de9f489b08
use range loops / constness ( #2181 )
...
* use range loops / constness
* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
32eda27391
Refactoring: Use enum class
2019-07-16 10:51:26 +02:00
1888b39314
Use 'nonneg' instead of 'unsigned' in checkbufferoverrun
2019-07-16 07:59:35 +02:00
f75c15af56
Fix issue 6821: New check: access heap/stack data using address of variable
...
This fixes errors with:
```cpp
int f() {
int i;
return (&i)[1];
}
```
It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
6da42a3d63
Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.)
2019-05-01 13:00:14 +02:00
74fad6ce05
Modernizing; Use std::accumulate instead of for loop
2019-04-28 11:25:43 +02:00
9c5d24c551
Modernizing: Use std::accumulate instead of for loop
2019-04-28 11:17:11 +02:00
9d72e24edb
Refactoring; Use stl algorithm instead of for loop
2019-04-28 10:30:20 +02:00
f503386666
Refactoring; replace for loop with std::find_if
2019-04-28 10:07:11 +02:00
d23e987941
Fix CheckInternal warnings ( #1790 )
2019-04-06 06:55:46 +02:00
de4f57ec0f
Buffer overflow: Add CTU checking for pointer arithmetic overflows
2019-04-03 06:43:56 +02:00
c5807459f9
CheckBufferOverrun: Add check for pointer arithmetics
2019-03-31 09:00:52 +02:00
b5a285319c
Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode)
2019-03-29 19:37:23 +01:00
18aa968a7a
Astyle formatting
2019-03-23 19:03:57 +01:00
5126e4b1af
Try to fix Visual Studio compiler error
2019-03-23 19:02:05 +01:00
d27a4ad82e
CheckBufferOverrun: Fix ctu checking
2019-03-23 15:26:13 +01:00
a135683d2f
Refactoring; Renamed CWE786 and CWE788
2019-03-23 08:41:20 +01:00
15fc9a622d
CheckBufferOverrun: Add CTU analysis
2019-03-23 08:36:10 +01:00
031362ae01
CheckBufferOverrun: Fix false positive
2019-03-19 21:07:08 +01:00
6cbe818f1a
Fix uninitialized variable usage
2019-03-19 13:17:27 +01:00
a0e58f0039
Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
...
This reverts commit 9d1755f449
2019-03-19 13:16:22 +01:00
9d1755f449
Revert "CheckBufferOverrun: Handle multidimensional arrays"
...
This reverts commit e98a4a6f14
2019-03-19 13:13:29 +01:00
e98a4a6f14
CheckBufferOverrun: Handle multidimensional arrays
2019-03-19 09:29:32 +01:00
b53a2e5dc4
CheckBufferOverrun: restore minsize code
2019-03-17 20:34:49 +01:00
03f8535c71
Better multiline warning when there is buffer overflow
2019-03-17 20:12:02 +01:00
3c85d8a8ac
ValueFlow: Better info for buffer size values
2019-03-17 19:02:36 +01:00
19e9e42dd7
Library: Enhance minsize configuration and allow simple values. ( #1736 )
...
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
0771929518
Buffer overflow: Handling of dynamically allocated buffer
2019-03-17 13:40:56 +01:00
92f4113b59
Array index: Checking array index out of bounds for dynamic buffers
2019-03-17 13:09:15 +01:00
2ecfae0a98
CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now
2019-03-13 06:45:01 +01:00
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
4ababeb704
Fix 'make checkcfg'
2019-03-11 21:39:39 +01:00
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
17253cdb55
buffer overflow: Fix false positive
2019-03-11 19:40:17 +01:00
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
a933261e14
Add message id arrayIndexOutOfBoundsCond
2019-03-11 19:12:03 +01:00
0721c9f7f0
Running astyle [ci skip].
2019-03-11 15:32:30 +01:00
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
3eb5de756c
Buffer overrun: Refactorings; use range for loops and write in message
2019-03-09 22:19:09 +01:00
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
3f37d5ac2d
Refactoring strncpy/strncat checking to use ValueFlow and AST
2019-03-06 09:04:04 +01:00
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
271763e680
CTU: Refactoring
2018-12-25 21:11:23 +01:00
2214ef5359
Refactor isVLAIndex
2018-11-23 20:23:20 +01:00
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
Oliver Stöneberg
Daniel Marjamäki
Paul Fultz II
Rikard Falkeborn
Sebastian
orbitcowboy
amai2012
orbitcowboy