Commit Graph

453 Commits

Author SHA1 Message Date
Daniel Marjamäki 5ae6234729 Fixed #5978 (false positive: Array 'm_pool_vector[-1]' accessed at index 0, which is out of bounds.) 2014-07-20 11:44:25 +02:00
Dmitry-Me 13234a7366 Shorten code by using temp variables, cleanup variable names. 2014-07-14 12:20:00 +04:00
Alexander Mai df95cd09f0 Fix compiler warnings about type mismatch 2014-07-08 21:47:22 +02:00
Daniel Marjamäki 254b6438b9 CheckBufferOverrun::checkStringArgument: sizeof string is strlen+1 2014-07-08 16:04:09 +02:00
Daniel Marjamäki 4d0189c672 CheckBufferOverrun: Fixed crash. The crash occured in ThreadHandler in the deserialize() function. Probably because " was used in error message. 2014-07-08 07:08:51 +02:00
amai2012 9b38ae73c1 Attempt to fix 2 Coverity messages.
Replace a few unsigned int by std::size_t
2014-07-07 21:25:30 +02:00
Daniel Marjamäki 3169a2d215 astyle formatting
[ci skip]
2014-07-06 17:50:21 +02:00
amai2012 0ddd7752b5 Avoid crash reported in #5943 (using the example from duplicate ticket #5971)
Replace a few size_t/unsigned int by std::size_t
2014-07-06 14:48:24 +02:00
amai2012 f1bf38004b Fix MSVC compiler warnings 2014-07-06 13:08:22 +02:00
Daniel Marjamäki 0fd334911a Fixed #5257 (Check memcpy size for string literals) 2014-07-06 08:41:39 +02:00
amai2012 77095e2b05 Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
Fix some compiler warnings on MSVC
2014-07-05 22:47:10 +02:00
Daniel Marjamäki a3acc3241e Library: Added <minsize> element used for buffer overrun checking 2014-07-05 20:31:43 +02:00
Daniel Marjamäki 6c8558c112 CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on. 2014-06-27 06:46:42 +02:00
Daniel Marjamäki 036b2f8ccf CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking. 2014-06-26 17:36:20 +02:00
PKEuS ec1bd420a7 Refactorizations optimizing std::string usage:
1) Added global static const std::string emptyString; object:
-> Replaces some static variables in functions which might be not threadsafe
-> Avoids constructor call (std::string::string(""))
-> Even functions that return an empty string in some branches can return by reference now.
Added to config.h to ensure that it is available everywhere

2) Added overloads for TestFixture::assertEquals for the most common use cases:
-> Moves conversion from const char[] to std::string into a function, reducing code duplication in binary.
2014-06-26 11:51:02 +02:00
PKEuS feefa4c626 Speedup checking large amounts of arrays (#5615) by avoiding Token::Match calls in CheckBufferOverrun::checkScope(2).
-> Decreased entire checking time on a subset of the attached file by 66% (MSVC12, x64, non-matchcompiled)
2014-06-26 11:51:02 +02:00
PKEuS 2d54bace1b Improved performance of CheckBufferOverrun::checkScope() (#5944):
-> Speedup by 40% (MSVC12, x64, not matchcompiled) on the file attached to the ticket
2014-06-23 19:06:59 +02:00
Dmitry-Me 7692a306cd Cleanup code - reorder checks and make variable declaration scope narrower. 2014-06-06 18:58:20 +04:00
PKEuS d93d7401c6 Moved getSourceFilePath(), isC() and isCPP() from Tokenizer to TokenList
Conflicts:
	lib/tokenize.cpp
2014-06-04 18:36:25 +02:00
Simon Martin f7356dd8c7 Only fill total_size in CheckBufferOverrun::checkFunctionParameter when it's useful. 2014-05-29 23:51:13 +02:00
Simon Martin 139f87af18 Ticket #5615: Avoid calling the same function n times when once is enough. 2014-05-29 19:58:09 +02:00
Simon Martin 966491d40b Added a test for out-of-bounds character array access. 2014-05-27 16:21:13 +02:00
PKEuS effa38c322 Fixed #5863 (False positive: array index is used before limits check) 2014-05-24 17:50:01 +02:00
PKEuS 8f79dc3ff8 Cleaned up includes and forward declarations in checkers:
- Removed definitely unnecessary forward declarations (e.g. "class Token"; token.h is already included by check.h, so a definition is unnecessary)
 - Removed unused includes
2014-05-24 12:50:03 +02:00
PKEuS b0b0562247 Removed obsolete piece of code from checkbufferoverrun.cpp 2014-05-24 11:29:32 +02:00
PKEuS 5fbd58d98d Fixed messages of CheckInternal, fixed a false positive. 2014-05-18 20:39:52 +02:00
PKEuS 04fbbdb5e8 Refactorized CheckBufferOverrun::arrayIndexThenCheck() and fixed false negative 2014-05-10 13:00:44 +02:00
Daniel Marjamäki ed1d63ffc0 Fixed #5636 (FP: matrix out of bounds) 2014-05-03 18:12:06 +02:00
Dmitry-Me a7c7b00407 Reuse variable value, return earlier. 2014-04-24 12:24:40 +04:00
Dmitry-Me 9b74d43473 Rename local variable plus return a bit earlier on edge condition. 2014-04-23 11:18:09 +04:00
Philipp Kloke ddf34440b6 Refactorization: Replaced several Token::findmatch calls by symboldatabase usage 2014-04-12 23:41:46 +02:00
Alexander Mai 89dc652af9 #5631 Typo and misleading error message in negativeMemoryAllocationSize 2014-04-08 20:23:00 +02:00
Daniel Marjamäki 3c64c70ce2 ValueFlow: Added utility functions getValueLE and getValueGE to simplify usage 2014-04-02 06:49:28 +02:00
Daniel Marjamäki deef4642d4 Buffer overrun: removed some old code that is not based on valueflow 2014-03-29 20:22:35 +01:00
Daniel Marjamäki e5301b2b7a ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known 2014-03-29 20:20:22 +01:00
PKEuS 9b307cf8e0 Improved readability of testsuite output when ASSERT_EQUALS_MSG fails.
Fixed another true positive in checkbufferoverrun.cpp
AStyle
2014-03-27 16:06:30 +01:00
Daniel Marjamäki d22da5e683 astyle formatting
[ci skip]
2014-03-26 06:56:13 +01:00
Daniel Marjamäki fa7ae1ae5b Fixed segfault when checking libusbx (daca2) 2014-03-26 06:51:56 +01:00
Daniel Marjamäki 87daf5783e buffer overflow: clean up old checking for negative index 2014-03-25 20:37:32 +01:00
Daniel Marjamäki c8004a8d31 Buffer overruns: Use ValueFlow to detect negative index 2014-03-25 18:22:22 +01:00
PKEuS 49b25b05d9 Fixed crash in CheckBufferOverrun on garbage code (#5595) 2014-03-21 13:20:44 +01:00
Thomas Jarosch 93341f4449 Use simple match where possible
Fixes these warnings found by "--enable=internal":

[lib/checkclass.cpp:972]: (warning) Found simple pattern inside Token::Match() call: "* *"
[lib/checkbufferoverrun.cpp:635]: (warning) Found simple pattern inside Token::Match() call: "."
[lib/checkbufferoverrun.cpp:1397]: (warning) Found simple pattern inside Token::Match() call: ";"
[lib/checksizeof.cpp:299]: (warning) Found simple pattern inside Token::Match() call: "."
[lib/checksizeof.cpp:301]: (warning) Found simple pattern inside Token::Match() call: ")"
[lib/checksizeof.cpp:303]: (warning) Found simple pattern inside Token::Match() call: "]"
[lib/checksizeof.cpp:318]: (warning) Found simple pattern inside Token::Match() call: ")"
[lib/checknullpointer.cpp:413]: (warning) Found simple pattern inside Token::Match() call: "delete"
[lib/checkio.cpp:1336]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkstl.cpp:1509]: (warning) Found simple pattern inside Token::findmatch() call: ";"
[lib/checkstl.cpp:1512]: (warning) Found simple pattern inside Token::findmatch() call: ";"
[lib/checkstl.cpp:1594]: (warning) Found simple pattern inside Token::Match() call: "="
[lib/checkstl.cpp:1598]: (warning) Found simple pattern inside Token::Match() call: "] ="
[lib/checkunusedvar.cpp:755]: (warning) Found simple pattern inside Token::Match() call: "goto"
[lib/checkunusedvar.cpp:793]: (warning) Found simple pattern inside Token::Match() call: "="
[lib/checkuninitvar.cpp:376]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkother.cpp:86]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkother.cpp:2181]: (warning) Found simple pattern inside Token::Match() call: "> {"
[lib/valueflow.cpp:54]: (warning) Found simple pattern inside Token::Match() call: "&"
[lib/valueflow.cpp:409]: (warning) Found simple pattern inside Token::Match() call: "do"
[lib/valueflow.cpp:425]: (warning) Found simple pattern inside Token::Match() call: ") {"
[lib/valueflow.cpp:487]: (warning) Found simple pattern inside Token::Match() call: ") {"
[lib/valueflow.cpp:511]: (warning) Found simple pattern inside Token::Match() call: "} else {"
[lib/valueflow.cpp:615]: (warning) Found simple pattern inside Token::Match() call: "for ("
[lib/symboldatabase.cpp:80]: (warning) Found simple pattern inside Token::Match() call: "= {"
[lib/symboldatabase.cpp:1069]: (warning) Found simple pattern inside Token::Match() call: "std ::"
[lib/tokenize.cpp:2207]: (warning) Found simple pattern inside Token::Match() call: "< >"
[lib/tokenize.cpp:2730]: (warning) Found simple pattern inside Token::Match() call: ";"
[lib/tokenize.cpp:4234]: (warning) Found simple pattern inside Token::Match() call: "try {"
[lib/tokenize.cpp:4235]: (warning) Found simple pattern inside Token::Match() call: "} catch ("
[lib/tokenize.cpp:5500]: (warning) Found simple pattern inside Token::Match() call: "INT8"
[lib/tokenize.cpp:5752]: (warning) Found simple pattern inside Token::Match() call: "}"
[lib/tokenize.cpp:5752]: (warning) Found simple pattern inside Token::Match() call: "do"
2014-03-14 16:27:47 +01:00
Daniel Marjamäki 7fa73c0d64 Merge pull request #256 from xypron/5505
5505: FP: Array accessed out of bounds
2014-03-09 08:47:18 +01:00
Heinrich Schuchardt bd67db96f1 5505: FP: Array accessed out of bounds
CheckBufferOverrun::checkFunctionParameter alreacy considered usage of a
function parameter inside an if block as a special case.

With the patch the same is done for switch statements.

A test is added.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-07 19:51:13 +01:00
Daniel Marjamäki a41a32ba8a Fixed #5469 (CheckBufferOverrun: Use nullptr) 2014-02-28 17:02:03 +01:00
Lauri Nurmi 70a67eaf85 Change some more 0 literals into nullptr. 2014-02-16 13:38:50 +02:00
Daniel Marjamäki 23efc68dd7 use nullptr 2014-02-16 10:32:10 +01:00
Daniel Marjamäki fd3a8a2a18 Update copyright 2014-02-15 07:45:39 +01:00
Lucas Manuel Rodriguez 828609bb11 Fixed two doxygen errors - http://cppcheck.sourceforge.net/devinfo/doxygen-errors.txt 2014-02-09 16:46:49 -03:00
Martin Ettl 6ca7daec10 Fixed #389: Providing negative value to memory allocation function. 2014-02-01 22:38:29 +01:00
Daniel Marjamäki 9aa9530e0d Fixed #5426 (crash: btrfs-progs cmds-inspect.c) 2014-01-31 06:19:36 +01:00
Daniel Marjamäki abe8439917 Fixed #5416 (False positive: Array accessed at index, which is out of bounds.) 2014-01-28 16:55:10 +01:00
Daniel Marjamäki 0dbb86f0cb Cleanup ExecutionPath from CheckBufferOverrun 2014-01-22 21:25:37 +01:00
Daniel Marjamäki 20b73747e0 value flow: refactor. added Token::getMaxValue() 2014-01-21 16:58:23 +01:00
Daniel Marjamäki 77f3f6c21a valueflow: added setTokenValue that perform calculations using set value 2014-01-18 19:30:44 +01:00
Daniel Marjamäki 3e23e243f6 BufferOverflow: Updated message for out of bounds array index or redundant condition 2014-01-17 19:44:45 +01:00
Daniel Marjamäki 18d6285ad2 BufferOverrun: Improved error message when array index is used before checking that its in limits 2014-01-17 18:56:46 +01:00
Daniel Marjamäki 0b4de97e2b value flow: Use ValueFlow in CheckBufferOverrun 2014-01-16 19:23:14 +01:00
Daniel Marjamäki a1b0d190df Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().) 2014-01-02 10:46:19 +01:00
Simon Martin fe75686595 Ticket #5203: Don't crash when checking buffer overrun for invalid code. 2013-11-30 07:40:32 +01:00
Martin Ettl 3bf415fa2b checkbufferoverrun: improved constness of local variables. checkbufferoverrun:array_index(): added a bailout if the function is called with tok=NULL and added a NULL pointer check after a dynamic_cast. 2013-11-10 05:05:31 +01:00
Martin Ettl 4eba02d901 Checkbufferoverrun: improved constness of local variables, no functional changes. 2013-11-03 04:48:41 +01:00
PKEuS c95b153700 Refactorizations:
- Removed some redundant operator=, copy-ctor and dtor implementations
- use operator[] instead of at() in library loading code
2013-10-27 13:55:13 +01:00
XhmikosR 93bdf45313 Fix typo in error message. 2013-10-23 09:05:39 +03:00
Daniel Marjamäki 946722faf0 Fixed #4968 (False positive: Structure with 'read' member is confused with read() function.) 2013-10-05 18:25:44 +02:00
Simon Martin 894f537eba Remove warnings emitted by clang's -Wsign-conversion 2013-09-22 13:22:52 +02:00
Alexander Mai 450442287c Fixed #4974 (CheckBufferOverrun::writeOutsideBufferSize() too strict) 2013-08-25 18:46:07 +02:00
Daniel Marjamäki f8f3f0d384 astyle formatting 2013-08-24 07:37:21 +02:00
Daniel Marjamäki 5ce7189bc0 Merge pull request #166 from last5bits/ticket4213
Fixing #4213 arrayIndexThenCheck and adding tests
2013-08-23 22:36:30 -07:00
Alexey Zhikhartsev d24a321ba2 Fixing #4213 arrayIndexThenCheck and adding tests 2013-08-23 19:04:01 +04:00
Daniel Marjamäki 9c67af058a SymbolDatabase: Renamed Variable::varId() to Variable::declarationId() to make it more clear how it works. 2013-07-20 12:31:04 +02:00
Lucas Manuel Rodriguez d6be4559cd Fixed #4840 (false negative: buffer access out of bounds) 2013-06-25 06:37:51 +02:00
Daniel Marjamäki a861817a01 Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration) 2013-05-28 16:52:23 +02:00
Daniel Marjamäki ea60c5b14b CheckBufferOverrun: Code cleanup 2013-05-05 08:14:19 +02:00
PKEuS c487ea843d Better fix for #4706: Use Token::nextArgument() properly. Removed redundant ' in message 2013-04-09 08:30:53 -07:00
Ettl Martin ba8cca8fa9 #4706 fix crash when a struct member is used as first argument. Replaced Token::nexArgument with %any% in Token::Match call. Added unittests in testing Token::nexArgument. 2013-04-04 15:12:18 +02:00
XhmikosR 99fc5f6203 checkbufferoverrun.cpp: fix a /W4 MSVC warning 2013-03-30 19:06:13 +01:00
Ettl Martin a08083a342 #4664: using Token::nextArgument() and std::string & 2013-03-20 11:53:25 +01:00
Ettl Martin ff826d7c62 #4664: new check: (POSIX) write outside buffer size. 2013-03-19 08:22:48 +01:00
Daniel Marjamäki fe046a3350 CheckBufferOverrun: Fixed Cppcheck warning 'variable scope can be reduced' (found by travis) 2013-03-14 18:25:28 +01:00
PKEuS 096fa2f771 Fixed #4380 2013-03-14 10:18:48 -07:00
Robert Reif 4b9b87e310 Fixed #4646 (false positive: (style, inconclusive) Technically the member function 'C<T>::operator+=' can be const.) 2013-03-14 06:34:12 +01:00
PKEuS d78c06dc3f Replaced _settings->isEnabled("style") by _settings->isEnabled("warning") wherever warnings are issued 2013-03-03 02:41:59 -08:00
PKEuS f899e6ca30 Changed behaviour of %op% pattern accordingly to changes to Token::isOp(). Added %cop% as replacement for old %op% 2013-03-01 02:43:59 -08:00
PKEuS 27f7917349 Changed severity and message formatting of argumentSize message. 2013-02-16 00:52:27 -08:00
Robert Reif 42588e9729 Fixed #4535 (Simplify checks by caching symbol database Variable pointer in Token) 2013-02-06 06:39:58 +01:00
Robert Reif 94c953931d Simplify checks by caching symbol database Variable pointer in Token 2013-01-31 20:08:48 +01:00
Robert Reif ec1c86c152 Symbol database: more function/variable cleanup. Ticket: #4494 2013-01-31 06:41:18 +01:00
Robert Reif 859793731d SymbolDatabase: Refactor findFunction handling. Ticket: #4494 2013-01-28 06:47:48 +01:00
Andrew C. Martin 4a73c93750 Fix compiler warnings and comment/string typos
- fix g++ warning:

> lib/checkother.cpp:3779: warning: comparison between signed and unsigned integer expressions

 - fix suncc warning (see [everything2](http://everything2.com/title/C%252B%252B%253A+static+extern+%2522C%2522)):

> "lib/checkmemoryleak.cpp", line 578: Warning (Anachronism): Formal argument __compar of type extern "C" int(*)(const void*,const void*) in call to bsearch(const void*, const void*, unsigned long, unsigned long, extern "C" int(*)(const void*,const void*)) is being passed int(*)(const void*,const void*).

- prefer empty() / isEmpty() over "size() > 0" (cases not caught by stlSize)

- fix word misspellings (mostly comments, a few output lines)

  - Parenthesis => Parentheses (both variations were used in the codebase)

  - fix typo and wording ("never alwayw") in gui/test/data/benchmark/simple.cpp's CheckOther::unsignedPositive():

```
-  "An unsigned variable will never alwayw be positive so it is either pointless or "
+  "An unsigned variable can't be negative so it is either pointless or "
```
2013-01-16 07:37:07 -07:00
Reijo Tomperi 5d5f7085bf Updating year 2012 -> 2013 to .cpp and .h files and man page. 2013-01-01 18:29:08 +02:00
Thomas Jarosch 78316f02b6 Fix comment about wrong magic number 2012-12-28 11:31:50 +01:00
Thomas Jarosch 4708be09f5 Fixed #4444 (segmentation fault) 2012-12-28 11:15:18 +01:00
Robert Reif ce380301fd Fixed #4432 (Crash on parsing PHP interpreter) 2012-12-26 08:29:10 +01:00
Daniel Marjamäki 7f6a10599b Fixed #4262 (Small Request/Suggestion for checks on array size of args (bounty offer)) 2012-12-22 09:23:34 +01:00
Daniel Marjamäki 365a260ddc Fixed #4398 (False negative: out of bounds (for loop)) 2012-12-22 08:00:05 +01:00
Edoardo Prezioso 5101f3c029 Use the new pattern: '%comp%' where possible.
Change also the description comment of the Token::Match by adding the new pattern and the forgotten '%op%'.
2012-12-01 01:31:35 +01:00
Daniel Marjamäki 031adef6ea Array index checking: Fixed TODO comment (false negatives when using ?:) 2012-11-30 09:01:15 +01:00
Daniel Marjamäki 1c4afbce8c Cleanup: Removed += and -= patterns from the checks. These should be simplified. 2012-11-30 07:08:16 +01:00
Robert Reif 0f8db28d30 speed up checks by caching commonly looked up stuff in the symbol database (CheckBufferOverrun, CheckBoost) 2012-10-13 11:16:48 +02:00