Commit Graph

427 Commits

Author SHA1 Message Date
Paul Fultz II 75de485c4d Fix issue 9551: Out-of-bounds in getLifetimeTokens() (#2461) 2019-12-29 08:23:58 +01:00
Daniel Marjamäki fe23d017f3 Fixed #8419 (False positive accessMoved on int) 2019-12-21 07:39:14 +01:00
Daniel Marjamäki 33ec78fe6e Fixed #9036 (false positive: (style) Condition 's.x<127U' is always true) 2019-12-20 19:06:35 +01:00
Daniel Marjamäki a241be0ecc Fixed #9434 (False positive: Out of bounds access when using const pointer) 2019-12-15 20:10:28 +01:00
Daniel Marjamäki bcfc5924fa Fixed #9532 (False positive: Out of bounds access in expression 'v[0]' because 'v' is empty.) 2019-12-14 19:04:19 +01:00
Sebastian 95e0b0d0f9
Fix #9510: Crash in valueflow.cpp solveExprValues() (division by zero) (#2420)
`break` if divider `intval` is 0 to avoid division by 0 as suggested by @pfultz2
Trac ticket: https://trac.cppcheck.net/ticket/9510
2019-12-06 08:08:40 +01:00
Paul Fultz II f9d33c07f8 Fix issue 9458: Crash with shadow variables in a lambda (#2406)
* Fix issue 9458: Crash with shadow variables in a lambda

* Format
2019-11-29 09:45:02 +01:00
Rikard Falkeborn 11319a397a ValueFlow: Add test with hexadecimal floating point literal (#2342) 2019-11-10 08:27:55 +01:00
Rikard Falkeborn f83eb127ae ValueFlow: sizeof string and char literals (#2285) 2019-10-20 21:02:28 +02:00
Daniel Marjamäki e50b9e2bef Fixed #8784 (False positive uninitialized variable) 2019-10-20 15:20:05 +02:00
Daniel Marjamäki 9a2b71494f ValueFlow: Set value for :: 2019-10-19 21:08:59 +02:00
Daniel Marjamäki e0093c99ce Fixed #9276 (False positive: ValueFlow does not handle return in switch properly.) 2019-10-18 16:16:56 +02:00
Daniel Marjamäki 3a0a0fdefb Fixed #9424 (False positive: known condition after function call) 2019-10-18 08:21:07 +02:00
Ken-Patrick Lehrmann 24211cf8b9 Fix crashes in valueflow (#2236)
* Fix crashes in valueflow

http://cppcheck1.osuosl.org:8000/crash.html

For instance in http://cppcheck1.osuosl.org:8000/styx
```
==19651==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x556f21abc3df bp 0x7ffc140d2720 sp 0x7ffc140d2710 T0)
==19651==The signal is caused by a READ memory access.
==19651==Hint: address points to the zero page.
    #0 0x556f21abc3de in Variable::isGlobal() const ../lib/symboldatabase.h:342
    #1 0x556f221f801a in valueFlowForwardVariable ../lib/valueflow.cpp:2471
    #2 0x556f22208130 in valueFlowForward ../lib/valueflow.cpp:3204
    #3 0x556f221e9e14 in valueFlowReverse ../lib/valueflow.cpp:1892
    #4 0x556f221f1a43 in valueFlowBeforeCondition ../lib/valueflow.cpp:2200
    #5 0x556f2223dbb5 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) ../lib/valueflow.cpp:6521
    #6 0x556f220e5991 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/tokenize.cpp:2342
    #7 0x556f21d8d066 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ../lib/cppcheck.cpp:508
    #8 0x556f21d84cd3 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/cppcheck.cpp:192
    #9 0x556f21a28796 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ../cli/cppcheckexecutor.cpp:884
    #10 0x556f21a24be8 in CppCheckExecutor::check(int, char const* const*) ../cli/cppcheckexecutor.cpp:198
    #11 0x556f22313063 in main ../cli/main.cpp:95
```

* Add test case for crash in valueflow
2019-10-16 20:54:07 +02:00
Daniel Marjamäki 887825d834 astyle formatting
[ci skip]
2019-10-05 15:42:47 +02:00
Paul Fultz II 997803869d Forward values after assignment in valueFlowReverse (#2226)
* Forward values after assignment in valueFlowReverse

* Rename variables

* Format
2019-10-03 09:58:57 +02:00
Daniel Marjamäki b55c587ab2 astyle formatting
[ci skip]
2019-09-26 10:32:49 +02:00
Paul Fultz II 597d0fa35b Support expression in valueFlowAfterCondition (#2219)
* Add valueFlowForwardExpression function to forward values of an expression

* Use token for expression

* Fix name in bailout message

* Handle expressions

* Add more tests for more expressions

* Add more tests

* Solve the expression if possible

* Formatting
2019-09-26 10:32:25 +02:00
Daniel Marjamäki 049f6475ee astyle formatting
[ci skip]
2019-09-20 15:07:27 +02:00
Paul Fultz II ad8abdb0c3 Add impossible values to ValueFlow (#2186)
* Add impossible category

* Replace values

* Try to adjust known values

* Add ! for impossible values

* Add impossible with possible values

* Remove contradictions

* Add values when the branch is not dead

* Only copy possible values

* Dont bail on while loops

* Load std lib in valueflow

* Check for function calls

* Fix stl errors

* Fix incorrect impossible check

* Fix heap-after-use error

* Remove impossible values when they are lowered

* Show the bound and remove overlaps

* Infer conditions

* Dont push pointer values through dynamic_cast

* Add test for dynamic_cast issue

* Add shifttoomanybits test

* Add test for div by zero

* Add a test for issue 9315

* Dont make impossible value inconclusive

* Fix FP with shift operator

* Improve handleKnownValuesInLoop for impossible values

* Fix cppcheck warning

* Fix impossible values for ctu

* Bailout for streams

* Check equality conditions

* Fix overflows

* Add regression test for 9332

* Remove duplicate conditions

* Skip impossible values for invalid value

* Check for null

* Rename bound to range

* Formatting
2019-09-20 15:06:37 +02:00
Paul Fultz II 27ebff7ae4 Add deeper analysis of when a function changes a containers size (#2149)
* Add deeper analysis of when a function changes a containers size

* Fix issues

* Track addressOf
2019-09-06 21:18:45 +02:00
Paul Fultz II 3aef0c9bd3 Fix issue 8715: regression uninitvar not detected (#2092) 2019-08-16 07:48:54 +02:00
Paul Fultz II 68e8253920 Fix issue 8313 and 7326: Track values of pointer aliases in valueflow 2019-08-12 12:58:53 +02:00
Paul Fultz II 9aa97cbb95 Fix issue 8296: ValueFlow: value not set in conditional scope in subfunction (#2071)
* Fix issue 8296: ValueFlow: value not set in conditional scope in subfunction

* Refactor condition checkingg

* Make test case TODO
2019-08-11 15:39:37 +02:00
Paul Fultz II bd02ca5ccb Fix issue 9207: Not detected 'always true' and unreachable code 2019-08-08 07:46:47 +02:00
Paul Fultz II aaeec462e6 Re-enable valueFlowSubFunction (#2063)
* Re-enable valueFlowSubFunction

* Formatting

* Skip ternary operators in subfunctions

* Fix test with iostreams

* Fix FP with multiple parameters
2019-08-05 16:26:32 +02:00
Paul Fultz II ffdd2dc793 Fix issue 8924: Re-enable valueFlowTerminatingCondition 2019-08-05 07:18:06 +02:00
Daniel Marjamäki ce53931d00 Fixed #9251 (False positive: unininitialized variable (multi variables)) 2019-08-03 21:12:34 +02:00
Daniel Marjamäki 607b3daca8 ValueFlow: Improve bailout for structs etc in loops 2019-07-29 15:51:48 +02:00
Daniel Marjamäki e8ec6e6f11 Fixed #8349 (Noisy nullPointerRedundantCheck) 2019-07-27 20:03:06 +02:00
Daniel Marjamäki bbcffce529 Fixed #9062 (False positive "condition is always true") 2019-07-24 19:16:35 +02:00
Daniel Marjamäki 2da75d5af4 Split up Cppcheck attribute. low and high values can be specified separately and they can be used for variables also. 2019-07-24 15:08:26 +02:00
Daniel Marjamäki cab9f61b79 safe checks: Handle float parameters 2019-07-24 12:09:13 +02:00
Daniel Marjamäki 10be2a1941 Safe checks: container parameters 2019-07-24 11:39:35 +02:00
Daniel Marjamäki 8959c5a9d0 Rename valueFlowAllFunctionParameterValues => valueFlowSafeFunctionParameterValues 2019-07-24 10:57:35 +02:00
Daniel Marjamäki c8bc88e7e2 Fix compiler error 2019-07-23 13:14:08 +02:00
Daniel Marjamäki f9bd589abb testrunner: Make a few tests more 'proper' 2019-07-13 07:29:23 +02:00
Daniel Marjamäki 8ad3e43f92 Add handling of a simple C++ contract 2019-07-12 16:05:35 +02:00
Daniel Marjamäki 68cc7516a1 Annotations: Add annotation __cppcheck_in_range__(low,high) 2019-07-12 11:09:54 +02:00
Daniel Marjamäki 783f7f1648 Rename safeValues to unknownValues 2019-07-11 16:05:48 +02:00
Daniel Marjamäki 05d35b063d Function return: Extra check of safe function return values 2019-07-10 20:00:21 +02:00
Daniel Marjamäki c9906125de Safe functions: Check more possible function argument values 2019-07-10 16:59:05 +02:00
Daniel Marjamäki 9f548efbd3 Refactoring: enum class 2019-07-10 15:27:07 +02:00
Rikard Falkeborn 839fcddd8a Fix #6115 (Add support to realloc to cfg files) (#1953)
* Allow to configure realloc like functions

* memleakonrealloc: Bring back tests.

The old memleak checker was removed, and the tests for it was removed in
commit 9765a2dfab. This also removed the
tests for memleakOnRealloc. Bring back those tests, somewhat modified
since the checker no longer checks for memory leaks.

* Add realloc to mem leak check

* Add tests of realloc buffer size

* Configure realloc functions

* Add test of freopen

* Allow to configure which element is realloc argument

* Fix wrong close in test

cppcheck now warns for this

* Update manual

* Update docs

* Rename alloc/dalloc/realloc functions

Naming the member function realloc caused problems on appveyor. Rename
the alloc and dealloc functions as well for consistency.

* Change comparisson order

* Remove variable and use function call directly

* Create temporary variable to simplify

* Throw mismatchError on mismatching allocation/reallocation

* Refactor to separate function

* Fix potential nullptr dereference

As pointed out by cppcheck.
2019-07-05 12:44:52 +02:00
Daniel Marjamäki 56df6169fb Fixed #8356 (ValueFlow: variable is not changed in for loop) 2019-06-30 17:50:35 +02:00
Rikard Falkeborn d1d622b74c Valueflow: support global static const variables (#1861) 2019-06-29 14:33:55 +02:00
Ken-Patrick 44d6066c6f FP on assignment through pointer (#1887)
* Fix FP when assigning through pointers

* Add test case for false positive

cppcheck would faulty warn:
"Condition '*b>0' is always true"
2019-06-17 21:25:15 +02:00
Rikard Falkeborn b1c8d81bcc Refactoring; Use range for loop (#1900) 2019-06-17 13:17:45 +02:00
Rikard Falkeborn d909ac8565 Bugfix buffer size for strdup like functions (#1893)
strdup() allocates the string length plus one for a terminating null
character. Add one to compensate for this.

Fixes false positive buffer out of bounds on code like this:

	void f() {
		const char *a = "abcd";
		char * b = strdup(a);
		printf("%c", b[4]); // prints the terminating null character
		free(b);
	}

Also, add a testcase for valueFlowDynamicBufferSize() and add tests for
strdup(), malloc() and calloc().
2019-06-16 16:02:27 +02:00
orbitcowboy 55df395a4e Running astyle [ci skip] 2019-05-30 14:41:14 +02:00