Commit Graph

665 Commits

Author SHA1 Message Date
PKEuS 141d2ac215 Refactorization: Improved internal implementation of severity and certainty levels
Backported from LCppC.
2021-02-24 22:00:06 +01:00
Daniel Marjamäki 853c271f22 Fix gcc warning; variable vidx is assigned but not read 2021-01-16 18:13:06 +01:00
Daniel Marjamäki 1858465bca astyle formatting
[ci skip]
2021-01-12 21:28:56 +01:00
Paul Fultz II fc4238829f
Fix issue 10092: false positive: (warning) The address of local variable 'data' might be accessed at non-zero index. (#3041) 2021-01-12 10:24:28 +01:00
Daniel Marjamäki f493ce16b3 astyle formatting
[ci skip]
2021-01-10 14:46:19 +01:00
Oliver Stöneberg ac7647fcd8
some self-check suppression cleanups (#3032) 2021-01-09 20:32:38 +01:00
Rikard Falkeborn 50cdb6cbfc
Astyle: sync windows and linux folders (#3016) 2021-01-06 17:13:44 +01:00
Paul Fultz II e004731f1c
Fix issue 8650: ValueFlow: Track if pointer is created by '&' operator (#3011) 2021-01-05 16:56:38 +01:00
Daniel Marjamäki c6452adc88 Fixed Cppcheck warning; Remove unused private method CheckBufferOverrun::bufferNotZeroTerminatedError 2020-12-04 18:58:10 +01:00
Oliver Stöneberg 37bc0483a4
made check.h less heavy (#2633) 2020-05-23 07:16:49 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Oliver Stöneberg 1af959af2c
fixed -Wextra-semi-stmt Clang warnings (#2553)
* fixed -Wextra-semi-stmt Clang warnings

* adjusted REDIRECT macro to require a semicolon

* testmathlib.cpp: rolled back accidental change
2020-04-21 17:27:51 +02:00
Oliver Stöneberg 2c1e36e63e
cleaned up includes based on include-what-you-use (#2600)
* cleaned up includes based on include-what-you-use

* check.h: trying to work around Visual Studio 2012 bug

* fixed Visual Studio compilation
2020-04-13 13:44:48 +02:00
Paul Fultz II 3b20684aca
Fix issue 9360: False positive: arrayIndexOutOfBounds when function is called with different array sizes (#2541) 2020-02-17 10:31:08 +01:00
Daniel Marjamäki 84bb024662 Refactoring; Reuse variable typeSize 2020-01-19 09:17:38 +01:00
Daniel Marjamäki cefd7fb33f Fix testrunner 2020-01-18 12:29:03 +01:00
Daniel Marjamäki 9ffb657c1a Fixed #8597 (False positive - Array index is used before limits check.) 2019-12-20 09:46:01 +01:00
Daniel Marjamäki fcc5fad3ed Fixed #9113 (false positive: (error) Buffer is accessed out of bounds) 2019-11-10 16:42:48 +01:00
Rikard Falkeborn 73a569be97 TestBufferOverRun: Handle string literals (#2287) 2019-10-21 07:11:22 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Paul Fultz II 6b6553e320 Dont warn for arrays that are containers (#2240) 2019-10-05 16:14:30 +02:00
Oliver Stöneberg de9f489b08 use range loops / constness (#2181)
* use range loops / constness

* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
Daniel Marjamäki 32eda27391 Refactoring: Use enum class 2019-07-16 10:51:26 +02:00
Daniel Marjamäki 1888b39314 Use 'nonneg' instead of 'unsigned' in checkbufferoverrun 2019-07-16 07:59:35 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Daniel Marjamäki 6da42a3d63 Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.) 2019-05-01 13:00:14 +02:00
Daniel Marjamäki 74fad6ce05 Modernizing; Use std::accumulate instead of for loop 2019-04-28 11:25:43 +02:00
Daniel Marjamäki 9c5d24c551 Modernizing: Use std::accumulate instead of for loop 2019-04-28 11:17:11 +02:00
Daniel Marjamäki 9d72e24edb Refactoring; Use stl algorithm instead of for loop 2019-04-28 10:30:20 +02:00
Daniel Marjamäki f503386666 Refactoring; replace for loop with std::find_if 2019-04-28 10:07:11 +02:00
Rikard Falkeborn d23e987941 Fix CheckInternal warnings (#1790) 2019-04-06 06:55:46 +02:00
Daniel Marjamäki de4f57ec0f Buffer overflow: Add CTU checking for pointer arithmetic overflows 2019-04-03 06:43:56 +02:00
Daniel Marjamäki c5807459f9 CheckBufferOverrun: Add check for pointer arithmetics 2019-03-31 09:00:52 +02:00
Daniel Marjamäki b5a285319c Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) 2019-03-29 19:37:23 +01:00
Daniel Marjamäki 18aa968a7a Astyle formatting 2019-03-23 19:03:57 +01:00
Daniel Marjamäki 5126e4b1af Try to fix Visual Studio compiler error 2019-03-23 19:02:05 +01:00
Daniel Marjamäki d27a4ad82e CheckBufferOverrun: Fix ctu checking 2019-03-23 15:26:13 +01:00
Daniel Marjamäki a135683d2f Refactoring; Renamed CWE786 and CWE788 2019-03-23 08:41:20 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki 6cbe818f1a Fix uninitialized variable usage 2019-03-19 13:17:27 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Daniel Marjamäki b53a2e5dc4 CheckBufferOverrun: restore minsize code 2019-03-17 20:34:49 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Sebastian 19e9e42dd7
Library: Enhance minsize configuration and allow simple values. (#1736)
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00