Commit Graph

10573 Commits

Author SHA1 Message Date
Daniel Marjamäki 29a5404d1e Incomplete statement: Fix FP for 'ar & x' 2019-03-31 11:50:57 +02:00
Daniel Marjamäki 73433c2961 Syntax error: Clarify a syntax error in audacity 2019-03-31 10:46:59 +02:00
Daniel Marjamäki b30d463baf Fix wrong syntax error 2019-03-31 09:34:19 +02:00
Daniel Marjamäki c5807459f9 CheckBufferOverrun: Add check for pointer arithmetics 2019-03-31 09:00:52 +02:00
Daniel Marjamäki 51b64191e5 Fixed slow checking in FwdAnalysis
Credit to OSS-Fuzz for reporting this!
2019-03-30 14:22:24 +01:00
Daniel Marjamäki b0c58f2b10 Fixed #9000 (SymbolDatabase: lambda scope) 2019-03-30 10:32:36 +01:00
Daniel Marjamäki fe285f1df3 Fixed #9055 (SymbolDatabase: second argument is missing in the symbol database) 2019-03-30 07:44:36 +01:00
IOBYTE d88ee2d6a2 Fixed #9070 (Segmentation fault in TemplateSimplifier::simplifyTemplateAliases (scram package)) (#1771)
This only fixes the crash.  It does not fix the underlying problem of
template using with templates of templates causing the use of deleted
instantiations.
2019-03-30 06:53:17 +01:00
Sebastian d233b56d58
Fix #9079 (make checkcfg crashes on Linux) (#1769)
temp.bufferSizeArg2 was not initialized when only bufferSizeArg1
was specified or the value was out of range. But in valueflow.cpp in
valueFlowDynamicBufferSize() it was used as if it is always initialized
and has a sane value (greater than 0).
2019-03-30 05:58:23 +01:00
Daniel Marjamäki b5a285319c Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) 2019-03-29 19:37:23 +01:00
Daniel Marjamäki 54bea2847a STL: Better out of bounds checking for empty containers when index is unknown 2019-03-29 15:20:17 +01:00
Daniel Marjamäki 3c30d274a0 Clarify STL out of bounds warning message 2019-03-29 11:13:25 +01:00
Daniel Marjamäki e88a0c00c1 Fixed #9039 (STL: array index out of bounds: str.begin() + 1) 2019-03-28 12:49:52 +01:00
IOBYTE 22f01f035c Fixed #9042 (Another `using BOOL` type breach) (#1765) 2019-03-27 21:42:50 +01:00
Daniel Marjamäki 0f6a90c595 Fixed #9069 (crash on invalid code: ' x= y{ } name5 ')
Credit to OSS-Fuzz for reporting this!
2019-03-27 18:17:11 +01:00
Daniel Marjamäki 4a45655bc2 astyle formatting
[ci skip]
2019-03-27 18:15:12 +01:00
Frank Zingsheim 574b77cf1f Fixed: FP return reference to thread_local variable (#1758) 2019-03-27 12:22:53 +01:00
Oliver Stöneberg 88dc74929a Add defines set by compiler options when using compilation database (#1763)
* Add defines set by compiler options when using compilation database

sets __cplusplus and __STDC_VERSION__ based on -std and the defines for -municode, -fpie, -fPIE, -fpic and -fPIC

* Fixed merge
2019-03-27 10:23:04 +01:00
Daniel Marjamäki c77f31319d Fix crash when checking re2c textfile 2019-03-26 20:51:41 +01:00
Daniel Marjamäki 7c6f21a158 astyle formatting 2019-03-26 20:51:04 +01:00
Daniel Marjamäki c262aeffdd Fixed #9068 (crash on invalid code) 2019-03-26 19:57:32 +01:00
firewave ce11778a20 fixed parsing of -std= in compilation database 2019-03-26 19:02:08 +01:00
Sebastian 29815b2dd8
Fix #8922 (SIGSEGV below exprDependsOnThis - stack overflow?) (#1761)
This limits the recursion depth as a last line of defense to avoid stack
overflows when there are really huge arrays.
See https://trac.cppcheck.net/ticket/8922
2019-03-26 18:57:01 +01:00
Daniel Marjamäki 15676612c0 Fixed #9034 (crash on reading invalid code: '> typedef') 2019-03-26 16:14:24 +01:00
IOBYTE 5b72e1f568 Fixed #9040 (Type alias 'BOOL' declared with 'using' keyword breaks type detection) (#1759)
Moved simplifyUsing from TemplateSimplifier to Tokenizer.
2019-03-26 07:09:56 +01:00
Daniel Marjamäki 49e2f9d551 Fixed #9063 (Crash on invalid code: x='0' ++ '0' ( return)[ ];) 2019-03-25 15:29:23 +01:00
IOBYTE 10fcf731d9 Fixed #9021 (template simplifier: crash in simplifyCalculations) (#1757) 2019-03-25 14:56:51 +01:00
IOBYTE b6faa11fbf Fixed #9056 ("using namespace" inside namespace causes "SymbolDatabase bailout;) (#1753)
Fixed the bailout warning and one of the varid bugs.

The trailing return type still has a varid.
2019-03-24 17:31:34 +01:00
Daniel Marjamäki 7995b2fb86 getArguments: Avoid too deep recursion in array initialization 2019-03-24 11:51:28 +01:00
Daniel Marjamäki e0f1418228 Fixed #9034 (Tokenizer::setVarId: function call parameter is not variable declaration) 2019-03-24 07:06:21 +01:00
Daniel Marjamäki 18aa968a7a Astyle formatting 2019-03-23 19:03:57 +01:00
Daniel Marjamäki 5126e4b1af Try to fix Visual Studio compiler error 2019-03-23 19:02:05 +01:00
Daniel Marjamäki 418eb43d45 Fixed #9032 (False-positive detection of reassigned value before used for pointer parameter) 2019-03-23 19:01:02 +01:00
Daniel Marjamäki d82c792c1b astyle formatting 2019-03-23 19:00:03 +01:00
Daniel Marjamäki a9082c902a Fixed #9058 (crash on invalid code in FwdAnalysis::checkRecursive) 2019-03-23 18:27:41 +01:00
Daniel Marjamäki d6b806c592 CheckBufferOverrun: Better CTU checking when variable address is passed 2019-03-23 15:57:17 +01:00
Daniel Marjamäki d27a4ad82e CheckBufferOverrun: Fix ctu checking 2019-03-23 15:26:13 +01:00
Daniel Marjamäki 9653760547 CheckBufferOverrun: Improved CTU analysis for array 2019-03-23 11:20:35 +01:00
IOBYTE 40af889df0 Fixed #9053 (simplifyTypedef: wrong simplification of '(const d)' when 'd' is a array) (#1751)
* Fixed #9053 (simplifyTypedef: wrong simplification of '(const d)' when 'd' is a array)

* fix whitespace
2019-03-23 10:45:38 +01:00
Pavol Misik 7c7ee66cf9 Fix crash in TemplateSimplifier::TokenAndName::TokenAndName in case of template constexpr (#1748)
This is not propper solution. This change just eliminates crash and logs error.

https://trac.cppcheck.net/ticket/9046
2019-03-23 10:42:41 +01:00
Daniel Marjamäki a135683d2f Refactoring; Renamed CWE786 and CWE788 2019-03-23 08:41:20 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Paul Fultz II 91138578cc Fix 9052: Crash: SIGSEGV in Token::previous (this=0x0) while checking mariadb-10.0 2019-03-22 01:56:09 +01:00
Daniel Marjamäki 55433fce40 Library: added bufferSize parameters 2019-03-20 19:26:57 +01:00
Daniel Marjamäki 14528bcf25 Library: allowed values for the buffer-size attribute: malloc/calloc/strdup 2019-03-20 06:46:55 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki 6cbe818f1a Fix uninitialized variable usage 2019-03-19 13:17:27 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Paul Fultz II 774464eabb Fix issue 8996: False positive duplicateCondition
This fixes issue 8996 by improving the alias checking by using lifetime analysis. It also extends the lifetime checker to handle constructors and initializer lists for containers and arrays.
2019-03-19 06:25:10 +01:00
Rikard Falkeborn 794f65bac1 Handle prefixed strings and characters in Token (#1742)
This makes it possible to call getStrLength() and similar functions
before the tokenizer is called.
2019-03-18 06:18:25 +01:00
Daniel Marjamäki b53a2e5dc4 CheckBufferOverrun: restore minsize code 2019-03-17 20:34:49 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Sebastian 19e9e42dd7
Library: Enhance minsize configuration and allow simple values. (#1736)
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
Daniel Marjamäki 0771929518 Buffer overflow: Handling of dynamically allocated buffer 2019-03-17 13:40:56 +01:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki 18668a52b9 Library: Added buffer-size attribute for <alloc> 2019-03-17 10:55:15 +01:00
Daniel Marjamäki a3257349b9 astyle formatting
[ci skip]
2019-03-17 10:50:06 +01:00
Daniel Marjamäki c7155a8e08 Removed '--experimental-fast' flag 2019-03-17 08:19:56 +01:00
Daniel Marjamäki b0c92c1ac1 CheckNullPointer: Use library instead of hardcoding 2019-03-17 07:37:38 +01:00
Daniel Marjamäki 87fe5c060e Refactoring of Null Pointer Checker 2019-03-16 21:21:30 +01:00
Daniel Marjamäki d0c1632b51 Fix CheckBufferOverrun::array_index_12 when compiling with VS 2019-03-16 19:41:13 +01:00
Daniel Marjamäki 3dc34f1515 Disable all simplified checks 2019-03-16 09:17:50 +01:00
Daniel Marjamäki 0e88a17aca CheckInternal: Use 'normal' checking 2019-03-16 08:51:33 +01:00
Daniel Marjamäki f40a80c349 Use 'normal' checking instead of 'simplified' 2019-03-16 07:19:48 +01:00
Daniel Marjamäki a2a216bbe3 SymbolDatabase: Improved handling of 'normal' non simplified token list 2019-03-15 19:00:42 +01:00
Daniel Marjamäki 92485245ce Restore severity for 'autoVariables' 2019-03-15 15:13:11 +01:00
Sebastian 08d41ab8af
Load std.cfg before all other libraries (#1740)
- CLI: Save the libraries that should be loaded to a list and load them
after the std.cfg has been loaded.
- GUI: Load std.cfg (and windows.cfg / posix.cfg when applicable) before
setting other options and loading the other libraries.
In the project-file-dialog the std.cfg is searched first. If some
other library fails to load is is retried with first loading std.cfg.
- boost.cfg: Enable containers that depend on std containers.
2019-03-15 06:59:37 +01:00
Paul Fultz II 3615eac347 Move useStlAlgorithm to normal checking (#1741) 2019-03-15 06:15:56 +01:00
Daniel Marjamäki a1ade2dd7d Refactoring: Use range for 2019-03-14 19:57:58 +01:00
Daniel Marjamäki 56c47fc6ed Refactoring: use continue 2019-03-14 19:53:45 +01:00
Daniel Marjamäki 3656f1ae4f Auto variables: Fix false negatives for normal tokens 2019-03-14 13:51:35 +01:00
Daniel Marjamäki 6eeee743d2 Auto variables: Minor cleanup 2019-03-14 06:41:11 +01:00
Daniel Marjamäki b984897526 ValueFlow: Fix sizeof for array of library type 2019-03-13 18:31:41 +01:00
Daniel Marjamäki 2ecfae0a98 CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now 2019-03-13 06:45:01 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 2a00667609 CheckBufferOverrun: cleanup 2019-03-12 18:58:14 +01:00
Daniel Marjamäki 11e32ff445 ValueFlow: Handle compound assignments in execute() 2019-03-12 18:53:58 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki 4ababeb704 Fix 'make checkcfg' 2019-03-11 21:39:39 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki 7b17b33a49 ValueFlow: fix handling of sizeof(*p) 2019-03-11 20:32:24 +01:00
Daniel Marjamäki 17253cdb55 buffer overflow: Fix false positive 2019-03-11 19:40:17 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki a933261e14 Add message id arrayIndexOutOfBoundsCond 2019-03-11 19:12:03 +01:00
orbitcowboy 0721c9f7f0 Running astyle [ci skip]. 2019-03-11 15:32:30 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki 34711bcb93 Remove unused functions 2019-03-11 12:23:22 +01:00
Daniel Marjamäki df8cfe2fc6 Travis: Fix Cppcheck warning 2019-03-10 12:24:41 +01:00
Rikard Falkeborn 6a3dd9a185 Handle concatenated string and char literals
This handles concatenated strings and characters from simplecpp.
Previously, L'c' would be preprocessed to the tokens  "L" and "'c'".
cppcheck would then remove the "L" token and set "'c'" to be a wide
character literal. Now, it needs to remove the prefix instead.

When doing this, add handling of utf32 encoded literals (U) and UTF-8
encoded literals (u8).
2019-03-10 10:38:50 +01:00
Daniel Marjamäki 3eb5de756c Buffer overrun: Refactorings; use range for loops and write in message 2019-03-09 22:19:09 +01:00
Daniel Marjamäki 4ce6de39c5 CheckCondition: Moved checks to 'normal' 2019-03-09 22:00:59 +01:00
Daniel Marjamäki ea9b2032c1 CheckClass: Moved checks to 'normal' 2019-03-09 21:38:36 +01:00
Daniel Marjamäki 69c05acd3b CheckBoost: Use 'normal' checking 2019-03-09 20:00:31 +01:00
Daniel Marjamäki 5a42c54d0f CheckBool: Use normal checking 2019-03-09 19:16:07 +01:00
Daniel Marjamäki ac42382cd9 Rewrite CheckBool::checkAssignBoolToPointer to use ValueType 2019-03-09 19:15:06 +01:00
Daniel Marjamäki e17ddfd964 Changed AST for variable declarations with initializations 2019-03-09 19:09:15 +01:00