0db649c075
Fixed Cppcheck self check warning; redundant check
2021-05-22 15:34:39 +02:00
9a9f14bd8a
Buffer overflow; Fixed FPs when array size is 1
2021-05-22 12:13:39 +02:00
b8314289c6
testbufferoverrun; fixed TODO test cases for pointer arithmetic overflows
2021-05-15 20:32:46 +02:00
e869452240
#10244 : Fixed false negative: bufferAccessOutOfBounds
2021-04-13 16:40:38 +02:00
42437277dc
Update Copyright year
2021-03-21 20:58:32 +01:00
141d2ac215
Refactorization: Improved internal implementation of severity and certainty levels
...
Backported from LCppC.
2021-02-24 22:00:06 +01:00
853c271f22
Fix gcc warning; variable vidx is assigned but not read
2021-01-16 18:13:06 +01:00
1858465bca
astyle formatting
...
[ci skip]
2021-01-12 21:28:56 +01:00
fc4238829f
Fix issue 10092: false positive: (warning) The address of local variable 'data' might be accessed at non-zero index. ( #3041 )
2021-01-12 10:24:28 +01:00
f493ce16b3
astyle formatting
...
[ci skip]
2021-01-10 14:46:19 +01:00
ac7647fcd8
some self-check suppression cleanups ( #3032 )
2021-01-09 20:32:38 +01:00
50cdb6cbfc
Astyle: sync windows and linux folders ( #3016 )
2021-01-06 17:13:44 +01:00
e004731f1c
Fix issue 8650: ValueFlow: Track if pointer is created by '&' operator ( #3011 )
2021-01-05 16:56:38 +01:00
c6452adc88
Fixed Cppcheck warning; Remove unused private method CheckBufferOverrun::bufferNotZeroTerminatedError
2020-12-04 18:58:10 +01:00
37bc0483a4
made check.h less heavy ( #2633 )
2020-05-23 07:16:49 +02:00
08ddd84780
Update copyright year
2020-05-10 11:16:32 +02:00
3e0218299b
Revert "Update copyright year"
...
This reverts commit 6eec6c4bd5
2020-05-10 11:13:05 +02:00
6eec6c4bd5
Update copyright year
2020-05-10 11:11:34 +02:00
1af959af2c
fixed -Wextra-semi-stmt Clang warnings ( #2553 )
...
* fixed -Wextra-semi-stmt Clang warnings
* adjusted REDIRECT macro to require a semicolon
* testmathlib.cpp: rolled back accidental change
2020-04-21 17:27:51 +02:00
2c1e36e63e
cleaned up includes based on include-what-you-use ( #2600 )
...
* cleaned up includes based on include-what-you-use
* check.h: trying to work around Visual Studio 2012 bug
* fixed Visual Studio compilation
2020-04-13 13:44:48 +02:00
3b20684aca
Fix issue 9360: False positive: arrayIndexOutOfBounds when function is called with different array sizes ( #2541 )
2020-02-17 10:31:08 +01:00
84bb024662
Refactoring; Reuse variable typeSize
2020-01-19 09:17:38 +01:00
cefd7fb33f
Fix testrunner
2020-01-18 12:29:03 +01:00
9ffb657c1a
Fixed #8597 (False positive - Array index is used before limits check.)
2019-12-20 09:46:01 +01:00
fcc5fad3ed
Fixed #9113 (false positive: (error) Buffer is accessed out of bounds)
2019-11-10 16:42:48 +01:00
73a569be97
TestBufferOverRun: Handle string literals ( #2287 )
2019-10-21 07:11:22 +02:00
5c061c1c12
Set correct type and size of string and char literals ( #2275 )
...
* Set correct type and size of string and char literals
Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.
When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.
Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.
Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.
Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).
* Add comment and update string length
2019-10-20 07:11:57 +02:00
6b6553e320
Dont warn for arrays that are containers ( #2240 )
2019-10-05 16:14:30 +02:00
de9f489b08
use range loops / constness ( #2181 )
...
* use range loops / constness
* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
32eda27391
Refactoring: Use enum class
2019-07-16 10:51:26 +02:00
1888b39314
Use 'nonneg' instead of 'unsigned' in checkbufferoverrun
2019-07-16 07:59:35 +02:00
f75c15af56
Fix issue 6821: New check: access heap/stack data using address of variable
...
This fixes errors with:
```cpp
int f() {
int i;
return (&i)[1];
}
```
It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
6da42a3d63
Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.)
2019-05-01 13:00:14 +02:00
74fad6ce05
Modernizing; Use std::accumulate instead of for loop
2019-04-28 11:25:43 +02:00
9c5d24c551
Modernizing: Use std::accumulate instead of for loop
2019-04-28 11:17:11 +02:00
9d72e24edb
Refactoring; Use stl algorithm instead of for loop
2019-04-28 10:30:20 +02:00
f503386666
Refactoring; replace for loop with std::find_if
2019-04-28 10:07:11 +02:00
d23e987941
Fix CheckInternal warnings ( #1790 )
2019-04-06 06:55:46 +02:00
de4f57ec0f
Buffer overflow: Add CTU checking for pointer arithmetic overflows
2019-04-03 06:43:56 +02:00
c5807459f9
CheckBufferOverrun: Add check for pointer arithmetics
2019-03-31 09:00:52 +02:00
b5a285319c
Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode)
2019-03-29 19:37:23 +01:00
18aa968a7a
Astyle formatting
2019-03-23 19:03:57 +01:00
5126e4b1af
Try to fix Visual Studio compiler error
2019-03-23 19:02:05 +01:00
d27a4ad82e
CheckBufferOverrun: Fix ctu checking
2019-03-23 15:26:13 +01:00
a135683d2f
Refactoring; Renamed CWE786 and CWE788
2019-03-23 08:41:20 +01:00
15fc9a622d
CheckBufferOverrun: Add CTU analysis
2019-03-23 08:36:10 +01:00
031362ae01
CheckBufferOverrun: Fix false positive
2019-03-19 21:07:08 +01:00
6cbe818f1a
Fix uninitialized variable usage
2019-03-19 13:17:27 +01:00
a0e58f0039
Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
...
This reverts commit 9d1755f449
2019-03-19 13:16:22 +01:00
9d1755f449
Revert "CheckBufferOverrun: Handle multidimensional arrays"
...
This reverts commit e98a4a6f14
2019-03-19 13:13:29 +01:00
e98a4a6f14
CheckBufferOverrun: Handle multidimensional arrays
2019-03-19 09:29:32 +01:00
b53a2e5dc4
CheckBufferOverrun: restore minsize code
2019-03-17 20:34:49 +01:00
03f8535c71
Better multiline warning when there is buffer overflow
2019-03-17 20:12:02 +01:00
3c85d8a8ac
ValueFlow: Better info for buffer size values
2019-03-17 19:02:36 +01:00
19e9e42dd7
Library: Enhance minsize configuration and allow simple values. ( #1736 )
...
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
0771929518
Buffer overflow: Handling of dynamically allocated buffer
2019-03-17 13:40:56 +01:00
92f4113b59
Array index: Checking array index out of bounds for dynamic buffers
2019-03-17 13:09:15 +01:00
2ecfae0a98
CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now
2019-03-13 06:45:01 +01:00
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
4ababeb704
Fix 'make checkcfg'
2019-03-11 21:39:39 +01:00
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
17253cdb55
buffer overflow: Fix false positive
2019-03-11 19:40:17 +01:00
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
a933261e14
Add message id arrayIndexOutOfBoundsCond
2019-03-11 19:12:03 +01:00
0721c9f7f0
Running astyle [ci skip].
2019-03-11 15:32:30 +01:00
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
3eb5de756c
Buffer overrun: Refactorings; use range for loops and write in message
2019-03-09 22:19:09 +01:00
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
3f37d5ac2d
Refactoring strncpy/strncat checking to use ValueFlow and AST
2019-03-06 09:04:04 +01:00
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
271763e680
CTU: Refactoring
2018-12-25 21:11:23 +01:00
2214ef5359
Refactor isVLAIndex
2018-11-23 20:23:20 +01:00
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
12b7c9e597
Fix Cppcheck warning
2018-09-01 08:41:41 +02:00
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
54cfdb731e
Refactoring; Use Token::isUnaryOp() to clarify code
2018-07-13 23:12:20 +02:00
4c6270f9b2
Refactoring: use range for loop
2018-06-30 15:34:48 +02:00
cb48aae594
buffer overrun: Remove bailout. There is no test case and I fail to produce false positives.
2018-06-24 09:50:55 +02:00
19cf0d1fa4
Refactoring; use range for loop
2018-06-17 18:37:40 +02:00
ad4ce84cf7
Rename private member variables
2018-06-17 17:20:16 +02:00
79ffe1d4fc
Rename _tokenizer, _settings, _errorLogger
2018-06-16 16:10:28 +02:00
be6c273e6b
CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC).
2018-05-31 12:28:34 +02:00
ca8e19c96d
SymbolDatabase: Refactor SymbolDatabase: variable list
2018-04-28 09:38:33 +02:00
f336c2efe7
Refactoring; Renamed Scope::classStart and Scope::classEnd
2018-04-27 22:36:30 +02:00
f058d9ad08
CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better.
2018-04-23 12:21:18 +02:00
d2146844dd
Refactorizations:
...
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
b15cc3f236
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:54:39 +02:00
a0906140a6
Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName.
2018-04-09 06:43:48 +02:00
3ad6c7ebce
Refactoring, use early continue
2018-04-05 08:21:43 +02:00
67a71fa362
Refactor lib/checkbufferoverrun.cpp
2018-04-05 08:17:56 +02:00
b6504c70ca
Improve constness
2018-04-04 21:51:31 +02:00
96167ffa51
Compatibility fixes for gcc 4.5
2018-03-29 17:37:06 +02:00
71511f3131
Refactor f487182
2018-02-06 08:59:36 +01:00
f487182075
Suppressed unused functions should not lead to nonzero exit code ( #1026 ) ( #1078 )
...
This is a fix of commit 97ffec8
2018-02-06 07:44:53 +01:00
Daniel Marjamäki
orbitcowboy
PKEuS
Paul Fultz II
Oliver Stöneberg
Rikard Falkeborn
Sebastian
amai2012
orbitcowboy
Matthias Krüger
PKEuS
jrp2014
Ivan Maidanski