e98a4a6f14
CheckBufferOverrun: Handle multidimensional arrays
2019-03-19 09:29:32 +01:00
b53a2e5dc4
CheckBufferOverrun: restore minsize code
2019-03-17 20:34:49 +01:00
03f8535c71
Better multiline warning when there is buffer overflow
2019-03-17 20:12:02 +01:00
3c85d8a8ac
ValueFlow: Better info for buffer size values
2019-03-17 19:02:36 +01:00
19e9e42dd7
Library: Enhance minsize configuration and allow simple values. ( #1736 )
...
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
0771929518
Buffer overflow: Handling of dynamically allocated buffer
2019-03-17 13:40:56 +01:00
92f4113b59
Array index: Checking array index out of bounds for dynamic buffers
2019-03-17 13:09:15 +01:00
2ecfae0a98
CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now
2019-03-13 06:45:01 +01:00
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
4ababeb704
Fix 'make checkcfg'
2019-03-11 21:39:39 +01:00
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
17253cdb55
buffer overflow: Fix false positive
2019-03-11 19:40:17 +01:00
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
a933261e14
Add message id arrayIndexOutOfBoundsCond
2019-03-11 19:12:03 +01:00
0721c9f7f0
Running astyle [ci skip].
2019-03-11 15:32:30 +01:00
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
3eb5de756c
Buffer overrun: Refactorings; use range for loops and write in message
2019-03-09 22:19:09 +01:00
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
3f37d5ac2d
Refactoring strncpy/strncat checking to use ValueFlow and AST
2019-03-06 09:04:04 +01:00
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
271763e680
CTU: Refactoring
2018-12-25 21:11:23 +01:00
2214ef5359
Refactor isVLAIndex
2018-11-23 20:23:20 +01:00
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
12b7c9e597
Fix Cppcheck warning
2018-09-01 08:41:41 +02:00
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
54cfdb731e
Refactoring; Use Token::isUnaryOp() to clarify code
2018-07-13 23:12:20 +02:00
4c6270f9b2
Refactoring: use range for loop
2018-06-30 15:34:48 +02:00
cb48aae594
buffer overrun: Remove bailout. There is no test case and I fail to produce false positives.
2018-06-24 09:50:55 +02:00
19cf0d1fa4
Refactoring; use range for loop
2018-06-17 18:37:40 +02:00
ad4ce84cf7
Rename private member variables
2018-06-17 17:20:16 +02:00
79ffe1d4fc
Rename _tokenizer, _settings, _errorLogger
2018-06-16 16:10:28 +02:00
be6c273e6b
CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC).
2018-05-31 12:28:34 +02:00
ca8e19c96d
SymbolDatabase: Refactor SymbolDatabase: variable list
2018-04-28 09:38:33 +02:00
f336c2efe7
Refactoring; Renamed Scope::classStart and Scope::classEnd
2018-04-27 22:36:30 +02:00
f058d9ad08
CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better.
2018-04-23 12:21:18 +02:00
d2146844dd
Refactorizations:
...
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
b15cc3f236
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:54:39 +02:00
a0906140a6
Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName.
2018-04-09 06:43:48 +02:00
3ad6c7ebce
Refactoring, use early continue
2018-04-05 08:21:43 +02:00
67a71fa362
Refactor lib/checkbufferoverrun.cpp
2018-04-05 08:17:56 +02:00
b6504c70ca
Improve constness
2018-04-04 21:51:31 +02:00
96167ffa51
Compatibility fixes for gcc 4.5
2018-03-29 17:37:06 +02:00
71511f3131
Refactor f487182
2018-02-06 08:59:36 +01:00
f487182075
Suppressed unused functions should not lead to nonzero exit code ( #1026 ) ( #1078 )
...
This is a fix of commit 97ffec8
2018-02-06 07:44:53 +01:00
5b6ec49a6f
Pointer overflow: Fixed false positive
2018-01-27 22:09:43 +01:00
189e0b3890
Fix Cppcheck warning about uninitialized variable
2018-01-27 22:05:29 +01:00
bc40f5041d
Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun)
2018-01-27 15:39:39 +01:00
c4caee6b18
Updated copyright year
2018-01-14 15:37:52 +01:00
97ffec85c0
Fixed #7502 (Correct exit code if never used function is found) ( #1026 )
2018-01-12 08:24:01 +01:00
7d2450e445
Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)
2017-12-31 14:58:26 +01:00
79f6793076
minor code cleanup
2017-12-31 12:30:02 +01:00
a8700f5622
Remove redundant parts of conditional expressions ( #988 )
...
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
ba8222de1c
ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive.
2017-09-20 22:41:36 +02:00
f0b5327450
Fix codestyle ( #953 )
2017-09-07 13:00:46 +02:00
0e444aa133
Cache and reuse values
2017-09-05 17:50:36 +03:00
b8cd7dbb5c
Use nullptr instead of 0 or NULL ( #936 )
2017-08-09 20:00:26 +02:00
9b6d371762
checkbufferoverrun: remove dead store
...
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.
Was:
lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
tok = tok->next();
^ ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00
058c439b2a
Coverity detected useless function call, cleanup code
2017-08-01 12:45:37 +02:00
fec0c46af0
Refactoring, use continue in loop
2017-07-30 14:53:58 +02:00
4bbc830a85
Fix warnings
2017-07-17 10:13:11 +03:00
f4ce49d883
ENH: perfomance: using clear() and empty() more faster for stl containers
2017-06-02 22:38:00 +04:00
28aa939d69
iwyu - include what you use
2017-05-27 04:33:47 +02:00
1dd42d9a9e
arrayIndexOutOfBounds: Make sure error message is clarified for daca2 --template format
2017-05-25 08:18:37 +02:00
70c2de62b7
arrayIndexOutOfBounds: better note
2017-05-23 16:06:32 +02:00
e73657b198
Clarify arrayIndexOutOfBounds
2017-05-23 14:58:43 +02:00
f7cda81c0c
Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning'
2017-05-23 11:43:56 +02:00
55ae206ecc
ErrorPath: better output
2017-05-19 17:29:16 +02:00
c617851567
ErrorLogger: Added ErrorPath where each item has token and info
2017-05-16 22:38:13 +02:00
f92e7b3bfc
Emit better errorpath in CheckBufferOverrun::negativeIndexError
2017-05-16 19:08:47 +02:00
b526fd7c49
Ticket #7964 : Don't crash on valid code using function pointers named strcpy or strcat in main().
2017-04-21 23:36:10 +02:00
b1f4bd7504
Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set ( #7995 )
2017-04-11 11:49:26 +02:00
7d12e1f3a6
valueFlowGetArrayIndexes: convert Token::Match to Token::simpleMatch.
...
The pattern is a sole "[", but since "[" is also used for complexe patterns, the internal check that finds potential simple match patterns bailed out here.
2017-04-09 17:27:46 +02:00
633ed23c0d
Fix Cppcheck warnings about mismatching function argument names
2017-04-01 09:31:27 +02:00
cc3ef7bbe8
Fix so array access out of bounds for external arrays are detected again
2017-03-30 10:14:17 +02:00
3c8f5b85ae
Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10%
2017-03-27 18:48:34 +02:00
2938278f00
Refactorization: Store minsizes in vector instead of list which has less overhead
2017-03-27 17:53:43 +02:00
63d39390b4
checkbufferoverrun.cpp: refactorizations
2017-03-27 16:09:51 +02:00
83b1e1c329
CheckBufferOverrun: Refactorizations
...
- Improved/Optimized conditions in checkBufferAllocatedWithStrlen()
- Avoid copying strings for checkScope()
2017-03-27 11:48:34 +02:00
680828788b
Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests
2017-03-27 11:30:07 +02:00
171e1b8244
Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck()
2017-03-27 11:07:49 +02:00
6c71d74563
Cleanup: There is no need to clear a string directly after its creation.
2017-01-16 20:10:28 +01:00
f0d91fb74b
Fixed #7869 (False positive: Array index out of bounds)
2016-12-20 22:01:19 +01:00
f5ad7482a8
CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member.
2016-12-18 22:10:30 +01:00
cfac3b457d
Several small refactorizations
2016-12-06 22:12:02 +01:00
57b57428c2
Fix some typos in comments (found by codespell)
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-11-27 11:40:42 +01:00
a61f4e9c94
Fixed #7831 (false-positive: terminateStrncpy)
2016-11-24 07:04:58 +01:00
4732667488
ValueFlow: allow more value types
2016-11-13 22:33:39 +01:00
9ff3e85899
Added --cppcheck-build-dir flag
2016-10-29 12:18:11 +02:00
499e52c976
astyle formatting
...
[ci skip]
2016-08-15 18:04:55 +02:00
41dee04e90
CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor
2016-08-14 18:23:41 +01:00
55b3f0bf38
Fixed #752 (SymbolDatabase: Does not match function if redundant keywords mismatch (C++))
2016-08-04 09:06:32 +02:00
3f4fe8f578
Refactorized CheckBufferOverrun:
...
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
9a6569fde1
Always set ErrorMessage::file0 to ensure that the source file that cppcheck is checking when an error occurs can be identified
...
Removed unused function and unused includes from preprocessor.h/cpp
2016-07-26 16:28:40 +02:00
bae81fba05
Silent clang -Wshadow warning. ( #812 )
...
Add an optional extended description…
2016-07-09 19:07:58 +02:00
44a19b527e
Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums ( #7576 )
2016-07-08 20:53:08 +02:00
644a216394
Fixed two false positives related to char arrays initialized by a literal:
...
- Run check for writing to string literals on non-simplified token list (#7283 )
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/ )
2016-07-07 19:38:15 +02:00
0f11007c19
Fixed #7083 (false positive: typedef and initialization with strings)
2016-06-21 22:42:46 +02:00
8c0eab3eb3
Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays ( #5975 )
...
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
728d4242dc
Refactorizations in CheckBufferOverrun:
...
- Improved performance of CheckBufferOverrun::checkScope()
- Made some patterns less restrictive
2016-05-25 11:50:34 +02:00
d3645d874e
Mapped toomanyconfigs ,AssignmentAddressToInteger
...
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00
cef6b35bb8
Improve MAXTIME handling
2016-02-11 16:10:52 +01:00
5e10e680da
CWE: refactoring. use constants instead of magic numbers.
2016-01-25 20:01:48 +01:00
5ce69da02d
Mapped 26 errors to their CWEs ID.
2016-01-24 20:53:05 +00:00
659cd96b03
Fixed #7209 (False positive: Array index used before limits check reported in sizeof)
2016-01-24 14:06:02 +01:00
afe659cc88
This variable type looks very suspicious
2016-01-18 09:52:35 +03:00
bb6880919c
CWE mapping
2016-01-15 17:07:14 +01:00
26788a1dc1
Remove repeated code, better variable name
2016-01-15 17:20:40 +03:00
996c9244d8
Update copyright year to 2007-2016.
2016-01-01 15:34:45 +02:00
5cba4ac602
Omit unneeded deep copy
2015-12-23 10:32:59 +03:00
155ccecf2f
Drop useless braces
2015-12-22 10:31:49 +03:00
32e2fb2f78
Refactorization: Prefer Token::simpleMatch over Token::Match also for non-const patterns.
2015-12-03 13:04:55 +01:00
9c3f25603e
CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead ( #6973 )
2015-11-30 16:36:52 +01:00
ac17541ca9
Refactorizations:
...
- Fixed a few more MSVC warnings by using correct types
- Store severity as enum instead of string in Settings::Rule
2015-11-28 12:30:21 +01:00
6b124a37d8
Cleanup some casts
2015-11-28 10:11:07 +01:00
0f9d90d2be
Changed Copyrights. Removed my name.
2015-11-18 20:04:50 +01:00
5074c11b53
CheckBufferOverrun: Fixed FP when accessing string that contains '\0'. Refactoring address-of.
2015-11-09 10:30:39 +01:00
ef5be435c7
Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast)
2015-11-08 17:21:32 +01:00
fc564d779e
Fixed #7112 (crash: CheckBufferOverrun::checkGlobalAndLocalVariable (invalid code))
2015-11-08 14:21:12 +01:00
48da1d5396
Refactoring CheckBufferOverrun
2015-11-08 12:39:08 +01:00
7d6e1974eb
Fixed #7104 (False positive arrayIndexOutOfBounds)
2015-11-08 09:30:23 +01:00
35ed902e3f
Try to fix crash when using getMaxValue()
2015-11-07 19:59:48 +01:00
32627dc558
try to fix internal errors detected by Travis
2015-11-07 19:47:30 +01:00
9c7271a5e9
CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead
2015-11-07 18:12:01 +01:00
d0ab3aea70
CheckBufferOverrun: Minor fixes for strings
2015-11-07 15:05:56 +01:00
be7bca385d
avoid some fixes for noisy signedness warnings
2015-10-11 12:50:46 +02:00
139ead15ef
Merge overlapping patterns
2015-09-01 16:17:17 +03:00
ab8afec3eb
Refactorizations:
...
- Avoid unnecessary loop iterations
- Avoid unnecessary condition checking
- Reduced code duplication in symboldatabase.cpp
2015-08-16 14:23:07 +02:00
4d80df2f4a
Added pointer to Type to Token (similar to Token::Variable() and Token::function()):
...
- Accessible via Token::type()
- Renamed former Token::type() to Token::tokType()
- Removed SymbolDatabase::isClassOrStruct()
2015-08-15 11:19:21 +02:00
6790d91fbb
Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884 .
2015-07-29 19:54:57 +02:00
c5bbea2994
Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value)
2015-07-27 16:39:41 +02:00
fef251ac76
negative array size: fixed noise when array is not vla
2015-07-04 09:42:42 +02:00
11538c84f6
Refactoring: Distinguish between C and C++ code
...
Refactoring: Replace CheckNonReentrantFunctions::initNonReentrantFunctions by static initialization
2015-06-29 21:17:15 +02:00
b8e08ca5d8
Code cleanup.
2015-06-28 19:27:23 +02:00
7ff4d10c43
Astyle formatting, no functional changes.
2015-06-28 19:25:13 +02:00
5814c3b84c
Fix some compiler warnings with VS
...
Minor refactoring on Windows SEH code.
2015-06-28 19:20:16 +02:00
0b225fa02f
2nd attempt to fix crash in CheckUnusedFunctions::check. CheckBufferOverrun::checkBufferAllocatedWithStrlen: Don't check for 'new' in C code.
2015-06-28 18:34:09 +02:00
02a3a01eca
Fix compiler warnings
2015-06-28 18:07:31 +02:00
2c73518e29
Fix platform-dependent test result, formatting and crash in whole program analysis
2015-06-28 17:54:48 +02:00
0ca410a4d7
Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)
2015-06-07 14:01:20 +02:00
d5d6d7fbb8
Running astyle, no functional changes.
2015-05-29 20:20:05 +02:00
5b347c537b
Fix #6720 and #6721 (Crashes on garbage code)
...
Local fixes to avoid access to NULL-token
2015-05-29 19:30:55 +02:00
3ce4e68ca6
Refactorization: Make use of do-loops to avoid redundant Token::Match() calls
2015-05-13 13:40:40 +02:00
baa1ae079d
New check: negative size in array declaration. Ticket #1760
2015-05-03 15:00:47 +02:00
88f59ad7e8
Partial fix for #6656 (Allow that CWE is mapped for error message)
2015-04-25 17:48:11 +02:00
Daniel Marjamäki
Sebastian
orbitcowboy
amai2012
orbitcowboy
Matthias Krüger
PKEuS
jrp2014
Ivan Maidanski
Oleksandr Redko
Ayaz Salikhov
Dmitry-Me
Ayaz Salikhov
uburuntu
Simon Martin
PKEuS
Stefan Weil
Roberto Martelloni
Robert Reif
Simon Martin
umanamente
Lauri Nurmi
amai2012
PKEuS