02a3a01eca
Fix compiler warnings
2015-06-28 18:07:31 +02:00
2c73518e29
Fix platform-dependent test result, formatting and crash in whole program analysis
2015-06-28 17:54:48 +02:00
0ca410a4d7
Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)
2015-06-07 14:01:20 +02:00
d5d6d7fbb8
Running astyle, no functional changes.
2015-05-29 20:20:05 +02:00
5b347c537b
Fix #6720 and #6721 (Crashes on garbage code)
...
Local fixes to avoid access to NULL-token
2015-05-29 19:30:55 +02:00
3ce4e68ca6
Refactorization: Make use of do-loops to avoid redundant Token::Match() calls
2015-05-13 13:40:40 +02:00
baa1ae079d
New check: negative size in array declaration. Ticket #1760
2015-05-03 15:00:47 +02:00
88f59ad7e8
Partial fix for #6656 (Allow that CWE is mapped for error message)
2015-04-25 17:48:11 +02:00
42f0955e3f
Move more setting checks out of loops and use const bools instead. Reorder a few related checks.
...
Follow up to eedcb6abcb
2015-04-10 14:31:19 +02:00
d735918a8a
Constructor parameter type need not be a number
2015-03-25 14:56:45 +03:00
9398fa810b
Avoid value truncation
2015-03-25 10:39:09 +03:00
c9cdba5865
Remove duplicate check
2015-03-24 15:58:03 +03:00
4fcbe00913
Omit unnecessary operations
2015-03-19 15:14:07 +03:00
2b50e73aa9
Misleading comment
2015-03-14 15:18:29 +03:00
cb4bf73749
Merge pull request #530 from Dmitry-Me/doChecksEarlier
...
Don't run the checks which will be silenced later anyway
2015-02-25 19:22:00 +01:00
938b84903f
Remove redundant casts
2015-02-24 15:15:22 +03:00
24d2b0368f
Don't run the checks which will be silenced later anyway
2015-02-24 10:20:43 +03:00
19d05979ee
Remove C4189 in release builds
2015-02-20 11:00:34 +03:00
6a7605271a
Fix compiler warning. Add interfaces of POSIX passwd.h and pwd.h to posix.cfg
2015-02-18 20:56:44 +01:00
2d21eb07ba
Cleaned up snprintf hardcoding in CheckBufferOverrun
2015-02-13 06:44:38 +01:00
9aad4fa8ca
CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead
2015-02-12 17:29:36 +01:00
a24cbc448a
CheckBufferOverrun: loop through all arguments in checkFunctionCall
2015-02-11 16:24:25 +01:00
d9deabe2ce
TestBufferOverrun: clean up
2015-02-10 17:29:36 +01:00
18b0e14590
Refactorizations: Fixed a pattern in checkbufferoverrun.cpp, simplified one in checkclass.cpp
2015-01-31 12:32:05 +01:00
b2835051df
Refactorization: Renamed Token::Match pattern %var% to %name%, implement new pattern %var% which is true if varId > 0.
2015-01-31 12:32:04 +01:00
03e44d4aa0
CheckMemoryLeakInFunction: Don't treat delete as delete operator for C code
...
Fixed GCC message in checkbufferoverrun.cpp
2015-01-30 20:55:53 +01:00
98e33a189f
Enhanced CheckBufferOverrun:
...
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
e7bb43fc6b
Cache and reuse token pointer
2015-01-27 10:23:58 +03:00
fd01cafb1b
Clean up redundant pointer operations
2015-01-17 16:29:50 +01:00
fd2f93bb80
Two small refactorizations:
...
- Avoid leaving and entering again critical section without doing anything
- Use isPointer() in checkbufferoverrun.cpp instead of string comparison
2015-01-10 21:03:21 +01:00
2375f1c46d
CheckBufferOverrun: Fix FN when multifile checking is used.
2015-01-08 21:01:22 +01:00
6a8293a8b7
Library: More strict matching of functions
2015-01-08 19:31:41 +01:00
ba1c24ee65
Fixed #6422 (symbol database: put function flags into a single flag variable)
2015-01-08 05:45:31 +01:00
6c3b7c1d0e
CheckBufferOverrun: only report warnings when --enable=warning has been used
2015-01-06 15:14:15 +01:00
ff11ba9847
Updated copyright year to 2015
2015-01-03 12:14:58 +01:00
69b31a0743
Fix up extra whitespaces in match patterns
...
Detected by new internal check.
2014-12-30 14:53:43 +01:00
208761f0c3
Fixed #6361 (crash: CheckBufferOverrun)
2014-12-28 10:05:08 +01:00
8b59c39c42
Refactorization: Removed whitespaces at the end of Token::Match patterns
2014-12-27 11:09:54 +01:00
6194a4eefd
Fixed #6357 (Improve check: pointer arithmetic 'p+x' overrun, conditional x)
2014-12-26 09:12:00 +01:00
7ab12cea63
Improved pointer arithmetic message
2014-12-25 14:31:46 +01:00
bc594d52c8
Fixed #6349 (Pointer arithmetic: clarify message)
2014-12-25 10:05:55 +01:00
7cfa54f0e0
Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter)
2014-12-24 14:03:52 +01:00
90bd38a972
Renamed isCasted to isCast
2014-12-24 10:35:40 +01:00
1b2a23b3fe
Fixed #6350 (Tokenizer::simplifyCast: set Token::isCasted when cast is removed)
2014-12-23 16:16:14 +01:00
e16a934fb3
CheckBufferOverrun: Added comment in code to clarify why severity is portability for pointerOutOfBounds message.
2014-12-22 15:41:46 +01:00
10ae551fef
CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended.
2014-12-22 10:56:17 +01:00
93ac5a41cd
Fixed #6346 (pointer calculation overflow)
2014-12-22 09:38:00 +01:00
a95e5bff2b
Fixed #6344 (false positive: out of bounds access when array size is unknown)
2014-12-20 18:50:08 +01:00
a1537e1a6e
Fixed #6339 (false negative: array index out of bounds on allocated buffer using valueflow)
2014-12-17 16:23:48 +01:00
c2584aa635
#6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope().
2014-12-04 20:49:58 +01:00
0b9d80c95d
Refactoring CheckUnusedFunctions so it uses new infrastructure for multifile analysis
2014-12-02 06:41:18 +01:00
cf3f8c2f38
Refactoring: Replace names with underscores with camelCase names
2014-12-01 16:22:56 +01:00
a002654c47
Reverted refactoring 828417c for now. It caused a major slowdown in the unused functions checking.
2014-11-24 06:37:08 +01:00
828417c934
CheckUnusedFunction: Refactorings to use same infrastructure for whole program analysis as CheckUninitVar and CheckBufferOverrun
2014-11-15 18:44:23 +01:00
de7e9223b8
Fixed #6272 (Improve check: multifile checking in checkbufferoverrun)
2014-11-15 10:43:49 +01:00
71c5d4bd60
Ticket #6232 (cppOut of bounds array access)
...
--HG--
extra : rebase_source : 79ed3533a12a486ea3ed3f09f9bc55b1a4771161
2014-10-21 22:56:53 +02:00
f36aaae732
Fixed a typo in a comment. No functional changes.
2014-09-30 14:54:59 +02:00
68b26f8faa
Fixed subsequent false negatives in CheckBufferOverrun::checkInsecureCmdLineArgs() ( #5835 )
2014-09-29 15:38:33 +02:00
ccd80e3407
#6141 FP: Unknown type is assumed to have size 0.
2014-09-27 21:51:11 +02:00
7c4b9bed9e
Move declaration, run check earlier
2014-09-16 13:34:16 +04:00
e050fba414
Move declaration closer to where it is used
2014-09-11 11:26:35 +04:00
117e45f8af
Merge pull request #395 from Dmitry-Me/fixBufferOverrun
...
Fix potential buffer overrun
2014-09-06 23:03:02 +02:00
7342a81ea7
Minor refactorings. rename token. cleanup if/else.
2014-09-02 16:10:51 +02:00
7f2be2f57c
Fixed template bracket linkage in while loop simplification
...
Ran AStyle
2014-08-23 12:28:54 +02:00
b6355b991f
Fixed #6070 (false positive: Array 'array[8192]' accessed at index 8192, which is out of bounds)
2014-08-19 07:03:00 +02:00
406239dfc7
Fix potential buffer overrun
2014-08-12 17:44:20 +04:00
47a2b35e98
BufferOverrun: Use ValueFlow string values more
2014-08-04 08:25:10 +02:00
79fc549de0
ValueFlow: start adding valueflow handling of strings and pointer aliases
2014-08-03 20:11:22 +02:00
6d3cb86d2a
Merge pull request #382 from Dmitry-Me/bringDeclarationsCloserToWhereTheyAreNeeded
...
Bring variable declarations closer to where they're first used.
2014-08-02 11:12:34 +02:00
f2e3700142
Merge pull request #383 from moshekaplan/patch-1
...
Updated message for strncat usage
2014-08-02 11:10:16 +02:00
7237b01979
Fixed Cppcheck warning
2014-08-02 10:07:23 +02:00
544a5957e1
Token: Added utility function getStrSize as a complement to getStrLength
2014-08-01 13:12:18 +02:00
e881495eaf
Updated message for strncat usage
2014-07-31 13:51:29 -04:00
5de1e35350
CheckBufferOverrun: Fixed minsize checking of string literals. Check sizeof string instead of strlen.
2014-07-30 20:35:21 +02:00
ee180787eb
Bring variable declarations closer to where they're first used.
2014-07-29 13:59:45 +04:00
5ae6234729
Fixed #5978 (false positive: Array 'm_pool_vector[-1]' accessed at index 0, which is out of bounds.)
2014-07-20 11:44:25 +02:00
13234a7366
Shorten code by using temp variables, cleanup variable names.
2014-07-14 12:20:00 +04:00
df95cd09f0
Fix compiler warnings about type mismatch
2014-07-08 21:47:22 +02:00
254b6438b9
CheckBufferOverrun::checkStringArgument: sizeof string is strlen+1
2014-07-08 16:04:09 +02:00
4d0189c672
CheckBufferOverrun: Fixed crash. The crash occured in ThreadHandler in the deserialize() function. Probably because " was used in error message.
2014-07-08 07:08:51 +02:00
9b38ae73c1
Attempt to fix 2 Coverity messages.
...
Replace a few unsigned int by std::size_t
2014-07-07 21:25:30 +02:00
3169a2d215
astyle formatting
...
[ci skip]
2014-07-06 17:50:21 +02:00
0ddd7752b5
Avoid crash reported in #5943 (using the example from duplicate ticket #5971 )
...
Replace a few size_t/unsigned int by std::size_t
2014-07-06 14:48:24 +02:00
f1bf38004b
Fix MSVC compiler warnings
2014-07-06 13:08:22 +02:00
0fd334911a
Fixed #5257 (Check memcpy size for string literals)
2014-07-06 08:41:39 +02:00
77095e2b05
Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
...
Fix some compiler warnings on MSVC
2014-07-05 22:47:10 +02:00
a3acc3241e
Library: Added <minsize> element used for buffer overrun checking
2014-07-05 20:31:43 +02:00
6c8558c112
CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on.
2014-06-27 06:46:42 +02:00
036b2f8ccf
CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking.
2014-06-26 17:36:20 +02:00
ec1bd420a7
Refactorizations optimizing std::string usage:
...
1) Added global static const std::string emptyString; object:
-> Replaces some static variables in functions which might be not threadsafe
-> Avoids constructor call (std::string::string(""))
-> Even functions that return an empty string in some branches can return by reference now.
Added to config.h to ensure that it is available everywhere
2) Added overloads for TestFixture::assertEquals for the most common use cases:
-> Moves conversion from const char[] to std::string into a function, reducing code duplication in binary.
2014-06-26 11:51:02 +02:00
feefa4c626
Speedup checking large amounts of arrays ( #5615 ) by avoiding Token::Match calls in CheckBufferOverrun::checkScope(2).
...
-> Decreased entire checking time on a subset of the attached file by 66% (MSVC12, x64, non-matchcompiled)
2014-06-26 11:51:02 +02:00
2d54bace1b
Improved performance of CheckBufferOverrun::checkScope() ( #5944 ):
...
-> Speedup by 40% (MSVC12, x64, not matchcompiled) on the file attached to the ticket
2014-06-23 19:06:59 +02:00
7692a306cd
Cleanup code - reorder checks and make variable declaration scope narrower.
2014-06-06 18:58:20 +04:00
d93d7401c6
Moved getSourceFilePath(), isC() and isCPP() from Tokenizer to TokenList
...
Conflicts:
lib/tokenize.cpp
2014-06-04 18:36:25 +02:00
f7356dd8c7
Only fill total_size in CheckBufferOverrun::checkFunctionParameter when it's useful.
2014-05-29 23:51:13 +02:00
139f87af18
Ticket #5615 : Avoid calling the same function n times when once is enough.
2014-05-29 19:58:09 +02:00
966491d40b
Added a test for out-of-bounds character array access.
2014-05-27 16:21:13 +02:00
effa38c322
Fixed #5863 (False positive: array index is used before limits check)
2014-05-24 17:50:01 +02:00
8f79dc3ff8
Cleaned up includes and forward declarations in checkers:
...
- Removed definitely unnecessary forward declarations (e.g. "class Token"; token.h is already included by check.h, so a definition is unnecessary)
- Removed unused includes
2014-05-24 12:50:03 +02:00
b0b0562247
Removed obsolete piece of code from checkbufferoverrun.cpp
2014-05-24 11:29:32 +02:00
Alexander Mai
Daniel Marjamäki
Martin Ettl
PKEuS
Matthias Krüger
Dmitry-Me
PKEuS
Thomas Jarosch
Robert Reif
Frank Zingsheim
orbitcowboy
Moshe Kaplan
Simon Martin