Daniel Marjamäki
17253cdb55
buffer overflow: Fix false positive
2019-03-11 19:40:17 +01:00
Daniel Marjamäki
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
Daniel Marjamäki
a933261e14
Add message id arrayIndexOutOfBoundsCond
2019-03-11 19:12:03 +01:00
orbitcowboy
0721c9f7f0
Running astyle [ci skip].
2019-03-11 15:32:30 +01:00
Daniel Marjamäki
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki
3eb5de756c
Buffer overrun: Refactorings; use range for loops and write in message
2019-03-09 22:19:09 +01:00
amai2012
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
Daniel Marjamäki
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
Daniel Marjamäki
3f37d5ac2d
Refactoring strncpy/strncat checking to use ValueFlow and AST
2019-03-06 09:04:04 +01:00
Daniel Marjamäki
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
Daniel Marjamäki
271763e680
CTU: Refactoring
2018-12-25 21:11:23 +01:00
Daniel Marjamäki
2214ef5359
Refactor isVLAIndex
2018-11-23 20:23:20 +01:00
orbitcowboy
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
Daniel Marjamäki
12b7c9e597
Fix Cppcheck warning
2018-09-01 08:41:41 +02:00
Daniel Marjamäki
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
Daniel Marjamäki
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
Daniel Marjamäki
54cfdb731e
Refactoring; Use Token::isUnaryOp() to clarify code
2018-07-13 23:12:20 +02:00
Daniel Marjamäki
4c6270f9b2
Refactoring: use range for loop
2018-06-30 15:34:48 +02:00
Daniel Marjamäki
cb48aae594
buffer overrun: Remove bailout. There is no test case and I fail to produce false positives.
2018-06-24 09:50:55 +02:00
Daniel Marjamäki
19cf0d1fa4
Refactoring; use range for loop
2018-06-17 18:37:40 +02:00
Daniel Marjamäki
ad4ce84cf7
Rename private member variables
2018-06-17 17:20:16 +02:00
Daniel Marjamäki
79ffe1d4fc
Rename _tokenizer, _settings, _errorLogger
2018-06-16 16:10:28 +02:00
Matthias Krüger
be6c273e6b
CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC).
2018-05-31 12:28:34 +02:00
Daniel Marjamäki
ca8e19c96d
SymbolDatabase: Refactor SymbolDatabase: variable list
2018-04-28 09:38:33 +02:00
Daniel Marjamäki
f336c2efe7
Refactoring; Renamed Scope::classStart and Scope::classEnd
2018-04-27 22:36:30 +02:00
Daniel Marjamäki
f058d9ad08
CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better.
2018-04-23 12:21:18 +02:00
PKEuS
d2146844dd
Refactorizations:
...
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
PKEuS
b15cc3f236
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:54:39 +02:00
Daniel Marjamäki
a0906140a6
Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName.
2018-04-09 06:43:48 +02:00
Daniel Marjamäki
3ad6c7ebce
Refactoring, use early continue
2018-04-05 08:21:43 +02:00
jrp2014
67a71fa362
Refactor lib/checkbufferoverrun.cpp
2018-04-05 08:17:56 +02:00
jrp2014
b6504c70ca
Improve constness
2018-04-04 21:51:31 +02:00
Daniel Marjamäki
96167ffa51
Compatibility fixes for gcc 4.5
2018-03-29 17:37:06 +02:00
Daniel Marjamäki
71511f3131
Refactor f487182
2018-02-06 08:59:36 +01:00
Ivan Maidanski
f487182075
Suppressed unused functions should not lead to nonzero exit code ( #1026 ) ( #1078 )
...
This is a fix of commit 97ffec8
.
2018-02-06 07:44:53 +01:00
Daniel Marjamäki
5b6ec49a6f
Pointer overflow: Fixed false positive
2018-01-27 22:09:43 +01:00
Daniel Marjamäki
189e0b3890
Fix Cppcheck warning about uninitialized variable
2018-01-27 22:05:29 +01:00
Daniel Marjamäki
bc40f5041d
Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun)
2018-01-27 15:39:39 +01:00
Daniel Marjamäki
c4caee6b18
Updated copyright year
2018-01-14 15:37:52 +01:00
Ivan Maidanski
97ffec85c0
Fixed #7502 (Correct exit code if never used function is found) ( #1026 )
2018-01-12 08:24:01 +01:00
Daniel Marjamäki
7d2450e445
Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)
2017-12-31 14:58:26 +01:00
Daniel Marjamäki
79f6793076
minor code cleanup
2017-12-31 12:30:02 +01:00
Oleksandr Redko
a8700f5622
Remove redundant parts of conditional expressions ( #988 )
...
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
Daniel Marjamäki
ba8222de1c
ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive.
2017-09-20 22:41:36 +02:00
Ayaz Salikhov
f0b5327450
Fix codestyle ( #953 )
2017-09-07 13:00:46 +02:00
Dmitry-Me
0e444aa133
Cache and reuse values
2017-09-05 17:50:36 +03:00
Ayaz Salikhov
b8cd7dbb5c
Use nullptr instead of 0 or NULL ( #936 )
2017-08-09 20:00:26 +02:00
Matthias Krüger
9b6d371762
checkbufferoverrun: remove dead store
...
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.
Was:
lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
tok = tok->next();
^ ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00