Commit Graph

693 Commits

Author SHA1 Message Date
Daniel Marjamäki 32627dc558 try to fix internal errors detected by Travis 2015-11-07 19:47:30 +01:00
Daniel Marjamäki 9c7271a5e9 CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead 2015-11-07 18:12:01 +01:00
Daniel Marjamäki d0ab3aea70 CheckBufferOverrun: Minor fixes for strings 2015-11-07 15:05:56 +01:00
Daniel Marjamäki be7bca385d avoid some fixes for noisy signedness warnings 2015-10-11 12:50:46 +02:00
Dmitry-Me 139ead15ef Merge overlapping patterns 2015-09-01 16:17:17 +03:00
PKEuS ab8afec3eb Refactorizations:
- Avoid unnecessary loop iterations
- Avoid unnecessary condition checking
- Reduced code duplication in symboldatabase.cpp
2015-08-16 14:23:07 +02:00
PKEuS 4d80df2f4a Added pointer to Type to Token (similar to Token::Variable() and Token::function()):
- Accessible via Token::type()
- Renamed former Token::type() to Token::tokType()
- Removed SymbolDatabase::isClassOrStruct()
2015-08-15 11:19:21 +02:00
Daniel Marjamäki 6790d91fbb Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884. 2015-07-29 19:54:57 +02:00
Daniel Marjamäki c5bbea2994 Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value) 2015-07-27 16:39:41 +02:00
Daniel Marjamäki fef251ac76 negative array size: fixed noise when array is not vla 2015-07-04 09:42:42 +02:00
amai2012 11538c84f6 Refactoring: Distinguish between C and C++ code
Refactoring: Replace CheckNonReentrantFunctions::initNonReentrantFunctions by static initialization
2015-06-29 21:17:15 +02:00
Martin Ettl b8e08ca5d8 Code cleanup. 2015-06-28 19:27:23 +02:00
Martin Ettl 7ff4d10c43 Astyle formatting, no functional changes. 2015-06-28 19:25:13 +02:00
amai2012 5814c3b84c Fix some compiler warnings with VS
Minor refactoring on Windows SEH code.
2015-06-28 19:20:16 +02:00
Alexander Mai 0b225fa02f 2nd attempt to fix crash in CheckUnusedFunctions::check. CheckBufferOverrun::checkBufferAllocatedWithStrlen: Don't check for 'new' in C code. 2015-06-28 18:34:09 +02:00
Alexander Mai 02a3a01eca Fix compiler warnings 2015-06-28 18:07:31 +02:00
Alexander Mai 2c73518e29 Fix platform-dependent test result, formatting and crash in whole program analysis 2015-06-28 17:54:48 +02:00
Daniel Marjamäki 0ca410a4d7 Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression) 2015-06-07 14:01:20 +02:00
Martin Ettl d5d6d7fbb8 Running astyle, no functional changes. 2015-05-29 20:20:05 +02:00
amai2012 5b347c537b Fix #6720 and #6721 (Crashes on garbage code)
Local fixes to avoid access to NULL-token
2015-05-29 19:30:55 +02:00
PKEuS 3ce4e68ca6 Refactorization: Make use of do-loops to avoid redundant Token::Match() calls 2015-05-13 13:40:40 +02:00
Daniel Marjamäki baa1ae079d New check: negative size in array declaration. Ticket #1760 2015-05-03 15:00:47 +02:00
Daniel Marjamäki 88f59ad7e8 Partial fix for #6656 (Allow that CWE is mapped for error message) 2015-04-25 17:48:11 +02:00
Matthias Krüger 42f0955e3f Move more setting checks out of loops and use const bools instead. Reorder a few related checks.
Follow up to eedcb6abcb .
2015-04-10 14:31:19 +02:00
Dmitry-Me d735918a8a Constructor parameter type need not be a number 2015-03-25 14:56:45 +03:00
Dmitry-Me 9398fa810b Avoid value truncation 2015-03-25 10:39:09 +03:00
Dmitry-Me c9cdba5865 Remove duplicate check 2015-03-24 15:58:03 +03:00
Dmitry-Me 4fcbe00913 Omit unnecessary operations 2015-03-19 15:14:07 +03:00
Dmitry-Me 2b50e73aa9 Misleading comment 2015-03-14 15:18:29 +03:00
PKEuS cb4bf73749 Merge pull request #530 from Dmitry-Me/doChecksEarlier
Don't run the checks which will be silenced later anyway
2015-02-25 19:22:00 +01:00
Dmitry-Me 938b84903f Remove redundant casts 2015-02-24 15:15:22 +03:00
Dmitry-Me 24d2b0368f Don't run the checks which will be silenced later anyway 2015-02-24 10:20:43 +03:00
Dmitry-Me 19d05979ee Remove C4189 in release builds 2015-02-20 11:00:34 +03:00
Alexander Mai 6a7605271a Fix compiler warning. Add interfaces of POSIX passwd.h and pwd.h to posix.cfg 2015-02-18 20:56:44 +01:00
Daniel Marjamäki 2d21eb07ba Cleaned up snprintf hardcoding in CheckBufferOverrun 2015-02-13 06:44:38 +01:00
Daniel Marjamäki 9aad4fa8ca CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead 2015-02-12 17:29:36 +01:00
Daniel Marjamäki a24cbc448a CheckBufferOverrun: loop through all arguments in checkFunctionCall 2015-02-11 16:24:25 +01:00
Daniel Marjamäki d9deabe2ce TestBufferOverrun: clean up 2015-02-10 17:29:36 +01:00
PKEuS 18b0e14590 Refactorizations: Fixed a pattern in checkbufferoverrun.cpp, simplified one in checkclass.cpp 2015-01-31 12:32:05 +01:00
PKEuS b2835051df Refactorization: Renamed Token::Match pattern %var% to %name%, implement new pattern %var% which is true if varId > 0. 2015-01-31 12:32:04 +01:00
PKEuS 03e44d4aa0 CheckMemoryLeakInFunction: Don't treat delete as delete operator for C code
Fixed GCC message in checkbufferoverrun.cpp
2015-01-30 20:55:53 +01:00
PKEuS 98e33a189f Enhanced CheckBufferOverrun:
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
Dmitry-Me e7bb43fc6b Cache and reuse token pointer 2015-01-27 10:23:58 +03:00
Thomas Jarosch fd01cafb1b Clean up redundant pointer operations 2015-01-17 16:29:50 +01:00
PKEuS fd2f93bb80 Two small refactorizations:
- Avoid leaving and entering again critical section without doing anything
- Use isPointer() in checkbufferoverrun.cpp instead of string comparison
2015-01-10 21:03:21 +01:00
Daniel Marjamäki 2375f1c46d CheckBufferOverrun: Fix FN when multifile checking is used. 2015-01-08 21:01:22 +01:00
Daniel Marjamäki 6a8293a8b7 Library: More strict matching of functions 2015-01-08 19:31:41 +01:00
Robert Reif ba1c24ee65 Fixed #6422 (symbol database: put function flags into a single flag variable) 2015-01-08 05:45:31 +01:00
Daniel Marjamäki 6c3b7c1d0e CheckBufferOverrun: only report warnings when --enable=warning has been used 2015-01-06 15:14:15 +01:00
Daniel Marjamäki ff11ba9847 Updated copyright year to 2015 2015-01-03 12:14:58 +01:00
Thomas Jarosch 69b31a0743 Fix up extra whitespaces in match patterns
Detected by new internal check.
2014-12-30 14:53:43 +01:00
Daniel Marjamäki 208761f0c3 Fixed #6361 (crash: CheckBufferOverrun) 2014-12-28 10:05:08 +01:00
PKEuS 8b59c39c42 Refactorization: Removed whitespaces at the end of Token::Match patterns 2014-12-27 11:09:54 +01:00
Daniel Marjamäki 6194a4eefd Fixed #6357 (Improve check: pointer arithmetic 'p+x' overrun, conditional x) 2014-12-26 09:12:00 +01:00
Daniel Marjamäki 7ab12cea63 Improved pointer arithmetic message 2014-12-25 14:31:46 +01:00
Daniel Marjamäki bc594d52c8 Fixed #6349 (Pointer arithmetic: clarify message) 2014-12-25 10:05:55 +01:00
Daniel Marjamäki 7cfa54f0e0 Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter) 2014-12-24 14:03:52 +01:00
Daniel Marjamäki 90bd38a972 Renamed isCasted to isCast 2014-12-24 10:35:40 +01:00
Daniel Marjamäki 1b2a23b3fe Fixed #6350 (Tokenizer::simplifyCast: set Token::isCasted when cast is removed) 2014-12-23 16:16:14 +01:00
Daniel Marjamäki e16a934fb3 CheckBufferOverrun: Added comment in code to clarify why severity is portability for pointerOutOfBounds message. 2014-12-22 15:41:46 +01:00
Daniel Marjamäki 10ae551fef CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended. 2014-12-22 10:56:17 +01:00
Daniel Marjamäki 93ac5a41cd Fixed #6346 (pointer calculation overflow) 2014-12-22 09:38:00 +01:00
Daniel Marjamäki a95e5bff2b Fixed #6344 (false positive: out of bounds access when array size is unknown) 2014-12-20 18:50:08 +01:00
Daniel Marjamäki a1537e1a6e Fixed #6339 (false negative: array index out of bounds on allocated buffer using valueflow) 2014-12-17 16:23:48 +01:00
Alexander Mai c2584aa635 #6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope(). 2014-12-04 20:49:58 +01:00
Daniel Marjamäki 0b9d80c95d Refactoring CheckUnusedFunctions so it uses new infrastructure for multifile analysis 2014-12-02 06:41:18 +01:00
Dmitry-Me cf3f8c2f38 Refactoring: Replace names with underscores with camelCase names 2014-12-01 16:22:56 +01:00
Daniel Marjamäki a002654c47 Reverted refactoring 828417c for now. It caused a major slowdown in the unused functions checking. 2014-11-24 06:37:08 +01:00
Daniel Marjamäki 828417c934 CheckUnusedFunction: Refactorings to use same infrastructure for whole program analysis as CheckUninitVar and CheckBufferOverrun 2014-11-15 18:44:23 +01:00
Daniel Marjamäki de7e9223b8 Fixed #6272 (Improve check: multifile checking in checkbufferoverrun) 2014-11-15 10:43:49 +01:00
Frank Zingsheim 71c5d4bd60 Ticket #6232 (cppOut of bounds array access)
--HG--
extra : rebase_source : 79ed3533a12a486ea3ed3f09f9bc55b1a4771161
2014-10-21 22:56:53 +02:00
orbitcowboy f36aaae732 Fixed a typo in a comment. No functional changes. 2014-09-30 14:54:59 +02:00
PKEuS 68b26f8faa Fixed subsequent false negatives in CheckBufferOverrun::checkInsecureCmdLineArgs() (#5835) 2014-09-29 15:38:33 +02:00
Alexander Mai ccd80e3407 #6141 FP: Unknown type is assumed to have size 0. 2014-09-27 21:51:11 +02:00
Dmitry-Me 7c4b9bed9e Move declaration, run check earlier 2014-09-16 13:34:16 +04:00
Dmitry-Me e050fba414 Move declaration closer to where it is used 2014-09-11 11:26:35 +04:00
PKEuS 117e45f8af Merge pull request #395 from Dmitry-Me/fixBufferOverrun
Fix potential buffer overrun
2014-09-06 23:03:02 +02:00
Dmitry-Me 7342a81ea7 Minor refactorings. rename token. cleanup if/else. 2014-09-02 16:10:51 +02:00
PKEuS 7f2be2f57c Fixed template bracket linkage in while loop simplification
Ran AStyle
2014-08-23 12:28:54 +02:00
Daniel Marjamäki b6355b991f Fixed #6070 (false positive: Array 'array[8192]' accessed at index 8192, which is out of bounds) 2014-08-19 07:03:00 +02:00
Dmitry-Me 406239dfc7 Fix potential buffer overrun 2014-08-12 17:44:20 +04:00
Daniel Marjamäki 47a2b35e98 BufferOverrun: Use ValueFlow string values more 2014-08-04 08:25:10 +02:00
Daniel Marjamäki 79fc549de0 ValueFlow: start adding valueflow handling of strings and pointer aliases 2014-08-03 20:11:22 +02:00
PKEuS 6d3cb86d2a Merge pull request #382 from Dmitry-Me/bringDeclarationsCloserToWhereTheyAreNeeded
Bring variable declarations closer to where they're first used.
2014-08-02 11:12:34 +02:00
Daniel Marjamäki f2e3700142 Merge pull request #383 from moshekaplan/patch-1
Updated message for strncat usage
2014-08-02 11:10:16 +02:00
Daniel Marjamäki 7237b01979 Fixed Cppcheck warning 2014-08-02 10:07:23 +02:00
Daniel Marjamäki 544a5957e1 Token: Added utility function getStrSize as a complement to getStrLength 2014-08-01 13:12:18 +02:00
Moshe Kaplan e881495eaf Updated message for strncat usage 2014-07-31 13:51:29 -04:00
Daniel Marjamäki 5de1e35350 CheckBufferOverrun: Fixed minsize checking of string literals. Check sizeof string instead of strlen. 2014-07-30 20:35:21 +02:00
Dmitry-Me ee180787eb Bring variable declarations closer to where they're first used. 2014-07-29 13:59:45 +04:00
Daniel Marjamäki 5ae6234729 Fixed #5978 (false positive: Array 'm_pool_vector[-1]' accessed at index 0, which is out of bounds.) 2014-07-20 11:44:25 +02:00
Dmitry-Me 13234a7366 Shorten code by using temp variables, cleanup variable names. 2014-07-14 12:20:00 +04:00
Alexander Mai df95cd09f0 Fix compiler warnings about type mismatch 2014-07-08 21:47:22 +02:00
Daniel Marjamäki 254b6438b9 CheckBufferOverrun::checkStringArgument: sizeof string is strlen+1 2014-07-08 16:04:09 +02:00
Daniel Marjamäki 4d0189c672 CheckBufferOverrun: Fixed crash. The crash occured in ThreadHandler in the deserialize() function. Probably because " was used in error message. 2014-07-08 07:08:51 +02:00
amai2012 9b38ae73c1 Attempt to fix 2 Coverity messages.
Replace a few unsigned int by std::size_t
2014-07-07 21:25:30 +02:00
Daniel Marjamäki 3169a2d215 astyle formatting
[ci skip]
2014-07-06 17:50:21 +02:00
amai2012 0ddd7752b5 Avoid crash reported in #5943 (using the example from duplicate ticket #5971)
Replace a few size_t/unsigned int by std::size_t
2014-07-06 14:48:24 +02:00
amai2012 f1bf38004b Fix MSVC compiler warnings 2014-07-06 13:08:22 +02:00
Daniel Marjamäki 0fd334911a Fixed #5257 (Check memcpy size for string literals) 2014-07-06 08:41:39 +02:00
amai2012 77095e2b05 Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
Fix some compiler warnings on MSVC
2014-07-05 22:47:10 +02:00
Daniel Marjamäki a3acc3241e Library: Added <minsize> element used for buffer overrun checking 2014-07-05 20:31:43 +02:00
Daniel Marjamäki 6c8558c112 CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on. 2014-06-27 06:46:42 +02:00
Daniel Marjamäki 036b2f8ccf CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking. 2014-06-26 17:36:20 +02:00
PKEuS ec1bd420a7 Refactorizations optimizing std::string usage:
1) Added global static const std::string emptyString; object:
-> Replaces some static variables in functions which might be not threadsafe
-> Avoids constructor call (std::string::string(""))
-> Even functions that return an empty string in some branches can return by reference now.
Added to config.h to ensure that it is available everywhere

2) Added overloads for TestFixture::assertEquals for the most common use cases:
-> Moves conversion from const char[] to std::string into a function, reducing code duplication in binary.
2014-06-26 11:51:02 +02:00
PKEuS feefa4c626 Speedup checking large amounts of arrays (#5615) by avoiding Token::Match calls in CheckBufferOverrun::checkScope(2).
-> Decreased entire checking time on a subset of the attached file by 66% (MSVC12, x64, non-matchcompiled)
2014-06-26 11:51:02 +02:00
PKEuS 2d54bace1b Improved performance of CheckBufferOverrun::checkScope() (#5944):
-> Speedup by 40% (MSVC12, x64, not matchcompiled) on the file attached to the ticket
2014-06-23 19:06:59 +02:00
Dmitry-Me 7692a306cd Cleanup code - reorder checks and make variable declaration scope narrower. 2014-06-06 18:58:20 +04:00
PKEuS d93d7401c6 Moved getSourceFilePath(), isC() and isCPP() from Tokenizer to TokenList
Conflicts:
	lib/tokenize.cpp
2014-06-04 18:36:25 +02:00
Simon Martin f7356dd8c7 Only fill total_size in CheckBufferOverrun::checkFunctionParameter when it's useful. 2014-05-29 23:51:13 +02:00
Simon Martin 139f87af18 Ticket #5615: Avoid calling the same function n times when once is enough. 2014-05-29 19:58:09 +02:00
Simon Martin 966491d40b Added a test for out-of-bounds character array access. 2014-05-27 16:21:13 +02:00
PKEuS effa38c322 Fixed #5863 (False positive: array index is used before limits check) 2014-05-24 17:50:01 +02:00
PKEuS 8f79dc3ff8 Cleaned up includes and forward declarations in checkers:
- Removed definitely unnecessary forward declarations (e.g. "class Token"; token.h is already included by check.h, so a definition is unnecessary)
 - Removed unused includes
2014-05-24 12:50:03 +02:00
PKEuS b0b0562247 Removed obsolete piece of code from checkbufferoverrun.cpp 2014-05-24 11:29:32 +02:00
PKEuS 5fbd58d98d Fixed messages of CheckInternal, fixed a false positive. 2014-05-18 20:39:52 +02:00
PKEuS 04fbbdb5e8 Refactorized CheckBufferOverrun::arrayIndexThenCheck() and fixed false negative 2014-05-10 13:00:44 +02:00
Daniel Marjamäki ed1d63ffc0 Fixed #5636 (FP: matrix out of bounds) 2014-05-03 18:12:06 +02:00
Dmitry-Me a7c7b00407 Reuse variable value, return earlier. 2014-04-24 12:24:40 +04:00
Dmitry-Me 9b74d43473 Rename local variable plus return a bit earlier on edge condition. 2014-04-23 11:18:09 +04:00
Philipp Kloke ddf34440b6 Refactorization: Replaced several Token::findmatch calls by symboldatabase usage 2014-04-12 23:41:46 +02:00
Alexander Mai 89dc652af9 #5631 Typo and misleading error message in negativeMemoryAllocationSize 2014-04-08 20:23:00 +02:00
Daniel Marjamäki 3c64c70ce2 ValueFlow: Added utility functions getValueLE and getValueGE to simplify usage 2014-04-02 06:49:28 +02:00
Daniel Marjamäki deef4642d4 Buffer overrun: removed some old code that is not based on valueflow 2014-03-29 20:22:35 +01:00
Daniel Marjamäki e5301b2b7a ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known 2014-03-29 20:20:22 +01:00
PKEuS 9b307cf8e0 Improved readability of testsuite output when ASSERT_EQUALS_MSG fails.
Fixed another true positive in checkbufferoverrun.cpp
AStyle
2014-03-27 16:06:30 +01:00
Daniel Marjamäki d22da5e683 astyle formatting
[ci skip]
2014-03-26 06:56:13 +01:00
Daniel Marjamäki fa7ae1ae5b Fixed segfault when checking libusbx (daca2) 2014-03-26 06:51:56 +01:00
Daniel Marjamäki 87daf5783e buffer overflow: clean up old checking for negative index 2014-03-25 20:37:32 +01:00
Daniel Marjamäki c8004a8d31 Buffer overruns: Use ValueFlow to detect negative index 2014-03-25 18:22:22 +01:00
PKEuS 49b25b05d9 Fixed crash in CheckBufferOverrun on garbage code (#5595) 2014-03-21 13:20:44 +01:00
Thomas Jarosch 93341f4449 Use simple match where possible
Fixes these warnings found by "--enable=internal":

[lib/checkclass.cpp:972]: (warning) Found simple pattern inside Token::Match() call: "* *"
[lib/checkbufferoverrun.cpp:635]: (warning) Found simple pattern inside Token::Match() call: "."
[lib/checkbufferoverrun.cpp:1397]: (warning) Found simple pattern inside Token::Match() call: ";"
[lib/checksizeof.cpp:299]: (warning) Found simple pattern inside Token::Match() call: "."
[lib/checksizeof.cpp:301]: (warning) Found simple pattern inside Token::Match() call: ")"
[lib/checksizeof.cpp:303]: (warning) Found simple pattern inside Token::Match() call: "]"
[lib/checksizeof.cpp:318]: (warning) Found simple pattern inside Token::Match() call: ")"
[lib/checknullpointer.cpp:413]: (warning) Found simple pattern inside Token::Match() call: "delete"
[lib/checkio.cpp:1336]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkstl.cpp:1509]: (warning) Found simple pattern inside Token::findmatch() call: ";"
[lib/checkstl.cpp:1512]: (warning) Found simple pattern inside Token::findmatch() call: ";"
[lib/checkstl.cpp:1594]: (warning) Found simple pattern inside Token::Match() call: "="
[lib/checkstl.cpp:1598]: (warning) Found simple pattern inside Token::Match() call: "] ="
[lib/checkunusedvar.cpp:755]: (warning) Found simple pattern inside Token::Match() call: "goto"
[lib/checkunusedvar.cpp:793]: (warning) Found simple pattern inside Token::Match() call: "="
[lib/checkuninitvar.cpp:376]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkother.cpp:86]: (warning) Found simple pattern inside Token::Match() call: "> ("
[lib/checkother.cpp:2181]: (warning) Found simple pattern inside Token::Match() call: "> {"
[lib/valueflow.cpp:54]: (warning) Found simple pattern inside Token::Match() call: "&"
[lib/valueflow.cpp:409]: (warning) Found simple pattern inside Token::Match() call: "do"
[lib/valueflow.cpp:425]: (warning) Found simple pattern inside Token::Match() call: ") {"
[lib/valueflow.cpp:487]: (warning) Found simple pattern inside Token::Match() call: ") {"
[lib/valueflow.cpp:511]: (warning) Found simple pattern inside Token::Match() call: "} else {"
[lib/valueflow.cpp:615]: (warning) Found simple pattern inside Token::Match() call: "for ("
[lib/symboldatabase.cpp:80]: (warning) Found simple pattern inside Token::Match() call: "= {"
[lib/symboldatabase.cpp:1069]: (warning) Found simple pattern inside Token::Match() call: "std ::"
[lib/tokenize.cpp:2207]: (warning) Found simple pattern inside Token::Match() call: "< >"
[lib/tokenize.cpp:2730]: (warning) Found simple pattern inside Token::Match() call: ";"
[lib/tokenize.cpp:4234]: (warning) Found simple pattern inside Token::Match() call: "try {"
[lib/tokenize.cpp:4235]: (warning) Found simple pattern inside Token::Match() call: "} catch ("
[lib/tokenize.cpp:5500]: (warning) Found simple pattern inside Token::Match() call: "INT8"
[lib/tokenize.cpp:5752]: (warning) Found simple pattern inside Token::Match() call: "}"
[lib/tokenize.cpp:5752]: (warning) Found simple pattern inside Token::Match() call: "do"
2014-03-14 16:27:47 +01:00
Daniel Marjamäki 7fa73c0d64 Merge pull request #256 from xypron/5505
5505: FP: Array accessed out of bounds
2014-03-09 08:47:18 +01:00
Heinrich Schuchardt bd67db96f1 5505: FP: Array accessed out of bounds
CheckBufferOverrun::checkFunctionParameter alreacy considered usage of a
function parameter inside an if block as a special case.

With the patch the same is done for switch statements.

A test is added.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-07 19:51:13 +01:00
Daniel Marjamäki a41a32ba8a Fixed #5469 (CheckBufferOverrun: Use nullptr) 2014-02-28 17:02:03 +01:00
Lauri Nurmi 70a67eaf85 Change some more 0 literals into nullptr. 2014-02-16 13:38:50 +02:00
Daniel Marjamäki 23efc68dd7 use nullptr 2014-02-16 10:32:10 +01:00
Daniel Marjamäki fd3a8a2a18 Update copyright 2014-02-15 07:45:39 +01:00
Lucas Manuel Rodriguez 828609bb11 Fixed two doxygen errors - http://cppcheck.sourceforge.net/devinfo/doxygen-errors.txt 2014-02-09 16:46:49 -03:00
Martin Ettl 6ca7daec10 Fixed #389: Providing negative value to memory allocation function. 2014-02-01 22:38:29 +01:00
Daniel Marjamäki 9aa9530e0d Fixed #5426 (crash: btrfs-progs cmds-inspect.c) 2014-01-31 06:19:36 +01:00
Daniel Marjamäki abe8439917 Fixed #5416 (False positive: Array accessed at index, which is out of bounds.) 2014-01-28 16:55:10 +01:00
Daniel Marjamäki 0dbb86f0cb Cleanup ExecutionPath from CheckBufferOverrun 2014-01-22 21:25:37 +01:00
Daniel Marjamäki 20b73747e0 value flow: refactor. added Token::getMaxValue() 2014-01-21 16:58:23 +01:00
Daniel Marjamäki 77f3f6c21a valueflow: added setTokenValue that perform calculations using set value 2014-01-18 19:30:44 +01:00
Daniel Marjamäki 3e23e243f6 BufferOverflow: Updated message for out of bounds array index or redundant condition 2014-01-17 19:44:45 +01:00
Daniel Marjamäki 18d6285ad2 BufferOverrun: Improved error message when array index is used before checking that its in limits 2014-01-17 18:56:46 +01:00
Daniel Marjamäki 0b4de97e2b value flow: Use ValueFlow in CheckBufferOverrun 2014-01-16 19:23:14 +01:00
Daniel Marjamäki a1b0d190df Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().) 2014-01-02 10:46:19 +01:00
Simon Martin fe75686595 Ticket #5203: Don't crash when checking buffer overrun for invalid code. 2013-11-30 07:40:32 +01:00
Martin Ettl 3bf415fa2b checkbufferoverrun: improved constness of local variables. checkbufferoverrun:array_index(): added a bailout if the function is called with tok=NULL and added a NULL pointer check after a dynamic_cast. 2013-11-10 05:05:31 +01:00
Martin Ettl 4eba02d901 Checkbufferoverrun: improved constness of local variables, no functional changes. 2013-11-03 04:48:41 +01:00
PKEuS c95b153700 Refactorizations:
- Removed some redundant operator=, copy-ctor and dtor implementations
- use operator[] instead of at() in library loading code
2013-10-27 13:55:13 +01:00
XhmikosR 93bdf45313 Fix typo in error message. 2013-10-23 09:05:39 +03:00
Daniel Marjamäki 946722faf0 Fixed #4968 (False positive: Structure with 'read' member is confused with read() function.) 2013-10-05 18:25:44 +02:00
Simon Martin 894f537eba Remove warnings emitted by clang's -Wsign-conversion 2013-09-22 13:22:52 +02:00
Alexander Mai 450442287c Fixed #4974 (CheckBufferOverrun::writeOutsideBufferSize() too strict) 2013-08-25 18:46:07 +02:00
Daniel Marjamäki f8f3f0d384 astyle formatting 2013-08-24 07:37:21 +02:00
Daniel Marjamäki 5ce7189bc0 Merge pull request #166 from last5bits/ticket4213
Fixing #4213 arrayIndexThenCheck and adding tests
2013-08-23 22:36:30 -07:00
Alexey Zhikhartsev d24a321ba2 Fixing #4213 arrayIndexThenCheck and adding tests 2013-08-23 19:04:01 +04:00
Daniel Marjamäki 9c67af058a SymbolDatabase: Renamed Variable::varId() to Variable::declarationId() to make it more clear how it works. 2013-07-20 12:31:04 +02:00
Lucas Manuel Rodriguez d6be4559cd Fixed #4840 (false negative: buffer access out of bounds) 2013-06-25 06:37:51 +02:00
Daniel Marjamäki a861817a01 Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration) 2013-05-28 16:52:23 +02:00
Daniel Marjamäki ea60c5b14b CheckBufferOverrun: Code cleanup 2013-05-05 08:14:19 +02:00
PKEuS c487ea843d Better fix for #4706: Use Token::nextArgument() properly. Removed redundant ' in message 2013-04-09 08:30:53 -07:00
Ettl Martin ba8cca8fa9 #4706 fix crash when a struct member is used as first argument. Replaced Token::nexArgument with %any% in Token::Match call. Added unittests in testing Token::nexArgument. 2013-04-04 15:12:18 +02:00
XhmikosR 99fc5f6203 checkbufferoverrun.cpp: fix a /W4 MSVC warning 2013-03-30 19:06:13 +01:00
Ettl Martin a08083a342 #4664: using Token::nextArgument() and std::string & 2013-03-20 11:53:25 +01:00
Ettl Martin ff826d7c62 #4664: new check: (POSIX) write outside buffer size. 2013-03-19 08:22:48 +01:00
Daniel Marjamäki fe046a3350 CheckBufferOverrun: Fixed Cppcheck warning 'variable scope can be reduced' (found by travis) 2013-03-14 18:25:28 +01:00
PKEuS 096fa2f771 Fixed #4380 2013-03-14 10:18:48 -07:00
Robert Reif 4b9b87e310 Fixed #4646 (false positive: (style, inconclusive) Technically the member function 'C<T>::operator+=' can be const.) 2013-03-14 06:34:12 +01:00
PKEuS d78c06dc3f Replaced _settings->isEnabled("style") by _settings->isEnabled("warning") wherever warnings are issued 2013-03-03 02:41:59 -08:00
PKEuS f899e6ca30 Changed behaviour of %op% pattern accordingly to changes to Token::isOp(). Added %cop% as replacement for old %op% 2013-03-01 02:43:59 -08:00
PKEuS 27f7917349 Changed severity and message formatting of argumentSize message. 2013-02-16 00:52:27 -08:00
Robert Reif 42588e9729 Fixed #4535 (Simplify checks by caching symbol database Variable pointer in Token) 2013-02-06 06:39:58 +01:00
Robert Reif 94c953931d Simplify checks by caching symbol database Variable pointer in Token 2013-01-31 20:08:48 +01:00
Robert Reif ec1c86c152 Symbol database: more function/variable cleanup. Ticket: #4494 2013-01-31 06:41:18 +01:00
Robert Reif 859793731d SymbolDatabase: Refactor findFunction handling. Ticket: #4494 2013-01-28 06:47:48 +01:00
Andrew C. Martin 4a73c93750 Fix compiler warnings and comment/string typos
- fix g++ warning:

> lib/checkother.cpp:3779: warning: comparison between signed and unsigned integer expressions

 - fix suncc warning (see [everything2](http://everything2.com/title/C%252B%252B%253A+static+extern+%2522C%2522)):

> "lib/checkmemoryleak.cpp", line 578: Warning (Anachronism): Formal argument __compar of type extern "C" int(*)(const void*,const void*) in call to bsearch(const void*, const void*, unsigned long, unsigned long, extern "C" int(*)(const void*,const void*)) is being passed int(*)(const void*,const void*).

- prefer empty() / isEmpty() over "size() > 0" (cases not caught by stlSize)

- fix word misspellings (mostly comments, a few output lines)

  - Parenthesis => Parentheses (both variations were used in the codebase)

  - fix typo and wording ("never alwayw") in gui/test/data/benchmark/simple.cpp's CheckOther::unsignedPositive():

```
-  "An unsigned variable will never alwayw be positive so it is either pointless or "
+  "An unsigned variable can't be negative so it is either pointless or "
```
2013-01-16 07:37:07 -07:00
Reijo Tomperi 5d5f7085bf Updating year 2012 -> 2013 to .cpp and .h files and man page. 2013-01-01 18:29:08 +02:00
Thomas Jarosch 78316f02b6 Fix comment about wrong magic number 2012-12-28 11:31:50 +01:00
Thomas Jarosch 4708be09f5 Fixed #4444 (segmentation fault) 2012-12-28 11:15:18 +01:00
Robert Reif ce380301fd Fixed #4432 (Crash on parsing PHP interpreter) 2012-12-26 08:29:10 +01:00
Daniel Marjamäki 7f6a10599b Fixed #4262 (Small Request/Suggestion for checks on array size of args (bounty offer)) 2012-12-22 09:23:34 +01:00
Daniel Marjamäki 365a260ddc Fixed #4398 (False negative: out of bounds (for loop)) 2012-12-22 08:00:05 +01:00
Edoardo Prezioso 5101f3c029 Use the new pattern: '%comp%' where possible.
Change also the description comment of the Token::Match by adding the new pattern and the forgotten '%op%'.
2012-12-01 01:31:35 +01:00
Daniel Marjamäki 031adef6ea Array index checking: Fixed TODO comment (false negatives when using ?:) 2012-11-30 09:01:15 +01:00
Daniel Marjamäki 1c4afbce8c Cleanup: Removed += and -= patterns from the checks. These should be simplified. 2012-11-30 07:08:16 +01:00
Robert Reif 0f8db28d30 speed up checks by caching commonly looked up stuff in the symbol database (CheckBufferOverrun, CheckBoost) 2012-10-13 11:16:48 +02:00
Daniel Marjamäki 68240fffc6 Fixed #4228 ((error) Internal error. Token::Match called with varid 0 (multiple declarations in for loop)) 2012-09-23 17:15:39 +02:00
Daniel Marjamäki ec01cc811e Second fix for #4207 (Internal error. Token::Match called with varid 0) 2012-09-23 13:25:28 +02:00
Daniel Marjamäki a17f37c67d CheckBufferOverrun: Better handling of functions with variable arguments 2012-09-22 16:19:19 +02:00
PKEuS 508e9394d3 Added some nullpointer-checks and removed some redundant ones based on VS2012 code analysis results. 2012-09-17 15:22:51 +02:00
XhmikosR 6e4e3dfbfb lib: tabs to spaces, remove trailing spaces and extra empty lines at the end of files 2012-09-17 13:51:23 +02:00
PKEuS 547d3e94b2 Fixed some sign conversion messages from clang. 2012-09-16 16:41:15 +02:00
PKEuS 22a8e3f4e6 Replaced Tokenizer::getFunctionTokenByName() by SymbolDatabase::findFunctionByName(), which handles scopes slightly better. 2012-09-11 18:03:47 +02:00
Daniel Marjamäki 64faa780fe Fixed #4087 (div by zero check is invalid for floats) 2012-09-11 16:50:42 +02:00
Daniel Marjamäki 6b56b4a9d3 Show that inconclusive message is inconclusive 2012-09-07 16:11:15 +02:00
PKEuS a4b5824dec New internal check: checkRedundantNextPrevious().
Fixed findings by new internal check
2012-09-07 12:36:40 +02:00
PKEuS e4a693eaab Refactorizations:
- Fixed several findings of CheckInternal.
- Removed some debug code from CheckOther::checkRedundantAssignment().
2012-09-07 11:59:20 +02:00
PKEuS 8c70778b70 Refactorization: Fixed several messages when self-checking cppcheck 2012-09-04 15:29:51 +02:00
Deepak Gupta 4202866100 Fixed #4096 (Improve check: Buffer overrun in for loop, postfix increment in array access) 2012-09-01 19:17:28 +02:00
Daniel Marjamäki 8afdde0b5e Fixed #3931 (FP: Buffer access out-of-bounds) 2012-08-12 17:06:54 +02:00
PKEuS c8773b891d Refactorization: Make use of Token::scope() replacing certain indentation counters 2012-08-12 03:13:07 -07:00
Edoardo Prezioso fae40c4782 Change every C version of 'size_t' to C++ 'std::size_t'. 2012-07-09 13:30:18 +02:00
PKEuS 639f15645a Message refactorization: checkbufferoverrun.cpp (2), checkclass.cpp, checkexceptionsafety.h 2012-07-09 02:11:05 -07:00
PKEuS ed7e950671 Message refactorization: checkbufferoverrun.cpp 2012-07-08 06:51:24 -07:00
Daniel Marjamäki 848fd59cbd Fixed #3913 (boundcheck, false positive continue in loop) 2012-07-08 14:34:47 +02:00
Daniel Marjamäki 5de82c1c42 Updated arrayIndexOutOfBounds error message. Thank you Kimmo for the suggestion. 2012-06-23 09:51:32 +02:00
Daniel Marjamäki 4e98cb3ed9 Fixed #3907 (improve check: detect buffer overrun when using && or || in for loop) 2012-06-23 09:23:14 +02:00
Daniel Marjamäki ac524c56ad Reviewed handling of unknown types in ExecutionPathBufferOverrun 2012-06-23 08:15:59 +02:00
Daniel Marjamäki 7d59d86ed6 Fixed #3893 (Improve check: Array index out of bounds not detected when down conting) 2012-06-16 17:44:51 +02:00
PKEuS 9dc8123151 Refactorizations:
- Use const string references instead of const strings copies when possible
- Fixed cppcheck warning about postfix increment in CheckIO
- Use symbolDatabase to detect pointers in CheckOther::checkAssignBoolToPointer
2012-05-25 03:09:41 -07:00
PKEuS dc64ac2918 Removed unnecessary variable Function::start - The value is already stored in Function::functionScope->classStart. 2012-05-22 12:58:46 -07:00
Andy Maloney 12c5980c01 Fix compiler warning about initialization order 2012-05-18 13:59:19 -04:00
PKEuS de79a4c84f Fixed initialization list usage according to cppcheck results
Fixed comments mentioning nonexistent parameters
2012-05-18 07:57:11 -07:00
PKEuS ec00824fd3 Fixed #3357:
- Print "inconclusive" tag in cli
- Fixed inconclusive handling in checkbufferoverrun.cpp
- Merged reportInconclusiveError into reportError by adding an additional parameter "bool inconclusive" which is false per default
2012-05-06 10:37:41 -07:00
PKEuS 1a5fbd61d2 Splitted class TokenList from Tokenizer 2012-05-05 09:33:26 -07:00
Ettl Martin bb8342fbb4 fixed misspelled word 'Comparision' --> 'Comparison' 2012-04-26 23:04:55 +02:00
PKEuS dd5e9aa454 Make use of recently implemented Token::type() functionality 2012-04-25 09:56:07 +02:00
PKEuS b37cf11d20 Refactorizations:
- Increased encapsulation by making some functions private
- Removed redundant function CheckBufferOverrun::ArrayInfo::declare
- Avoided copy of ArrayInfo object
- Removed unnecessary and suspicious "if(sizeof(int) == 4)"
2012-03-27 19:40:39 +02:00
PKEuS e3b3b7b62f Refactorizations on buffer overrun check:
- Replaced a few indendation counters by smaller and faster code
- Make use of safer nextArgument() function instead of some local implementations
- Replaced some simple patterns by direct function calls
- Made a strncpy/strncat search pattern more generic
- Replaced offset variable by incrementation of Token* to avoid subsequent calls to tokAt
- Increased data encapsulation in header
2012-03-17 21:55:08 +01:00
Daniel Marjamäki 4f3878eb1e Fixed #3569 (false negative: buffer access out of bounds) 2012-03-13 21:30:03 +01:00
Daniel Marjamäki a9480ca0c1 CheckBufferOverrun: move condition before loop 2012-03-13 21:19:10 +01:00
PKEuS 1747813a8b Added check for invalid pointer casts (#1255)
Detect sign extension problems when variable is a reference (#3637)
Refactorizations:
- Tokenizer::getFiles returns a reference instead of a pointer, because its guaranteed that no nullpointer is returned
- Remove signed/unsigned in one step for "%type% signed|unsigned"
- Fixed recently introduced compiler warning in symboldatabase.cpp
2012-02-26 11:56:32 +01:00
PKEuS 5c2af0b2e3 - initialising std::string with 0 in initialisation list is partially detected in nullpointer check (#3520)
- executionpath checking makes use of symboldatabase
- CheckExceptionSafety::checkRethrowCopy makes use of symboldatabase
2012-01-26 16:50:59 +01:00
Reijo Tomperi 194327048a Add InternalError and change MathLib to throw it in case of an error.
- Previously MathLib errors did not provide a filename, but after this change at least source file name should be printed
and if token is provided, also line number should be printed.
- Change also Token to use InternalError
- Modify Cppcheck-class to catch InternalError instead of Token
- Run dmake to update Makefile
2012-01-08 22:19:44 +02:00
Reijo Tomperi 8cae17fda8 Update year to 2012 2012-01-01 01:05:37 +02:00
Edoardo Prezioso 8f2ad53332 Add testcase for previous commit. 2011-12-30 18:47:42 +01:00
PKEuS dca03c3ce2 Remove unnecessary includes
Also add a unit test related to #3427
Also improve the description text in checkclass and remove unused variable.
2011-12-23 23:31:48 +02:00
Daniel Marjamäki 1ba1be4b8d Fixed #3428 (false negative: array bounds errors not found when duplicate class names present) 2011-12-18 16:35:51 +01:00
Daniel Marjamäki 772b8cc37d Array index out of bounds: Avoid false positives when there are duplicate names for structs 2011-12-18 08:12:42 +01:00
Daniel Marjamäki 5f712cc213 Array index out of bounds: Fixed false positive when taking address beyond array using calculated array index 2011-12-17 21:35:12 +01:00
PKEuS f306246c7f Improved support for references and pointers in SymbolDatabase
Replaced several isPointer functions by Variable::isPointer function
Refactorizations & Make use of symbolDatabase more often
2011-12-17 19:04:03 +01:00
Daniel Marjamäki 95123854ba Array index out of bounds: Fixed false positive when size is not known. 2011-12-17 13:20:42 +01:00
Daniel Marjamäki ffb5d107be CheckNullPointer::isPointerDeRef: Tweaks to reduce false warnings when inconclusive is used. 2011-12-11 08:48:55 +01:00
Daniel Marjamäki 497c54a1a7 Fixed #3168 (false negative: buffer overflow in subfunction) 2011-12-11 08:16:58 +01:00
Daniel Marjamäki ee39f6402c reverted fix for #3168, I'll rewrite it 2011-12-10 20:46:10 +01:00
Daniel Marjamäki 897e8637b4 Fixed #3168 (false negative: buffer overflow in subfunction) 2011-12-10 19:26:12 +01:00
Edoardo Prezioso 51c1e2303f CheckBufferOverrun::checkInsecureCmdLineArgs(): Remove recently unused variable 'pattern'. 2011-12-09 23:24:08 +01:00
PKEuS 91a0a071d0 Take symbol database into use or improve its usage in some checks. 2011-12-09 23:28:10 +02:00
Daniel Marjamäki 60d828e778 C++ Builder: Fixed compiler error 2011-12-08 22:09:03 +01:00
PKEuS 167a7e3e51 Various code cleanups 2011-12-08 21:28:34 +01:00
Zachary Blair 344d7e2f34 Fixed #3283 (False negative: array index out of bounds not found for constant string and known array index value) 2011-11-30 19:17:09 -08:00
Marek Zmysłowski e0b50719f4 Fixed #909 (improve check: out of bounds of memchr function and out of bounds check) 2011-11-27 07:54:52 +01:00
PKEuS 71c8669261 Fixed #3311, #3313 and #3339 (printf format string false positives) 2011-11-27 07:29:09 +01:00
PKEuS 6b6f780057 code cleanups and refactorings 2011-11-26 21:02:04 +01:00
Daniel Marjamäki b26811cdf5 astyle formatting 2011-11-20 16:50:41 +01:00
Edoardo Prezioso a32b05197d Change every 'tokAt(1)' to 'next()' and every 'tokAt(-1)' to 'previous()'.
Added a safety check to ensure that a 'previous()' call doesn't crash (not sure if it's needed or not).
2011-11-20 15:59:37 +01:00