Commit Graph

600 Commits

Author SHA1 Message Date
Daniel Marjamäki e73657b198 Clarify arrayIndexOutOfBounds 2017-05-23 14:58:43 +02:00
Daniel Marjamäki f7cda81c0c Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning' 2017-05-23 11:43:56 +02:00
Daniel Marjamäki 55ae206ecc ErrorPath: better output 2017-05-19 17:29:16 +02:00
Daniel Marjamäki c617851567 ErrorLogger: Added ErrorPath where each item has token and info 2017-05-16 22:38:13 +02:00
Daniel Marjamäki f92e7b3bfc Emit better errorpath in CheckBufferOverrun::negativeIndexError 2017-05-16 19:08:47 +02:00
Simon Martin b526fd7c49 Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). 2017-04-21 23:36:10 +02:00
PKEuS b1f4bd7504 Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set (#7995) 2017-04-11 11:49:26 +02:00
Matthias Krüger 7d12e1f3a6 valueFlowGetArrayIndexes: convert Token::Match to Token::simpleMatch.
The pattern is a sole "[", but since "[" is also used for complexe patterns, the internal check that finds potential simple match patterns bailed out here.
2017-04-09 17:27:46 +02:00
Daniel Marjamäki 633ed23c0d Fix Cppcheck warnings about mismatching function argument names 2017-04-01 09:31:27 +02:00
Daniel Marjamäki cc3ef7bbe8 Fix so array access out of bounds for external arrays are detected again 2017-03-30 10:14:17 +02:00
PKEuS 3c8f5b85ae Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10% 2017-03-27 18:48:34 +02:00
PKEuS 2938278f00 Refactorization: Store minsizes in vector instead of list which has less overhead 2017-03-27 17:53:43 +02:00
PKEuS 63d39390b4 checkbufferoverrun.cpp: refactorizations 2017-03-27 16:09:51 +02:00
PKEuS 83b1e1c329 CheckBufferOverrun: Refactorizations
- Improved/Optimized conditions in checkBufferAllocatedWithStrlen()
- Avoid copying strings for checkScope()
2017-03-27 11:48:34 +02:00
PKEuS 680828788b Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests 2017-03-27 11:30:07 +02:00
PKEuS 171e1b8244 Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck() 2017-03-27 11:07:49 +02:00
orbitcowboy 6c71d74563 Cleanup: There is no need to clear a string directly after its creation. 2017-01-16 20:10:28 +01:00
Daniel Marjamäki f0d91fb74b Fixed #7869 (False positive: Array index out of bounds) 2016-12-20 22:01:19 +01:00
Daniel Marjamäki f5ad7482a8 CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member. 2016-12-18 22:10:30 +01:00
PKEuS cfac3b457d Several small refactorizations 2016-12-06 22:12:02 +01:00
Stefan Weil 57b57428c2 Fix some typos in comments (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-11-27 11:40:42 +01:00
Daniel Marjamäki a61f4e9c94 Fixed #7831 (false-positive: terminateStrncpy) 2016-11-24 07:04:58 +01:00
Daniel Marjamäki 4732667488 ValueFlow: allow more value types 2016-11-13 22:33:39 +01:00
Daniel Marjamäki 9ff3e85899 Added --cppcheck-build-dir flag 2016-10-29 12:18:11 +02:00
Daniel Marjamäki 499e52c976 astyle formatting
[ci skip]
2016-08-15 18:04:55 +02:00
Roberto Martelloni 41dee04e90 CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor 2016-08-14 18:23:41 +01:00
Robert Reif 55b3f0bf38 Fixed #752 (SymbolDatabase: Does not match function if redundant keywords mismatch (C++)) 2016-08-04 09:06:32 +02:00
PKEuS 3f4fe8f578 Refactorized CheckBufferOverrun:
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS 9a6569fde1 Always set ErrorMessage::file0 to ensure that the source file that cppcheck is checking when an error occurs can be identified
Removed unused function and unused includes from preprocessor.h/cpp
2016-07-26 16:28:40 +02:00
Simon Martin bae81fba05 Silent clang -Wshadow warning. (#812)
Add an optional extended description…
2016-07-09 19:07:58 +02:00
PKEuS 44a19b527e Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums (#7576) 2016-07-08 20:53:08 +02:00
PKEuS 644a216394 Fixed two false positives related to char arrays initialized by a literal:
- Run check for writing to string literals on non-simplified token list (#7283)
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/)
2016-07-07 19:38:15 +02:00
umanamente 0f11007c19 Fixed #7083 (false positive: typedef and initialization with strings) 2016-06-21 22:42:46 +02:00
PKEuS 8c0eab3eb3 Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays (#5975)
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
PKEuS 728d4242dc Refactorizations in CheckBufferOverrun:
- Improved performance of CheckBufferOverrun::checkScope()
- Made some patterns less restrictive
2016-05-25 11:50:34 +02:00
Roberto Martelloni d3645d874e Mapped toomanyconfigs ,AssignmentAddressToInteger
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00
Daniel Marjamäki cef6b35bb8 Improve MAXTIME handling 2016-02-11 16:10:52 +01:00
Daniel Marjamäki 5e10e680da CWE: refactoring. use constants instead of magic numbers. 2016-01-25 20:01:48 +01:00
Roberto Martelloni 5ce69da02d Mapped 26 errors to their CWEs ID. 2016-01-24 20:53:05 +00:00
Daniel Marjamäki 659cd96b03 Fixed #7209 (False positive: Array index used before limits check reported in sizeof) 2016-01-24 14:06:02 +01:00
Dmitry-Me afe659cc88 This variable type looks very suspicious 2016-01-18 09:52:35 +03:00
Roberto Martelloni bb6880919c CWE mapping 2016-01-15 17:07:14 +01:00
Dmitry-Me 26788a1dc1 Remove repeated code, better variable name 2016-01-15 17:20:40 +03:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Dmitry-Me 5cba4ac602 Omit unneeded deep copy 2015-12-23 10:32:59 +03:00
Dmitry-Me 155ccecf2f Drop useless braces 2015-12-22 10:31:49 +03:00
PKEuS 32e2fb2f78 Refactorization: Prefer Token::simpleMatch over Token::Match also for non-const patterns. 2015-12-03 13:04:55 +01:00
Daniel Marjamäki 9c3f25603e CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead (#6973) 2015-11-30 16:36:52 +01:00
PKEuS ac17541ca9 Refactorizations:
- Fixed a few more MSVC warnings by using correct types
- Store severity as enum instead of string in Settings::Rule
2015-11-28 12:30:21 +01:00
Daniel Marjamäki 6b124a37d8 Cleanup some casts 2015-11-28 10:11:07 +01:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
Daniel Marjamäki 5074c11b53 CheckBufferOverrun: Fixed FP when accessing string that contains '\0'. Refactoring address-of. 2015-11-09 10:30:39 +01:00
Daniel Marjamäki ef5be435c7 Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast) 2015-11-08 17:21:32 +01:00
Daniel Marjamäki fc564d779e Fixed #7112 (crash: CheckBufferOverrun::checkGlobalAndLocalVariable (invalid code)) 2015-11-08 14:21:12 +01:00
Daniel Marjamäki 48da1d5396 Refactoring CheckBufferOverrun 2015-11-08 12:39:08 +01:00
Daniel Marjamäki 7d6e1974eb Fixed #7104 (False positive arrayIndexOutOfBounds) 2015-11-08 09:30:23 +01:00
Daniel Marjamäki 35ed902e3f Try to fix crash when using getMaxValue() 2015-11-07 19:59:48 +01:00
Daniel Marjamäki 32627dc558 try to fix internal errors detected by Travis 2015-11-07 19:47:30 +01:00
Daniel Marjamäki 9c7271a5e9 CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead 2015-11-07 18:12:01 +01:00
Daniel Marjamäki d0ab3aea70 CheckBufferOverrun: Minor fixes for strings 2015-11-07 15:05:56 +01:00
Daniel Marjamäki be7bca385d avoid some fixes for noisy signedness warnings 2015-10-11 12:50:46 +02:00
Dmitry-Me 139ead15ef Merge overlapping patterns 2015-09-01 16:17:17 +03:00
PKEuS ab8afec3eb Refactorizations:
- Avoid unnecessary loop iterations
- Avoid unnecessary condition checking
- Reduced code duplication in symboldatabase.cpp
2015-08-16 14:23:07 +02:00
PKEuS 4d80df2f4a Added pointer to Type to Token (similar to Token::Variable() and Token::function()):
- Accessible via Token::type()
- Renamed former Token::type() to Token::tokType()
- Removed SymbolDatabase::isClassOrStruct()
2015-08-15 11:19:21 +02:00
Daniel Marjamäki 6790d91fbb Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884. 2015-07-29 19:54:57 +02:00
Daniel Marjamäki c5bbea2994 Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value) 2015-07-27 16:39:41 +02:00
Daniel Marjamäki fef251ac76 negative array size: fixed noise when array is not vla 2015-07-04 09:42:42 +02:00
amai2012 11538c84f6 Refactoring: Distinguish between C and C++ code
Refactoring: Replace CheckNonReentrantFunctions::initNonReentrantFunctions by static initialization
2015-06-29 21:17:15 +02:00
Martin Ettl b8e08ca5d8 Code cleanup. 2015-06-28 19:27:23 +02:00
Martin Ettl 7ff4d10c43 Astyle formatting, no functional changes. 2015-06-28 19:25:13 +02:00
amai2012 5814c3b84c Fix some compiler warnings with VS
Minor refactoring on Windows SEH code.
2015-06-28 19:20:16 +02:00
Alexander Mai 0b225fa02f 2nd attempt to fix crash in CheckUnusedFunctions::check. CheckBufferOverrun::checkBufferAllocatedWithStrlen: Don't check for 'new' in C code. 2015-06-28 18:34:09 +02:00
Alexander Mai 02a3a01eca Fix compiler warnings 2015-06-28 18:07:31 +02:00
Alexander Mai 2c73518e29 Fix platform-dependent test result, formatting and crash in whole program analysis 2015-06-28 17:54:48 +02:00
Daniel Marjamäki 0ca410a4d7 Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression) 2015-06-07 14:01:20 +02:00
Martin Ettl d5d6d7fbb8 Running astyle, no functional changes. 2015-05-29 20:20:05 +02:00
amai2012 5b347c537b Fix #6720 and #6721 (Crashes on garbage code)
Local fixes to avoid access to NULL-token
2015-05-29 19:30:55 +02:00
PKEuS 3ce4e68ca6 Refactorization: Make use of do-loops to avoid redundant Token::Match() calls 2015-05-13 13:40:40 +02:00
Daniel Marjamäki baa1ae079d New check: negative size in array declaration. Ticket #1760 2015-05-03 15:00:47 +02:00
Daniel Marjamäki 88f59ad7e8 Partial fix for #6656 (Allow that CWE is mapped for error message) 2015-04-25 17:48:11 +02:00
Matthias Krüger 42f0955e3f Move more setting checks out of loops and use const bools instead. Reorder a few related checks.
Follow up to eedcb6abcb .
2015-04-10 14:31:19 +02:00
Dmitry-Me d735918a8a Constructor parameter type need not be a number 2015-03-25 14:56:45 +03:00
Dmitry-Me 9398fa810b Avoid value truncation 2015-03-25 10:39:09 +03:00
Dmitry-Me c9cdba5865 Remove duplicate check 2015-03-24 15:58:03 +03:00
Dmitry-Me 4fcbe00913 Omit unnecessary operations 2015-03-19 15:14:07 +03:00
Dmitry-Me 2b50e73aa9 Misleading comment 2015-03-14 15:18:29 +03:00
PKEuS cb4bf73749 Merge pull request #530 from Dmitry-Me/doChecksEarlier
Don't run the checks which will be silenced later anyway
2015-02-25 19:22:00 +01:00
Dmitry-Me 938b84903f Remove redundant casts 2015-02-24 15:15:22 +03:00
Dmitry-Me 24d2b0368f Don't run the checks which will be silenced later anyway 2015-02-24 10:20:43 +03:00
Dmitry-Me 19d05979ee Remove C4189 in release builds 2015-02-20 11:00:34 +03:00
Alexander Mai 6a7605271a Fix compiler warning. Add interfaces of POSIX passwd.h and pwd.h to posix.cfg 2015-02-18 20:56:44 +01:00
Daniel Marjamäki 2d21eb07ba Cleaned up snprintf hardcoding in CheckBufferOverrun 2015-02-13 06:44:38 +01:00
Daniel Marjamäki 9aad4fa8ca CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead 2015-02-12 17:29:36 +01:00
Daniel Marjamäki a24cbc448a CheckBufferOverrun: loop through all arguments in checkFunctionCall 2015-02-11 16:24:25 +01:00
Daniel Marjamäki d9deabe2ce TestBufferOverrun: clean up 2015-02-10 17:29:36 +01:00
PKEuS 18b0e14590 Refactorizations: Fixed a pattern in checkbufferoverrun.cpp, simplified one in checkclass.cpp 2015-01-31 12:32:05 +01:00
PKEuS b2835051df Refactorization: Renamed Token::Match pattern %var% to %name%, implement new pattern %var% which is true if varId > 0. 2015-01-31 12:32:04 +01:00
PKEuS 03e44d4aa0 CheckMemoryLeakInFunction: Don't treat delete as delete operator for C code
Fixed GCC message in checkbufferoverrun.cpp
2015-01-30 20:55:53 +01:00
PKEuS 98e33a189f Enhanced CheckBufferOverrun:
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
Dmitry-Me e7bb43fc6b Cache and reuse token pointer 2015-01-27 10:23:58 +03:00