Commit Graph

263 Commits

Author SHA1 Message Date
Paul Fultz II 09c8cfb2ae
Fix 6624: false negative: std::vector out of bounds access not detected (#3980)
* Fix 6624: false negative: std::vector out of bounds access not detected

* Format

* Add test for auto

* Fix tests

* Format
2022-04-07 06:47:15 +02:00
Paul Fultz II 4fde7f8b18
Fix 10449: Regression: knownConditionTrueFalse (strlen/wcslen) (#3977)
* Refactor library function usage

* Evaluate library function in program memory

* Fix and add tests

* Format
2022-04-06 06:35:38 +02:00
Daniel Marjamäki 3989408738 Update copyright year 2022-02-05 11:45:17 +01:00
Oliver Stöneberg 171da2e6f9
avoid dependency on transitive includes - based on include-what-you-use (#3757) 2022-01-27 19:03:20 +01:00
Oliver Stöneberg 55ff684f34
added unusedFunction self check to CI / cleanups (#3526) 2022-01-18 22:02:25 +01:00
Daniel Marjamäki 77434d093e SymbolDatabase: Do not set wrong type for std::map etc items in range for loop 2021-12-11 15:16:54 +01:00
Paul Fultz II 8668d445c7
Add support for string_view (#3480) 2021-10-05 08:28:19 +02:00
Paul Fultz II 865163b2ba
Add library configurations for free functions like std::size, std::empty, etc (#3410) 2021-08-23 09:03:48 +02:00
Paul Fultz II fdaeaacc40
Symboldatabase: Improve valuetypes for containers, iterators, and smart pointers (#3398) 2021-08-14 19:00:58 +02:00
Paul Fultz II 7f358b2bed
Format with uncrustify (#3388) 2021-08-07 20:51:18 +02:00
Daniel Marjamäki b1547a387e astyle formatting
[ci skip]
2021-07-21 20:13:38 +02:00
Paul Fultz II 8efe1d4ab4
Find reference to dangling unique ptr (#3344) 2021-07-20 21:30:27 +02:00
Daniel Marjamäki ce58748690 library: add attribute strlen-arg for <not-overlapping-data> 2021-07-09 13:25:01 +02:00
Daniel Marjamäki 6234b5438e New check: Writing overlapping data, detect undefined behavior 2021-07-05 22:07:41 +02:00
Daniel Marjamäki e1dd04c536 Fixed make checkcfg 2021-05-01 19:17:07 +02:00
Daniel Marjamäki e78612d280 Refactoring; Use TinyXml methods to parse bool/int attribute values 2021-05-01 18:40:20 +02:00
Paul Fultz II 563c9dd9cc
Fix issue 10208: FP: knownConditionTrueFalse in for loop with function that assigns by ref (#3198) 2021-04-18 21:42:27 +02:00
Daniel Marjamäki 42437277dc Update Copyright year 2021-03-21 20:58:32 +01:00
Oliver Stöneberg e8b8cfec78
some minor optimizations (#3057) 2021-01-28 22:18:17 +01:00
Oliver Stöneberg 7aa85aa408
Use std::unordered_* containers for faster lookups (#3052) 2021-01-16 13:52:09 +01:00
Rikard Falkeborn bedf3118ef
library: Refactor to use enum class (#3026) 2021-01-08 10:29:01 +01:00
Daniel Marjamäki b94a6d595a Fixed #9295 (ValueFlow: Does not handle noreturn function) 2020-12-28 20:00:35 +01:00
Georgy Komarov 80dee36e68
library: Add new warning: ignoredReturnErrorCode (#2877)
* library: Add optional "type" attribute to "use-retval"

Added an optional "type" attribute to "use-retval" nodes in the
configuration. When the return type of a function configured with
`<use-retval type="error-code"\>` node does not used, the new style
error "ignoredReturnErrorCode" will be generated.

* Fix and improve patch after the initial review

* Fixed severity level and [[nodiscard]] attribute

* Fix incorrect condition

* Remove redundant condition
2020-11-05 13:35:52 +01:00
Daniel Marjamäki 6c588cc3ef Library: Refactoring <alloc> init attribute 2020-06-28 21:01:43 +02:00
orbitcowboy 258d0a6ade Running astyle [ci skip]. 2020-06-12 16:08:40 +02:00
orbitcowboy 9f445fc735 Library: simplified code and added test cases for validating <valid>-tag expressions 2020-06-12 16:06:43 +02:00
orbitcowboy a3d58a9302 std.cfg: Allow scientific floating point notation for '<valid>'-tags 2020-06-12 08:51:33 +02:00
Daniel Marjamäki ca8b5f49f3 library: fixed handling of indirect attribute 2020-06-07 20:18:54 +02:00
Daniel Marjamäki 5a4b309e6f Bug hunting: Add 'buffer overflow' check. Detect CVE-2019-19334 2020-05-23 17:50:24 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Paul Fultz II a22a77c1fc
Use library config for unstable containers instead of hardcoded values (#2585)
* Use library config for unstable containers instead of hardcoded values

* Fix xml validation
2020-04-03 13:16:57 +02:00
Daniel Marjamäki 747a01f74d Verification; Check function argument values 2019-12-23 22:10:43 +01:00
Sebastian c3c3d6770c
Fix #9478: Valueflow: printf does not change value (#2388)
Format-string arguments are now marked to have `in` direction, except
for `scan`-functions (like `scanf`) where these arguments are explicitly
marked to have `out` direction.
2019-11-24 01:40:31 +01:00
Sebastian c990d10ffa
Check for JSON error when parsing addon .json files + fixes (#2374)
* cppcheck.cpp: Check for JSON error when parsing addon .json files

This fixes that errors in JSON files given via `--addon=*.json` are
silently ignored and maybe only a part of the JSON file is used.
Now the error message which picojson can return is checked and a
corresponding error message is returned again by getAddonInfo().

* naming.json: Fix missing comma

* CLI: Fix naming violations detected by addon naming.py via naming.json

* Addon naming: Add argument for validating names of constants

* LIB: Rename functions/variables so they are valid, loosen naming rules

* GUI: Fix naming violations
2019-11-20 15:37:09 +01:00
Daniel Marjamäki f5e3dc9a38 Improved fix for #8978 (False positive: Variable assigned value that is never used when assigning via iterator) 2019-11-17 12:08:21 +01:00
Paul Fultz II 4ebf54d090 Fix issue 9437: Dont assume init list constructor for strings (#2366)
* Fix issue 9437: Dont assume init list constuctor for strings

* Update the schema

* Add documentation
2019-11-17 03:22:04 +01:00
Paul Fultz II 7841430793 Fix issue 9428: FP uninitvar for pointer passed to sscanf (#2344)
* Add indirect to library cfg files

* Check indirect for non null arguments

* Reenable subfunction analysis

* Use indirect 1 when using not-null

* Parse correct string name

* Update documentation

* Make attribute optional
2019-11-13 12:46:54 +01:00
Paul Fultz II c61880c457 Search relative path first before install path (#2328) 2019-11-05 07:09:59 +01:00
Daniel Marjamäki 69a54b0ee9 Library: added 'stdtype' attribute in <podtype> element so we can configure standard types better 2019-09-29 16:48:25 +02:00
Oliver Stöneberg eac040a00b Various clang-tidy fixes (#2192)
* use range loops

* removed redundant string initializations

* use nullptr

* use proper boolean false

* removed unnecessary continue from end of loop

* removed unnecessary c_str() usage

* use emplace_back()

* removed redundant void arguments
2019-09-25 15:25:19 +02:00
Oliver Stöneberg de9f489b08 use range loops / constness (#2181)
* use range loops / constness

* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
Daniel Marjamäki a17f2a6f05 Compiling/Installing : The CFGDIR parameter was removed. Use FILESDIR instead. 2019-08-17 10:53:07 +02:00
Paul Fultz II ef714225bb Use library to track container lifetimes 2019-08-15 21:14:54 +02:00
Daniel Marjamäki 9973db3a71 Modernize: Use enum class for Library::Action and Library::Yield 2019-07-17 11:39:30 +02:00
Daniel Marjamäki 783f7f1648 Rename safeValues to unknownValues 2019-07-11 16:05:48 +02:00
Daniel Marjamäki 45844ef962 Try to fix appveyor. Replace int64_t with MathLib::bigint. 2019-07-10 21:26:20 +02:00
Daniel Marjamäki 05d35b063d Function return: Extra check of safe function return values 2019-07-10 20:00:21 +02:00
Rikard Falkeborn 839fcddd8a Fix #6115 (Add support to realloc to cfg files) (#1953)
* Allow to configure realloc like functions

* memleakonrealloc: Bring back tests.

The old memleak checker was removed, and the tests for it was removed in
commit 9765a2dfab. This also removed the
tests for memleakOnRealloc. Bring back those tests, somewhat modified
since the checker no longer checks for memory leaks.

* Add realloc to mem leak check

* Add tests of realloc buffer size

* Configure realloc functions

* Add test of freopen

* Allow to configure which element is realloc argument

* Fix wrong close in test

cppcheck now warns for this

* Update manual

* Update docs

* Rename alloc/dalloc/realloc functions

Naming the member function realloc caused problems on appveyor. Rename
the alloc and dealloc functions as well for consistency.

* Change comparisson order

* Remove variable and use function call directly

* Create temporary variable to simplify

* Throw mismatchError on mismatching allocation/reallocation

* Refactor to separate function

* Fix potential nullptr dereference

As pointed out by cppcheck.
2019-07-05 12:44:52 +02:00
Paul Fultz II 091f4bcf8d Add check for unnecessary search before insertion
This will warn for cases where searching in an associative container happens before insertion, like this:

```cpp
void f1(std::set<unsigned>& s, unsigned x) {
    if (s.find(x) == s.end()) {
        s.insert(x);
    }
}

void f2(std::map<unsigned, unsigned>& m, unsigned x) {
    if (m.find(x) == m.end()) {
        m.emplace(x, 1);
    } else {
        m[x] = 1;
    }
}
```

In the case of the map it could be written as `m[x] = 1` as it will create the key if it doesnt exist, so the extra search is not necessary.

I have this marked as `performance` as it is mostly concerning performance, but there could be a copy-paste error possibly, although I dont think thats common.
2019-05-02 11:04:23 +02:00
Daniel Marjamäki 1d12136b59 Fixed Cppcheck uninitStructMember warnings 2019-04-30 20:45:48 +02:00
Daniel Marjamäki 2513c1499b Library: Added <smart-pointer> element 2019-04-24 13:06:58 +02:00
Paul Fultz II a90caa7e5a Fix issue 9006: False positive: Return value of function std::move() is not used.
This is trying to fix the issue by fixing the ast and symbol database. First, the ast nodes will be created for the init list and the symbol database will not mark it as a scope. I am not sure if this is the correct approach as I dont really understand how the AST part works.

It did change the AST for `try {} catch (...) {}` but that is because it incorrectly treats `try {}` as an initializer list.
2019-04-15 06:37:27 +02:00
Oliver Stöneberg 16ebb90b32 library.cpp: optimized Library::detectContainer() (#1778)
* library.cpp: optimized Library::detectContainer()

reduces Ir from 5882 to 1149 according to callgrind

* fixed hang in tests
2019-04-06 06:42:01 +02:00
Sebastian d233b56d58
Fix #9079 (make checkcfg crashes on Linux) (#1769)
temp.bufferSizeArg2 was not initialized when only bufferSizeArg1
was specified or the value was out of range. But in valueflow.cpp in
valueFlowDynamicBufferSize() it was used as if it is always initialized
and has a sane value (greater than 0).
2019-03-30 05:58:23 +01:00
Daniel Marjamäki 55433fce40 Library: added bufferSize parameters 2019-03-20 19:26:57 +01:00
Daniel Marjamäki 14528bcf25 Library: allowed values for the buffer-size attribute: malloc/calloc/strdup 2019-03-20 06:46:55 +01:00
Sebastian 19e9e42dd7
Library: Enhance minsize configuration and allow simple values. (#1736)
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
Daniel Marjamäki 18668a52b9 Library: Added buffer-size attribute for <alloc> 2019-03-17 10:55:15 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Sebastian 9a5fcddb5d
Library configuration: Enable configuring the direction of arguments. (#1717)
This enhances the library configuration so the direction of function
arguments can be specified (in, out, inout).
isVariableChangedByFunctionCall() uses this information now to avoid
guessing.
2019-03-01 15:47:08 +01:00
PKEuS 8af3708aa3 Optimization: Library does not need to store "#define " substring for each define 2019-02-28 22:34:26 +01:00
Sebastian c8a7a4c653
library.cpp: WarnInfo: Fix crash (#1697)
If no 'alternatives' argument was specified and the `<warn/>` element
did not contain any text Cppcheck crashed because of a null pointer
access.
If there is no 'reason' and no 'alternatives argument and also no text loadFunction() returns with an error.
2019-02-28 06:19:42 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Sebastian 4b1544d33b
library.cpp: Let tinyxml2 print a helpful error message when XML is bad (#1609)
In case the XML code of a library configuration is invalid Cppcheck now additionally prints out some helpful error description like this:
"Error=XML_ERROR_MISMATCHED_ELEMENT ErrorID=16 (0x10) Line number=304: XMLElement name=noreturn"
2019-01-18 17:10:41 +01:00
Daniel Marjamäki b3e6ecd827 Library: Make loading of cfg files more robust. Saw a problem to use --library=gtk when the current folder has a folder 'gtk' 2018-12-24 08:37:33 +01:00
Daniel Marjamäki 866d198756 Fixed #8697 (noreturn output stream) 2018-08-21 06:32:33 +02:00
Daniel Marjamäki 7c4820e047 Rename Library::isargvalid() 2018-07-15 23:05:48 +02:00
rikardfalkeborn 491ee577c6 Support floats in valid config (#1297)
* Add tests for invalid ranges

* Refactor loadLibErrors

This reduces the amount of code slightly and will simplify adding
more tests.

* Handle empty valid field

Before this change, the sequence <valid></valid> in a config file would
result in a segmentation fault. Now an empty field results in the error
message:

cppcheck: Failed to load library configuration file 'mycfg.cfg'. Bad attribute value '""'

* Add support for valid for floating point arguments

Previously, it was not possible to add valid ranges to floating point
arguments since it only handled integers. This made ranges not work well
for floating point arguments since arguments were cast to integers
before the ranges were handled.

Fix this by using doubles instead of integers if the argument is a float.
Add some tests for this and make sure errors are printed with enough
precision (somewhat arbitrarily chosen).

Note that it is still only possible to add integer ranges (i.e. -1:1).

* Add support for floats in configuration valid range

Now that it is possible to handle decimal arguments, there is no reason
to not allow non-integer ranges. Take care to not allow broken
configurations.

* Move check to within if-clause

* Move asin{,f,l} and acos{,f,l} input checks to config file
2018-07-15 22:47:56 +02:00
Daniel Marjamäki 39857220ce Refactoring: Use range for loops 2018-07-15 15:08:35 +02:00
Daniel Marjamäki 2a8296879c CheckOther: Use Variable::valueType() instead of Variable::typeStartToken 2018-06-23 16:42:36 +02:00
Daniel Marjamäki 610b26bfbc Rename private member _platform_types 2018-06-17 16:58:28 +02:00
Daniel Marjamäki 074177fc6e Rename private member variables 2018-06-17 16:55:02 +02:00
Daniel Marjamäki dbf89856c0 Renamed Library private member variables 2018-06-17 16:39:10 +02:00
Daniel Marjamäki fb8e970419 Rename _alloc 2018-06-17 16:32:08 +02:00
Daniel Marjamäki 78974e9267 Rename _type to mType 2018-06-16 20:25:54 +02:00
Daniel Marjamäki d08b6e02b7 renamed _files to mFiles 2018-06-16 16:23:55 +02:00
Paul Fultz II 2a657cfd08 Check for double frees when using smart pointers (#1172)
* Check for double frees when using smart pointers

* Some updates from feedback

* Add test for mismatch allocation

* Constants

* Check smart pointer deleter

* Switch order

* Use next

* Add owned state

* Fix handling of leaks

* Use ast for checking addressof operator

* Remove stray character

* Add a test for mismatch allocator

* Add another test for deallocating with custom function
2018-04-16 11:11:13 +02:00
PKEuS d2146844dd Refactorizations:
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
jrp2014 b6504c70ca Improve constness 2018-04-04 21:51:31 +02:00
Daniel Marjamäki 7e4dba6a7e Updated copyright year 2018-03-31 20:59:09 +02:00
Daniel Marjamäki e65a5529ad astyle formatting
[ci skip]
2018-03-24 12:30:11 +01:00
Paul 43be20a824 Check more opposite conditions 2018-03-24 07:58:37 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Daniel Marjamäki 1656ecd73b Revert changes I committed by mistake 2017-10-11 17:15:28 +02:00
Daniel Marjamäki cc82288ff6 Travis: Suppress false positive 2017-10-11 17:14:02 +02:00
Daniel Marjamäki b81b4fcb78 Fixed #8208 (CheckCondition: Use Library to determine if function is const) 2017-09-08 18:08:32 +02:00
Daniel Marjamäki 9eed9adf3c Fixed CID 1361393, logically dead code in return statement 2017-09-02 10:49:29 +02:00
Dmitry-Me 7bd3dc5da6 Simplify array access with references 2017-08-28 18:19:03 +03:00
Ayaz Salikhov b8cd7dbb5c Use nullptr instead of 0 or NULL (#936) 2017-08-09 20:00:26 +02:00
uburuntu f4ce49d883 ENH: perfomance: using clear() and empty() more faster for stl containers 2017-06-02 22:38:00 +04:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 1faca91c1d Added 'endsWith' utility function. This will make compiling the democlient easier. 2017-04-01 18:14:18 +02:00
PKEuS 2938278f00 Refactorization: Store minsizes in vector instead of list which has less overhead 2017-03-27 17:53:43 +02:00
PKEuS 92414b923a Library: Support variadic functions which are not a formatstr-function 2017-03-14 17:41:34 +01:00
PKEuS 2f0db369f0 Refactorization: Avoid construction of empty strings by using emptyString 2017-03-01 10:50:50 +01:00
PKEuS 40401534d7 Refactorized Library 2016-12-06 14:50:27 +01:00
PKEuS 2f6350a0d0 Refactorized Library 2016-12-06 14:09:28 +01:00
PKEuS 6e8ac13325 Refactorization:
- Optimized std::string usage
- Replaced list by vector
- Moved iterator into loop head
- Ran AStyle
2016-12-05 17:45:34 +01:00