added unit test for #5849
2014-08-31 21:45:38 +02:00
b6355b991f
Fixed #6070 (false positive: Array 'array[8192]' accessed at index 8192, which is out of bounds)
2014-08-19 07:03:00 +02:00
47a2b35e98
BufferOverrun: Use ValueFlow string values more
2014-08-04 08:25:10 +02:00
5de1e35350
CheckBufferOverrun: Fixed minsize checking of string literals. Check sizeof string instead of strlen.
2014-07-30 20:35:21 +02:00
254b6438b9
CheckBufferOverrun::checkStringArgument: sizeof string is strlen+1
2014-07-08 16:04:09 +02:00
9a4bd73a18
Fixed unit test
2014-07-08 08:02:02 +02:00
0fd334911a
Fixed #5257 (Check memcpy size for string literals)
2014-07-06 08:41:39 +02:00
53aa2f5982
astyle formatting
...
[ci skip]
2014-07-06 07:16:28 +02:00
77095e2b05
Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
...
Fix some compiler warnings on MSVC
2014-07-05 22:47:10 +02:00
a3acc3241e
Library: Added <minsize> element used for buffer overrun checking
2014-07-05 20:31:43 +02:00
6c8558c112
CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on.
2014-06-27 06:46:42 +02:00
036b2f8ccf
CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking.
2014-06-26 17:36:20 +02:00
966491d40b
Added a test for out-of-bounds character array access.
2014-05-27 16:21:13 +02:00
effa38c322
Fixed #5863 (False positive: array index is used before limits check)
2014-05-24 17:50:01 +02:00
04fbbdb5e8
Refactorized CheckBufferOverrun::arrayIndexThenCheck() and fixed false negative
2014-05-10 13:00:44 +02:00
ed1d63ffc0
Fixed #5636 (FP: matrix out of bounds)
2014-05-03 18:12:06 +02:00
89dc652af9
#5631 Typo and misleading error message in negativeMemoryAllocationSize
2014-04-08 20:23:00 +02:00
e5301b2b7a
ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known
2014-03-29 20:20:22 +01:00
1c58628223
Handle pointer/reference to array in setVarId ( #2645 )
2014-03-28 16:10:27 +01:00
63254b33f9
Fixed uncaught exception in testbufferoverrun.cpp
2014-03-27 19:55:11 +01:00
6da9cca4ab
fixed unit test that I broke by mistake
2014-03-25 21:45:25 +01:00
87daf5783e
buffer overflow: clean up old checking for negative index
2014-03-25 20:37:32 +01:00
c8004a8d31
Buffer overruns: Use ValueFlow to detect negative index
2014-03-25 18:22:22 +01:00
aa05bf0f16
ValueFlow: Improved abstract interpretation
2014-03-24 06:48:06 +01:00
dbc8273cb7
ValueFlow: improved abstract interpretation of for loops
2014-03-24 00:16:02 +01:00
b6276058da
Value Flow: Improved abstract interpretation of arithmetical expressions
2014-03-22 19:02:33 +01:00
Daniel Marjamäki
amai2012
Paul Fultz II
orbitcowboy
Simon Martin
rebnridgway
IOBYTE
PKEuS
Ayaz Salikhov
Simon Martin
PKEuS
umanamente
Lauri Nurmi
Alexander Mai
Dmitry-Me
PKEuS
PKEuS
orbitcowboy
Frank Zingsheim