Commit Graph

697 Commits

Author SHA1 Message Date
Scott Furry a195477470 Correct Zero/Null as pointer constant (#1938)
Building with enhanced clang warnings indicated a large number of
instances with the warning:

`warning: zero as null pointer constant`

Recommended practice in C++11 is to use `nullptr` as value for
a NULL or empty pointer value. All instances where this warning
was encountered were corrected in this commit.

Where warning was encountered in dependency code (i.e. external library)
no chnages were made. Patching will be offered upstream.
2019-06-30 21:39:22 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Daniel Marjamäki 6da42a3d63 Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.) 2019-05-01 13:00:14 +02:00
Daniel Marjamäki de4f57ec0f Buffer overflow: Add CTU checking for pointer arithmetic overflows 2019-04-03 06:43:56 +02:00
Daniel Marjamäki c5807459f9 CheckBufferOverrun: Add check for pointer arithmetics 2019-03-31 09:00:52 +02:00
Daniel Marjamäki 4107671549 TestBufferOverrun: Uncommented and moved CTU tests 2019-03-30 15:10:00 +01:00
Daniel Marjamäki b5a285319c Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) 2019-03-29 19:37:23 +01:00
Daniel Marjamäki d6b806c592 CheckBufferOverrun: Better CTU checking when variable address is passed 2019-03-23 15:57:17 +01:00
Daniel Marjamäki 9653760547 CheckBufferOverrun: Improved CTU analysis for array 2019-03-23 11:20:35 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Daniel Marjamäki 0771929518 Buffer overflow: Handling of dynamically allocated buffer 2019-03-17 13:40:56 +01:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki ebef16b8a3 Travis: Try to remove temporary fix 2019-03-16 18:29:02 +01:00
Daniel Marjamäki e9d29e826f Travis: Temporarily comment out failing test 2019-03-16 09:48:32 +01:00
Daniel Marjamäki fb2198fd6b Travis: Try to fix test 2019-03-16 09:28:00 +01:00
Daniel Marjamäki f40a80c349 Use 'normal' checking instead of 'simplified' 2019-03-16 07:19:48 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
amai2012 eb9edbc177 #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. 2019-03-08 11:07:33 +01:00
Daniel Marjamäki c32d015337 Fixed false positives from terminateStrncpy 2019-03-06 18:50:50 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II 4b37f276c2 ValueFlow: Set arrays to true when converting to a boolean
This sets it by checking the parent. It doesn't handle function parameters yet.
2019-01-21 20:05:35 +01:00
Daniel Marjamäki 8dd641b8be Use OVERRIDE in test 2019-01-12 15:45:25 +01:00
Daniel Marjamäki bc34f0239d Disable the subfunction value flow analysis. It does not work well and needs to be rewritten. There are false positives. 2018-12-18 14:36:49 +01:00
orbitcowboy 0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. (#1438)
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].

* Formatted the code. There are no functional changes intended.

* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. (#1419)
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.

* Formatted the code, there are functional changes.

* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki 20121b34d8 Fixed #7718 (False positive: out of bounds of already resized std::string) 2018-10-09 06:53:26 +02:00
Daniel Marjamäki f388c77042 Fixed #8721 (Regression: False positive array index out of bounds) 2018-08-31 18:25:43 +02:00
Daniel Marjamäki 27aae8d032 Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function) 2018-08-30 10:04:07 +02:00
Simon Martin acb0b9f07e Ticket #8679: Add support for C++11 thread_local and GCC's (among others) __thread extension. (#1351) 2018-08-26 19:46:36 +02:00
rebnridgway 42a65c5160 Fix crash bug #8579 (#1238)
* Added declaration for deletePrevious function

* Added definition for deletePrevious function

* Fixed crash from deleteThis invalidating pointers

The crash was caused by deleteThis() invalidating the pointer to a constant variable usage.  This happened when a usage followed an assignment.  This fixes bug #8579.

* Added tokensFront to match tokensBack

This means deletePrevious can set the list's front if necessary.

* Initialised tokensFront in appropriate places

* Switched to using default Token constructor

* Switched to using Token default constructor

* Switched to using default constructor for Token

* Added missing argument to Token constructor

* Changed to use default constructor for Tokens

* Switched to using default constructor for Tokens

* Switched to using default constructor for Token

* Added new test for deleting front Token

Also made sure to use the correct constructor for Token in other tests.

* Syntax error

* Replaced tokensFront and tokensBack with a struct

This decreases the size of the Token class for performance purposes.

* Replaced tokensFront and tokensBack with a struct

* Added tokensFrontBack to destructor

* Reworked to use TokensBackFront struct

Also ran astyle.

* Reworked to use TokenList's TokensFrontBack member

* Reworked to use TokensFrontBack struct

* Reworked to use TokensFrontBack struct

* Reworked to work with TokensFrontBack struct

* Removed unnecessary scope operator

* Added missing parentheses

* Fixed syntax error

* Removed unnecessary constructor

* Default constructor now 0-initialises everything

This is safer for not using a temporary TokensFrontBack object, and doesn't use delegating constructors which aren't supported yet.

* Fixed unsafe null check

* Added missing explicit keyword

* Fixing stylistic nits

Removed default constructor as it has been superseded by the single-argument constructor with a default argument value.
Renamed listEnds to tokensFrontBack.
Fixed if statement that was supposed to be adding safety but would actually cause a crash if tokensFrontBack was null.

* Fixing stylistic nits

Removed default constructor and replaced it with a single-argument constructor with a default value.

* Fixing stylistic nits

Renamed _listEnds to _tokensFrontBack.

* Fixing stylistic nits

Renamed _listEnds to _tokensFrontBack.
2018-05-25 07:15:05 +02:00
IOBYTE ce50df8047 Fix override warnings. (#1234) 2018-05-15 16:37:40 +02:00
Daniel Marjamäki 8c2a5c9813 astyle formatting
[ci skip]
2018-05-06 09:50:53 +02:00
Paul Fultz II 0561877182 Fix false positive with negative array index in issue 8536 (#1202)
* Fix FP with negative array index in valueflow

* Remove values when valueflow fails

* Add valueflow test
2018-05-06 08:35:29 +02:00
PKEuS bbfcccf078 Refactorization: Replace several push_back-sequences by initializer lists 2018-04-09 09:41:24 +02:00
Daniel Marjamäki 7e4dba6a7e Updated copyright year 2018-03-31 20:59:09 +02:00
IOBYTE 5bc039b7da Fix #6367 and #8439 (improve sizeof value flow support) (#1132) 2018-03-23 08:28:12 +01:00
Daniel Marjamäki bc40f5041d Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun) 2018-01-27 15:39:39 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Daniel Marjamäki 7d2450e445 Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc) 2017-12-31 14:58:26 +01:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 040d2f0012 Use simplecpp lexer in test cases 2017-05-18 21:52:31 +02:00
Daniel Marjamäki 7fd04cd8d0 Updated Token::expressionString(), write '->' instead of '.' 2017-04-30 14:22:18 +02:00
Simon Martin b526fd7c49 Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). 2017-04-21 23:36:10 +02:00
PKEuS b97779591e Fixed unit test in testbufferoverrun.cpp 2017-04-11 23:00:33 +02:00
PKEuS 680828788b Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests 2017-03-27 11:30:07 +02:00
PKEuS 171e1b8244 Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck() 2017-03-27 11:07:49 +02:00
Daniel Marjamäki f0d91fb74b Fixed #7869 (False positive: Array index out of bounds) 2016-12-20 22:01:19 +01:00
Daniel Marjamäki f5ad7482a8 CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member. 2016-12-18 22:10:30 +01:00
Daniel Marjamäki 461e5cc5c9 CheckBufferOverrun: Moved check from simplified to normal. This fixes a FP in asterisk. 2016-12-18 11:14:05 +01:00
Daniel Marjamäki a61f4e9c94 Fixed #7831 (false-positive: terminateStrncpy) 2016-11-24 07:04:58 +01:00
Daniel Marjamäki 5b377ea2e4 Fixed #7821 (segmentation fault, invalid last token) 2016-11-20 14:15:51 +01:00
PKEuS 3f4fe8f578 Refactorized CheckBufferOverrun:
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS 44a19b527e Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums (#7576) 2016-07-08 20:53:08 +02:00
PKEuS 644a216394 Fixed two false positives related to char arrays initialized by a literal:
- Run check for writing to string literals on non-simplified token list (#7283)
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/)
2016-07-07 19:38:15 +02:00
umanamente 0f11007c19 Fixed #7083 (false positive: typedef and initialization with strings) 2016-06-21 22:42:46 +02:00
PKEuS 8c0eab3eb3 Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays (#5975)
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
Daniel Marjamäki 659cd96b03 Fixed #7209 (False positive: Array index used before limits check reported in sizeof) 2016-01-24 14:06:02 +01:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Daniel Marjamäki 9c3f25603e CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead (#6973) 2015-11-30 16:36:52 +01:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
Daniel Marjamäki 5074c11b53 CheckBufferOverrun: Fixed FP when accessing string that contains '\0'. Refactoring address-of. 2015-11-09 10:30:39 +01:00
Daniel Marjamäki ef5be435c7 Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast) 2015-11-08 17:21:32 +01:00
Daniel Marjamäki 7d6e1974eb Fixed #7104 (False positive arrayIndexOutOfBounds) 2015-11-08 09:30:23 +01:00
Daniel Marjamäki 9c7271a5e9 CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead 2015-11-07 18:12:01 +01:00
PKEuS 0a34b206e8 Refactorization: Reduced code duplication in test suite 2015-10-08 11:35:51 +02:00
PKEuS 3a5cef8a7e Refactorization: Improved usage of Settings instances in test suite 2015-10-07 18:40:03 +02:00
Alexander Mai 8d2c4453ad Small optimizations for C code in Tokenizer. Add some regression tests for recently fixed results 2015-08-29 19:00:09 +02:00
Alexander Mai 66e4faa621 Add regression test for true negative argumentSize 2015-08-29 11:14:13 +02:00
PKEuS 128a926d9d Collected some more garbage code tests in testgarbage.cpp; Avoid std::string creation in testgarbage.cpp 2015-08-16 19:12:12 +02:00
Martin Ettl 42a406ac5f testbufferoverrun: Removed duplicate test case. 2015-07-30 22:42:45 +02:00
Daniel Marjamäki 6790d91fbb Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884. 2015-07-29 19:54:57 +02:00
Daniel Marjamäki c5bbea2994 Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value) 2015-07-27 16:39:41 +02:00
PKEuS 176b3925b3 Removed "verify" code in testrunner. Fixing its messages reduces the accuracy of the test suite. 2015-07-25 14:18:41 +02:00
Daniel Marjamäki fef251ac76 negative array size: fixed noise when array is not vla 2015-07-04 09:42:42 +02:00
Daniel Marjamäki 0ca410a4d7 Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression) 2015-06-07 14:01:20 +02:00
Daniel Marjamäki baa1ae079d New check: negative size in array declaration. Ticket #1760 2015-05-03 15:00:47 +02:00
Dmitry-Me d735918a8a Constructor parameter type need not be a number 2015-03-25 14:56:45 +03:00
PKEuS bc5132e0ac Refactorization: Moved declaration of errout, ... to testsuite.h, uniformized style 2015-03-11 22:54:43 +01:00
Daniel Marjamäki cc0f61376a more cleanup of std.cfg testing in TestBufferOverrun 2015-02-14 18:55:54 +01:00
Daniel Marjamäki e510902d58 TestBufferOverrun cleanup some more std.cfg testing 2015-02-14 17:30:08 +01:00
Daniel Marjamäki 360ec9d853 updated TestBufferOverrun test case. Since checker doesn't use library dont load std.cfg. 2015-02-14 16:44:08 +01:00
Daniel Marjamäki 0c0d62171e removed duplicate testcase. See testcase for #836 2015-02-14 16:41:51 +01:00
Daniel Marjamäki a57d5d7eda moved testcases 2015-02-14 16:37:48 +01:00
Daniel Marjamäki e01b30345e move testcases in TestBufferOverrun 2015-02-14 16:29:05 +01:00
Daniel Marjamäki 166db40af2 Fix TestBufferOverrun test case, it was wrongly written. 2015-02-14 15:51:13 +01:00
Daniel Marjamäki c43d537726 renamed TestBufferOverrun test method to same name as CheckBufferOverrun method that is tested 2015-02-14 15:49:17 +01:00
Daniel Marjamäki 2b7c7134e1 TestBufferOverrun: move memset test 2015-02-14 15:46:00 +01:00
Daniel Marjamäki e0d90c00be TestBufferOverrun: Cleanup testcases for memory functions 2015-02-13 16:16:59 +01:00
Daniel Marjamäki 2d21eb07ba Cleaned up snprintf hardcoding in CheckBufferOverrun 2015-02-13 06:44:38 +01:00
Daniel Marjamäki a6cfd15bde refactoring TestBufferOverrun 2015-02-12 17:36:22 +01:00
Daniel Marjamäki 9aad4fa8ca CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead 2015-02-12 17:29:36 +01:00
Daniel Marjamäki d9deabe2ce TestBufferOverrun: clean up 2015-02-10 17:29:36 +01:00
Daniel Marjamäki 53718047f1 refactoring TestBufferOverrun 2015-02-10 06:49:48 +01:00
Daniel Marjamäki 9aa0420472 TestBufferOverrun: Moved out cfg tests. Created minsize-mul testing in TestBufferOverrun 2015-02-10 06:44:19 +01:00
Daniel Marjamäki ce1d0099cf TestBufferOverrun: Moved out cfg tests. Created minsize-argvalue testing in TestBufferOverrun 2015-02-10 06:35:41 +01:00
Daniel Marjamäki 631536980c TestBufferOverrun: split up strncpy testing, keep checker testing in TestBufferOverrun and move cfg tests to cfg test 2015-02-09 16:20:28 +01:00
PKEuS f78744ac30 Fixed AST generation if expression starts with ternary operator 2015-02-01 14:02:19 +01:00
PKEuS 21cb0cfd60 Take simplifyIfNotNull and simplifyIfNot out of simplifyTokenList1 (first step for #6072) 2015-01-31 20:12:02 +01:00
Daniel Marjamäki 73113c67e7 Fixed #6480 (False positive unreachableCode - member function exit called instead of ::exit()) 2015-01-31 16:55:55 +01:00
Daniel Marjamäki 57ec1aea91 Library: Don't rely on ast in isNotLibraryFunction since it's used in tokenizer 2015-01-31 10:24:10 +01:00
PKEuS 98e33a189f Enhanced CheckBufferOverrun:
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
PKEuS 3274a00b82 Moved some more tests to testgarbage.cpp 2015-01-21 10:04:46 +01:00
Daniel Marjamäki 6a8293a8b7 Library: More strict matching of functions 2015-01-08 19:31:41 +01:00
Daniel Marjamäki ff11ba9847 Updated copyright year to 2015 2015-01-03 12:14:58 +01:00
Daniel Marjamäki 6194a4eefd Fixed #6357 (Improve check: pointer arithmetic 'p+x' overrun, conditional x) 2014-12-26 09:12:00 +01:00
Daniel Marjamäki 7ab12cea63 Improved pointer arithmetic message 2014-12-25 14:31:46 +01:00
Daniel Marjamäki bc594d52c8 Fixed #6349 (Pointer arithmetic: clarify message) 2014-12-25 10:05:55 +01:00
Daniel Marjamäki 7cfa54f0e0 Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter) 2014-12-24 14:03:52 +01:00
Daniel Marjamäki 1b2a23b3fe Fixed #6350 (Tokenizer::simplifyCast: set Token::isCasted when cast is removed) 2014-12-23 16:16:14 +01:00
Daniel Marjamäki 10ae551fef CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended. 2014-12-22 10:56:17 +01:00
Daniel Marjamäki 93ac5a41cd Fixed #6346 (pointer calculation overflow) 2014-12-22 09:38:00 +01:00
Daniel Marjamäki a95e5bff2b Fixed #6344 (false positive: out of bounds access when array size is unknown) 2014-12-20 18:50:08 +01:00
Daniel Marjamäki a1537e1a6e Fixed #6339 (false negative: array index out of bounds on allocated buffer using valueflow) 2014-12-17 16:23:48 +01:00
Alexander Mai c2584aa635 #6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope(). 2014-12-04 20:49:58 +01:00
Daniel Marjamäki 051d42ae6b astyle formatting 2014-11-20 14:20:09 +01:00
orbitcowboy f5d804f71a running astyle 2014-11-20 10:13:03 +01:00
Frank Zingsheim 71c5d4bd60 Ticket #6232 (cppOut of bounds array access)
--HG--
extra : rebase_source : 79ed3533a12a486ea3ed3f09f9bc55b1a4771161
2014-10-21 22:56:53 +02:00
PKEuS 6955e719cf Collected garbage code tests and moved them to testgarbage.cpp 2014-10-16 10:59:46 +02:00
PKEuS 68b26f8faa Fixed subsequent false negatives in CheckBufferOverrun::checkInsecureCmdLineArgs() (#5835) 2014-09-29 15:38:33 +02:00
Alexander Mai ccd80e3407 #6141 FP: Unknown type is assumed to have size 0. 2014-09-27 21:51:11 +02:00
Dmitry-Me 1e298a31cf Refactoring tests. Use utility function to warn about unsimplified code in tests. 2014-09-13 12:59:32 +02:00
PKEuS 4c18967329 Added unit test for #5849 2014-08-31 21:45:38 +02:00
Daniel Marjamäki b6355b991f Fixed #6070 (false positive: Array 'array[8192]' accessed at index 8192, which is out of bounds) 2014-08-19 07:03:00 +02:00
Daniel Marjamäki 47a2b35e98 BufferOverrun: Use ValueFlow string values more 2014-08-04 08:25:10 +02:00
Daniel Marjamäki 5de1e35350 CheckBufferOverrun: Fixed minsize checking of string literals. Check sizeof string instead of strlen. 2014-07-30 20:35:21 +02:00
Daniel Marjamäki 254b6438b9 CheckBufferOverrun::checkStringArgument: sizeof string is strlen+1 2014-07-08 16:04:09 +02:00
Daniel Marjamäki 9a4bd73a18 Fixed unit test 2014-07-08 08:02:02 +02:00
Daniel Marjamäki 0fd334911a Fixed #5257 (Check memcpy size for string literals) 2014-07-06 08:41:39 +02:00
Daniel Marjamäki 53aa2f5982 astyle formatting
[ci skip]
2014-07-06 07:16:28 +02:00
amai2012 77095e2b05 Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
Fix some compiler warnings on MSVC
2014-07-05 22:47:10 +02:00
Daniel Marjamäki a3acc3241e Library: Added <minsize> element used for buffer overrun checking 2014-07-05 20:31:43 +02:00
Daniel Marjamäki 6c8558c112 CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on. 2014-06-27 06:46:42 +02:00
Daniel Marjamäki 036b2f8ccf CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking. 2014-06-26 17:36:20 +02:00
Simon Martin 966491d40b Added a test for out-of-bounds character array access. 2014-05-27 16:21:13 +02:00
PKEuS effa38c322 Fixed #5863 (False positive: array index is used before limits check) 2014-05-24 17:50:01 +02:00
PKEuS 04fbbdb5e8 Refactorized CheckBufferOverrun::arrayIndexThenCheck() and fixed false negative 2014-05-10 13:00:44 +02:00
Daniel Marjamäki ed1d63ffc0 Fixed #5636 (FP: matrix out of bounds) 2014-05-03 18:12:06 +02:00
Alexander Mai 89dc652af9 #5631 Typo and misleading error message in negativeMemoryAllocationSize 2014-04-08 20:23:00 +02:00
Daniel Marjamäki e5301b2b7a ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known 2014-03-29 20:20:22 +01:00
PKEuS 1c58628223 Handle pointer/reference to array in setVarId (#2645) 2014-03-28 16:10:27 +01:00
PKEuS 63254b33f9 Fixed uncaught exception in testbufferoverrun.cpp 2014-03-27 19:55:11 +01:00
Daniel Marjamäki 6da9cca4ab fixed unit test that I broke by mistake 2014-03-25 21:45:25 +01:00
Daniel Marjamäki 87daf5783e buffer overflow: clean up old checking for negative index 2014-03-25 20:37:32 +01:00
Daniel Marjamäki c8004a8d31 Buffer overruns: Use ValueFlow to detect negative index 2014-03-25 18:22:22 +01:00
Daniel Marjamäki aa05bf0f16 ValueFlow: Improved abstract interpretation 2014-03-24 06:48:06 +01:00
Daniel Marjamäki dbc8273cb7 ValueFlow: improved abstract interpretation of for loops 2014-03-24 00:16:02 +01:00
Daniel Marjamäki b6276058da Value Flow: Improved abstract interpretation of arithmetical expressions 2014-03-22 19:02:33 +01:00
PKEuS 49b25b05d9 Fixed crash in CheckBufferOverrun on garbage code (#5595) 2014-03-21 13:20:44 +01:00
Daniel Marjamäki e240282443 Value Flow: Another try with the abstract interpretation of for loops 2014-03-17 18:43:47 +01:00
Daniel Marjamäki 8c3f2c2ad9 Revert 894a65b0. abstract interpretation of for loops. there was some crashes and performance problems. I will fix those problems when I have time and recommit. 2014-03-16 08:38:52 +01:00
Daniel Marjamäki 894a65b0b1 ValueFlow: Refactor the for-loop handling. Use abstract interpretation. 2014-03-15 11:29:33 +01:00
Daniel Marjamäki 7fa73c0d64 Merge pull request #256 from xypron/5505
5505: FP: Array accessed out of bounds
2014-03-09 08:47:18 +01:00
Heinrich Schuchardt bd67db96f1 5505: FP: Array accessed out of bounds
CheckBufferOverrun::checkFunctionParameter alreacy considered usage of a
function parameter inside an if block as a special case.

With the patch the same is done for switch statements.

A test is added.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-07 19:51:13 +01:00
Daniel Marjamäki fd3a8a2a18 Update copyright 2014-02-15 07:45:39 +01:00
Martin Ettl 6ca7daec10 Fixed #389: Providing negative value to memory allocation function. 2014-02-01 22:38:29 +01:00
Daniel Marjamäki 9aa9530e0d Fixed #5426 (crash: btrfs-progs cmds-inspect.c) 2014-01-31 06:19:36 +01:00
Daniel Marjamäki abe8439917 Fixed #5416 (False positive: Array accessed at index, which is out of bounds.) 2014-01-28 16:55:10 +01:00
Daniel Marjamäki 0dbb86f0cb Cleanup ExecutionPath from CheckBufferOverrun 2014-01-22 21:25:37 +01:00
Daniel Marjamäki b91f42453b value flow: improved handling of cast 2014-01-20 22:26:55 +01:00
Daniel Marjamäki 3e23e243f6 BufferOverflow: Updated message for out of bounds array index or redundant condition 2014-01-17 19:44:45 +01:00
Daniel Marjamäki 18d6285ad2 BufferOverrun: Improved error message when array index is used before checking that its in limits 2014-01-17 18:56:46 +01:00
Daniel Marjamäki 30cae358d8 Removed the --value-flow flag. ValueFlow analysis will always be enabled from now on. 2014-01-17 18:07:05 +01:00
Daniel Marjamäki 0b4de97e2b value flow: Use ValueFlow in CheckBufferOverrun 2014-01-16 19:23:14 +01:00
Daniel Marjamäki a1b0d190df Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().) 2014-01-02 10:46:19 +01:00
Daniel Marjamäki 32be4094e7 Symbol database: only put variables in variable list 2013-12-31 17:51:56 +01:00
PKEuS 4f0121ee2f Splitted simplification out of tokenize() 2013-12-30 17:45:28 +01:00
Simon Martin fe75686595 Ticket #5203: Don't crash when checking buffer overrun for invalid code. 2013-11-30 07:40:32 +01:00
Daniel Marjamäki 946722faf0 Fixed #4968 (False positive: Structure with 'read' member is confused with read() function.) 2013-10-05 18:25:44 +02:00
Alexander Mai 450442287c Fixed #4974 (CheckBufferOverrun::writeOutsideBufferSize() too strict) 2013-08-25 18:46:07 +02:00
Daniel Marjamäki 5ce7189bc0 Merge pull request #166 from last5bits/ticket4213
Fixing #4213 arrayIndexThenCheck and adding tests
2013-08-23 22:36:30 -07:00
Alexey Zhikhartsev d24a321ba2 Fixing #4213 arrayIndexThenCheck and adding tests 2013-08-23 19:04:01 +04:00
Daniel Marjamäki 64733d9e63 astyle formatting 2013-08-10 12:32:59 +02:00
Simon Martin ad33d95ec1 Ticket #4764: properly handle template instantiations with only default parameters. 2013-08-10 12:00:16 +02:00
PKEuS a9a5dc0354 Updated to AStyle 2.03, require this version 2013-08-07 16:27:37 +02:00
Lucas Manuel Rodriguez d6be4559cd Fixed #4840 (false negative: buffer access out of bounds) 2013-06-25 06:37:51 +02:00
Daniel Marjamäki a861817a01 Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration) 2013-05-28 16:52:23 +02:00
Daniel Marjamäki ea60c5b14b CheckBufferOverrun: Code cleanup 2013-05-05 08:14:19 +02:00
Daniel Marjamäki 4e65800adf TestRunner: Updated warning message when there is unsimplified code 2013-04-16 16:54:19 +02:00
Daniel Marjamäki 393c75af70 Simplified remaining TestBufferOverrun test cases 2013-04-13 15:49:15 +02:00
Daniel Marjamäki cbe2cdafcf Simplify TestBufferOverrun test cases (casts, pointer addition, calculation) 2013-04-13 13:58:21 +02:00
Daniel Marjamäki fe911f92e1 Simplify TestBufferOverrun test cases (known variable value) 2013-04-13 13:13:13 +02:00
Daniel Marjamäki 78d3aef40e Simplified TestBufferOverrun test cases (sizeof, known variable value) 2013-04-13 11:01:19 +02:00
Daniel Marjamäki 3b880f9e2e Simplified TestBufferOverrun test cases (sizeof, known variables, casts, etc) 2013-04-13 08:19:14 +02:00
Daniel Marjamäki 7871f16e9d Simplified TestBufferOverrun::readlink test cases (sizeof) 2013-04-13 07:31:15 +02:00
Daniel Marjamäki 6afdd1b7c0 Simplified TestBufferOverrun::readlinkat test cases (sizeof, known variables) 2013-04-13 07:22:01 +02:00
PKEuS cdce755471 Removed duplicate unit tests in testbufferoverrun.cpp 2013-04-12 12:17:08 -07:00
PKEuS c487ea843d Better fix for #4706: Use Token::nextArgument() properly. Removed redundant ' in message 2013-04-09 08:30:53 -07:00
Ettl Martin ba8cca8fa9 #4706 fix crash when a struct member is used as first argument. Replaced Token::nexArgument with %any% in Token::Match call. Added unittests in testing Token::nexArgument. 2013-04-04 15:12:18 +02:00
Ettl Martin 54d398c7dd unittests: removed not needed '\n' at the end of testcases. 2013-03-19 09:18:58 +01:00