Commit Graph

677 Commits

Author SHA1 Message Date
Daniel Marjamäki d27a4ad82e CheckBufferOverrun: Fix ctu checking 2019-03-23 15:26:13 +01:00
Daniel Marjamäki a135683d2f Refactoring; Renamed CWE786 and CWE788 2019-03-23 08:41:20 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki 6cbe818f1a Fix uninitialized variable usage 2019-03-19 13:17:27 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Daniel Marjamäki b53a2e5dc4 CheckBufferOverrun: restore minsize code 2019-03-17 20:34:49 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Sebastian 19e9e42dd7
Library: Enhance minsize configuration and allow simple values. (#1736)
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
Daniel Marjamäki 0771929518 Buffer overflow: Handling of dynamically allocated buffer 2019-03-17 13:40:56 +01:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki 2ecfae0a98 CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now 2019-03-13 06:45:01 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki 4ababeb704 Fix 'make checkcfg' 2019-03-11 21:39:39 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki 17253cdb55 buffer overflow: Fix false positive 2019-03-11 19:40:17 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki a933261e14 Add message id arrayIndexOutOfBoundsCond 2019-03-11 19:12:03 +01:00
orbitcowboy 0721c9f7f0 Running astyle [ci skip]. 2019-03-11 15:32:30 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki 3eb5de756c Buffer overrun: Refactorings; use range for loops and write in message 2019-03-09 22:19:09 +01:00
amai2012 eb9edbc177 #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. 2019-03-08 11:07:33 +01:00
Daniel Marjamäki c32d015337 Fixed false positives from terminateStrncpy 2019-03-06 18:50:50 +01:00
Daniel Marjamäki 3f37d5ac2d Refactoring strncpy/strncat checking to use ValueFlow and AST 2019-03-06 09:04:04 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Daniel Marjamäki 271763e680 CTU: Refactoring 2018-12-25 21:11:23 +01:00
Daniel Marjamäki 2214ef5359 Refactor isVLAIndex 2018-11-23 20:23:20 +01:00
orbitcowboy 0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. (#1438)
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].

* Formatted the code. There are no functional changes intended.

* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. (#1419)
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.

* Formatted the code, there are functional changes.

* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki 20121b34d8 Fixed #7718 (False positive: out of bounds of already resized std::string) 2018-10-09 06:53:26 +02:00
Daniel Marjamäki 12b7c9e597 Fix Cppcheck warning 2018-09-01 08:41:41 +02:00
Daniel Marjamäki f388c77042 Fixed #8721 (Regression: False positive array index out of bounds) 2018-08-31 18:25:43 +02:00
Daniel Marjamäki 27aae8d032 Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function) 2018-08-30 10:04:07 +02:00
Daniel Marjamäki 54cfdb731e Refactoring; Use Token::isUnaryOp() to clarify code 2018-07-13 23:12:20 +02:00
Daniel Marjamäki 4c6270f9b2 Refactoring: use range for loop 2018-06-30 15:34:48 +02:00
Daniel Marjamäki cb48aae594 buffer overrun: Remove bailout. There is no test case and I fail to produce false positives. 2018-06-24 09:50:55 +02:00
Daniel Marjamäki 19cf0d1fa4 Refactoring; use range for loop 2018-06-17 18:37:40 +02:00
Daniel Marjamäki ad4ce84cf7 Rename private member variables 2018-06-17 17:20:16 +02:00
Daniel Marjamäki 79ffe1d4fc Rename _tokenizer, _settings, _errorLogger 2018-06-16 16:10:28 +02:00
Matthias Krüger be6c273e6b CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC). 2018-05-31 12:28:34 +02:00
Daniel Marjamäki ca8e19c96d SymbolDatabase: Refactor SymbolDatabase: variable list 2018-04-28 09:38:33 +02:00
Daniel Marjamäki f336c2efe7 Refactoring; Renamed Scope::classStart and Scope::classEnd 2018-04-27 22:36:30 +02:00
Daniel Marjamäki f058d9ad08 CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better. 2018-04-23 12:21:18 +02:00
PKEuS d2146844dd Refactorizations:
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
PKEuS b15cc3f236 Refactorization: Replace several push_back-sequences by initializer lists 2018-04-09 09:54:39 +02:00
Daniel Marjamäki a0906140a6 Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName. 2018-04-09 06:43:48 +02:00
Daniel Marjamäki 3ad6c7ebce Refactoring, use early continue 2018-04-05 08:21:43 +02:00
jrp2014 67a71fa362 Refactor lib/checkbufferoverrun.cpp 2018-04-05 08:17:56 +02:00
jrp2014 b6504c70ca Improve constness 2018-04-04 21:51:31 +02:00
Daniel Marjamäki 96167ffa51 Compatibility fixes for gcc 4.5 2018-03-29 17:37:06 +02:00
Daniel Marjamäki 71511f3131 Refactor f487182 2018-02-06 08:59:36 +01:00
Ivan Maidanski f487182075 Suppressed unused functions should not lead to nonzero exit code (#1026) (#1078)
This is a fix of commit 97ffec8.
2018-02-06 07:44:53 +01:00
Daniel Marjamäki 5b6ec49a6f Pointer overflow: Fixed false positive 2018-01-27 22:09:43 +01:00
Daniel Marjamäki 189e0b3890 Fix Cppcheck warning about uninitialized variable 2018-01-27 22:05:29 +01:00
Daniel Marjamäki bc40f5041d Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun) 2018-01-27 15:39:39 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Ivan Maidanski 97ffec85c0 Fixed #7502 (Correct exit code if never used function is found) (#1026) 2018-01-12 08:24:01 +01:00
Daniel Marjamäki 7d2450e445 Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc) 2017-12-31 14:58:26 +01:00
Daniel Marjamäki 79f6793076 minor code cleanup 2017-12-31 12:30:02 +01:00
Oleksandr Redko a8700f5622 Remove redundant parts of conditional expressions (#988)
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
Daniel Marjamäki ba8222de1c ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive. 2017-09-20 22:41:36 +02:00
Ayaz Salikhov f0b5327450 Fix codestyle (#953) 2017-09-07 13:00:46 +02:00
Dmitry-Me 0e444aa133 Cache and reuse values 2017-09-05 17:50:36 +03:00
Ayaz Salikhov b8cd7dbb5c Use nullptr instead of 0 or NULL (#936) 2017-08-09 20:00:26 +02:00
Matthias Krüger 9b6d371762 checkbufferoverrun: remove dead store
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.

Was:

lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
                tok = tok->next();
                ^     ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00
Daniel Marjamäki 058c439b2a Coverity detected useless function call, cleanup code 2017-08-01 12:45:37 +02:00
Daniel Marjamäki fec0c46af0 Refactoring, use continue in loop 2017-07-30 14:53:58 +02:00
Ayaz Salikhov 4bbc830a85 Fix warnings 2017-07-17 10:13:11 +03:00
uburuntu f4ce49d883 ENH: perfomance: using clear() and empty() more faster for stl containers 2017-06-02 22:38:00 +04:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 1dd42d9a9e arrayIndexOutOfBounds: Make sure error message is clarified for daca2 --template format 2017-05-25 08:18:37 +02:00
Daniel Marjamäki 70c2de62b7 arrayIndexOutOfBounds: better note 2017-05-23 16:06:32 +02:00
Daniel Marjamäki e73657b198 Clarify arrayIndexOutOfBounds 2017-05-23 14:58:43 +02:00
Daniel Marjamäki f7cda81c0c Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning' 2017-05-23 11:43:56 +02:00
Daniel Marjamäki 55ae206ecc ErrorPath: better output 2017-05-19 17:29:16 +02:00
Daniel Marjamäki c617851567 ErrorLogger: Added ErrorPath where each item has token and info 2017-05-16 22:38:13 +02:00
Daniel Marjamäki f92e7b3bfc Emit better errorpath in CheckBufferOverrun::negativeIndexError 2017-05-16 19:08:47 +02:00
Simon Martin b526fd7c49 Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). 2017-04-21 23:36:10 +02:00
PKEuS b1f4bd7504 Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set (#7995) 2017-04-11 11:49:26 +02:00
Matthias Krüger 7d12e1f3a6 valueFlowGetArrayIndexes: convert Token::Match to Token::simpleMatch.
The pattern is a sole "[", but since "[" is also used for complexe patterns, the internal check that finds potential simple match patterns bailed out here.
2017-04-09 17:27:46 +02:00
Daniel Marjamäki 633ed23c0d Fix Cppcheck warnings about mismatching function argument names 2017-04-01 09:31:27 +02:00
Daniel Marjamäki cc3ef7bbe8 Fix so array access out of bounds for external arrays are detected again 2017-03-30 10:14:17 +02:00
PKEuS 3c8f5b85ae Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10% 2017-03-27 18:48:34 +02:00
PKEuS 2938278f00 Refactorization: Store minsizes in vector instead of list which has less overhead 2017-03-27 17:53:43 +02:00
PKEuS 63d39390b4 checkbufferoverrun.cpp: refactorizations 2017-03-27 16:09:51 +02:00
PKEuS 83b1e1c329 CheckBufferOverrun: Refactorizations
- Improved/Optimized conditions in checkBufferAllocatedWithStrlen()
- Avoid copying strings for checkScope()
2017-03-27 11:48:34 +02:00
PKEuS 680828788b Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests 2017-03-27 11:30:07 +02:00
PKEuS 171e1b8244 Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck() 2017-03-27 11:07:49 +02:00
orbitcowboy 6c71d74563 Cleanup: There is no need to clear a string directly after its creation. 2017-01-16 20:10:28 +01:00
Daniel Marjamäki f0d91fb74b Fixed #7869 (False positive: Array index out of bounds) 2016-12-20 22:01:19 +01:00
Daniel Marjamäki f5ad7482a8 CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member. 2016-12-18 22:10:30 +01:00
PKEuS cfac3b457d Several small refactorizations 2016-12-06 22:12:02 +01:00
Stefan Weil 57b57428c2 Fix some typos in comments (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-11-27 11:40:42 +01:00
Daniel Marjamäki a61f4e9c94 Fixed #7831 (false-positive: terminateStrncpy) 2016-11-24 07:04:58 +01:00
Daniel Marjamäki 4732667488 ValueFlow: allow more value types 2016-11-13 22:33:39 +01:00