Commit Graph

258 Commits

Author SHA1 Message Date
Paul 264c0cae8b Formatting 2020-09-04 11:59:30 -05:00
Paul bb37b07def Extend lifetimes to subfunctions 2020-09-04 11:56:34 -05:00
Paul Fultz II 0a718694af
Fix issue 9852: False positive: danglingTemporaryLifetime when returning a vector of vectors (#2766) 2020-09-01 11:21:29 +02:00
Paul e2a81a382f Track reading aliases during valueflow forward 2020-07-19 23:25:35 -05:00
Paul Fultz II eb4754b7d9
Fix issue 9587: False positive: parameter can be declared with const (#2667) 2020-05-31 10:10:10 +02:00
Oliver Stöneberg 37bc0483a4
made check.h less heavy (#2633) 2020-05-23 07:16:49 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Paul Fultz II 453a69dd8c
Fix issue 9677: False positive: returning pointer to oject that will not be invalid (#2607)
* Fix issue 9677: False positive: returning pointer to oject that will not be invalid

* Formatting
2020-04-18 09:23:10 +02:00
orbitcowboy acdc62f8f0 Formatted the code. There are no functional changes [ci skip] 2020-03-26 17:03:21 +01:00
Paul Fultz II 5462e43161
Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning (#2576)
* Follow reference when tracking local variables

* Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning
2020-03-23 22:54:53 +01:00
Daniel Marjamäki a5a294cf13 Code cleanup 2020-01-25 18:11:54 +01:00
Daniel Marjamäki f911495db3 Clang import; Handle clang-9 while loop better 2020-01-25 16:10:13 +01:00
Daniel Marjamäki 7db54bde6f Run normal checks on --clang output 2020-01-24 18:04:39 +01:00
Paul Fultz II d1f225b8ee Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct (#2303)
* Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct

* Fix capture of non-local variables in lambdas
2019-11-05 07:10:32 +01:00
Paul Fultz II c38bbb75e4 Fix issue 9448: Check for temporaries from library function calls (#2312) 2019-11-03 22:02:10 +01:00
Paul Fultz II 4eb4762d95 Extend lifetime checking to temporaries (#2242)
* Use lifetimes to check for returning reference to temporaries

* Check for dangling temporaries

* Check for unknown types for returining by reference

* Remove old returnTemporary check

* Format

* Check for deref op

* Ternary operator return an lvalue reference

* Warn when returning temporaries from member functions

* Improve handling of pointer to function

* Extend lifetimes of const references
2019-10-08 09:28:39 +02:00
Paul Fultz II ba037837c9 Track lifetime across multiple returns
This will now warn when doing something like this:

```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
    auto it = t.find(k);
    if (it == t.end()) return v;
    return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
    auto x = 0;
    return get_default(m, k, x);
}
```

The lifetime warning is considered inconclusive in this case.

I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
2019-09-11 19:25:09 +02:00
Paul Fultz II 4f76588f98 Fix issue 9275: False positive: Non-local object uses local variable (#2084) 2019-08-14 20:09:33 +02:00
Paul Fultz II a08a9c1349 Switch to use lifetime analysis for iterators and pointers to invalid containers
This will diagnose more issues such as:

```cpp
void f(std::vector<int> &v) {
    auto v0 = v.begin();
    v.push_back(123);
    std::cout << *v0 << std::endl;
}
```
2019-07-18 10:56:44 +02:00
Daniel Marjamäki 32eda27391 Refactoring: Use enum class 2019-07-16 10:51:26 +02:00
Daniel Marjamäki 5175bda774 Use 'nonneg' instead of 'unsigned' in checkautovariables 2019-07-15 13:33:29 +02:00
Paul Fultz II b0d10273ed Fix issue 3695: Handle class pointers
This switches to use lifetime analysis to check for assigning to non-local variables:

```cpp
class test
{
public:

  void f()
  {
    int x;
    this->ptr = &x;
  }

protected:
  int *ptr;
};
```
2019-07-07 10:16:19 +02:00
Rikard Falkeborn 839fcddd8a Fix #6115 (Add support to realloc to cfg files) (#1953)
* Allow to configure realloc like functions

* memleakonrealloc: Bring back tests.

The old memleak checker was removed, and the tests for it was removed in
commit 9765a2dfab. This also removed the
tests for memleakOnRealloc. Bring back those tests, somewhat modified
since the checker no longer checks for memory leaks.

* Add realloc to mem leak check

* Add tests of realloc buffer size

* Configure realloc functions

* Add test of freopen

* Allow to configure which element is realloc argument

* Fix wrong close in test

cppcheck now warns for this

* Update manual

* Update docs

* Rename alloc/dalloc/realloc functions

Naming the member function realloc caused problems on appveyor. Rename
the alloc and dealloc functions as well for consistency.

* Change comparisson order

* Remove variable and use function call directly

* Create temporary variable to simplify

* Throw mismatchError on mismatching allocation/reallocation

* Refactor to separate function

* Fix potential nullptr dereference

As pointed out by cppcheck.
2019-07-05 12:44:52 +02:00
Paul Fultz II 8a1c0dd017 Fix FP with non-local variable referencing a non-local variable (#1864) 2019-06-02 10:21:26 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Paul Fultz II 8c03be3212 Fix issue 9077: False positive: Returning pointer to local variable (#1821)
* Avoid implicit conversion for lifetimes

* Fix issue 9077

* Add more tests

* Rename function

* Fix implicit conversion with containers

* Format

* Fix crash
2019-05-05 11:40:59 +02:00
Paul Fultz II 774464eabb Fix issue 8996: False positive duplicateCondition
This fixes issue 8996 by improving the alias checking by using lifetime analysis. It also extends the lifetime checker to handle constructors and initializer lists for containers and arrays.
2019-03-19 06:25:10 +01:00
Daniel Marjamäki 92485245ce Restore severity for 'autoVariables' 2019-03-15 15:13:11 +01:00
Daniel Marjamäki 3656f1ae4f Auto variables: Fix false negatives for normal tokens 2019-03-14 13:51:35 +01:00
Daniel Marjamäki 6eeee743d2 Auto variables: Minor cleanup 2019-03-14 06:41:11 +01:00
Daniel Marjamäki e17ddfd964 Changed AST for variable declarations with initializations 2019-03-09 19:09:15 +01:00
Paul Fultz II 507c7a4388 Improvement to lifetime tracking of addressof and derefencing
This will now warn for cases like this:

```cpp
auto& f() {
    std::vector<int> x;
    return x[0];
}
```

It also improves the handling of address of operator, so it can now warn across some function calls, like this:

```cpp
int& f(int& a) {
    return a;
}
int* hello() {
    int x = 0;
    return &f(x);
}
```
2019-02-22 06:38:56 +01:00
Kamil Dudka 2908593cf6 checkautovariables: eliminate false positives on assignment of &ptr->item (#1667)
Even if `ptr` is a local variable, the object `ptr->item` might be not.
So taking address of `ptr->item` is definitely not unsafe in general.

This commit fixes false positives triggered by commit
1.85-249-gf42648fe2 on the following code of sssd:

https://github.com/SSSD/sssd/blob/d409df33/src/sbus/request/sbus_request.c#L359
2019-02-18 09:35:07 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II 165a22ed0f Lifetime: Support analysis with functions that do not return a reference (#1632)
* Initial support for function return

* Add test case

* Add support for reference parameters

* Format
2019-01-29 09:47:52 +01:00
Paul Fultz II d6aaf401df Lifetime: Follow functions that return references
This will now warn for cases like this:

```cpp
int& f(int& a) {
    return a;
}
int& hello() {
    int x = 0;
    return f(x);
}
```
2019-01-26 11:03:57 +01:00
Paul Fultz II 3975913637 Extend lifetime checking for references
This will use the lifetime checker for dangling references. It will find these cases for indirectly assigned reference:

```cpp
int &foo()
{
    int s = 0;
    int& x = s;
    return x;
}
```

This will also fix issue 510 as well:

```cpp
int &f( int k )
{
    static int &r = k;
    return r;
}
```
2019-01-23 07:29:16 +01:00
versat 991191450a astyle formatting
[ci skip]
2019-01-11 12:56:31 +01:00
Paul Fultz II 921f6e4313 Fix issue 8883: False positive: returnDanglingLifetime with local struct or class (#1585) 2019-01-11 09:51:02 +01:00
Paul Fultz II 229c45e7f8 Fix issue 8865: FP with dangling lifetime
This fixes:

```cpp
void f(uint32_t event, unsigned long op, const xen_ulong_t *args)
{
    struct __packed {
        uint32_t op;
        uint32_t args[6];
    } d;
    uint32_t *a = d.args;
}
```
2018-12-01 19:07:46 +01:00
Daniel Marjamäki f42648fe22 Fixed #8114 (false positive: Address of local auto-variable assigned to a function parameter.) 2018-12-01 10:11:02 +01:00
Paul Fultz II f16d9d7d90 Issue 6175: Check lifetime of a variables stored in containers and member variables
Cppcheck will now warn for all cases here:

```cpp
#include <vector>
class CCluster {};
class MyClass
{ public:
    std::vector<CCluster*> m_cluster;
    void createCluster()
    {
        CCluster cl;
        CCluster* pcl=&cl;
        m_cluster.push_back(pcl);
    }
    void createCluster2()
    {
        CCluster cl;
        m_cluster.push_back(&cl);
    }
    CCluster* Cluster()
    {
        CCluster cl;
        CCluster* pcl=&cl;
        return pcl;
    }
    CCluster* Cluster2()
    {
        CCluster cl;
        return &cl;
    }
};

```
2018-11-21 08:43:57 +01:00
Paul Fultz II 7ef119cbfc Fix FPs in lifetime checker
This fixes several FPs in the lifetime checker. It also fixes issue [8846](https://trac.cppcheck.net/ticket/8846):

```cpp
int * f(int a[])
{
        return a;
}
```
2018-11-17 09:41:59 +01:00
Paul Fultz II 54453c5802 Fix FP when copying pointer to string (#1479) 2018-11-14 06:59:25 +01:00
Daniel Marjamäki f096d7f474 astyle formatting
[ci skip]
2018-11-12 10:08:57 +01:00
Paul Fultz II 0e11bb07c8 Extend lifetime analysis to pointer usage (#1477)
* Use lifetime analysis for pointers as well

* Fix issue 1143: Pointer to local array

* Update message when using pointers

* Avoid infinite loop in tracing lifetimes
2018-11-12 10:08:17 +01:00
Paul Fultz II 68d6b96878 Diagnose invalid lifetimes (#1475)
* Add check for invalid lifetimes

* Fix FP with member variables

* Dont forward lifetime values in subfunction

* Update message to use out of scope
2018-11-11 16:43:54 +01:00
Daniel Marjamäki ee2dfb6604 Fixed #8058 (False positive returnAddressOfAutoVariable within lambda) 2018-11-11 07:52:38 +01:00
Daniel Marjamäki d5a478d5c5 astyle formatting
[ci skip]
2018-11-10 21:30:01 +01:00
Paul Fultz II 1ffcc6b730 Add initial lifetime checker (#1448)
* Inital valueflow lifetime checker

* Forward values

* Add initial tests

* Fix deplicate messages

* Fix traversing nested lambdas

* Turn test case into a todo

* Skip if returning a container

* Fix FP when using references

* Add missing header

* Fix FP from broken scopes

* Fix FP with static variable

* Add test for more FPs

* Parse lambda functions

* Check for capture by value

* Add tests for using a container and lambda together

* Fix cppcheck errors

* Add test for nextAfterAstRightmostLeaf

* Add valueflow tests

* Update error message

* Check for correct lambda token

* Improve error path reporting

* Fix hang when parsing arrays that look almlost like lambdas
2018-11-10 16:40:40 +01:00
Daniel Marjamäki fb76ef1db1 Fixed testrunner 2018-11-03 18:59:55 +01:00
Daniel Marjamäki 66ca03fa0c Fixed #8826 (false negative: Invalid memory address freed) 2018-11-03 18:55:20 +01:00
Daniel Marjamäki 43233e72b2 Fixed #8691 (False negative for uselessAssignmentArg) 2018-08-17 19:56:36 +02:00
Daniel Marjamäki a4fdef8d9e Refactoring; Use Token::isUnaryOp() to clarify code 2018-07-13 23:02:52 +02:00
Daniel Marjamäki d0819e4792 Reuse isVariableChanged() in auto variables 2018-06-24 08:55:23 +02:00
Daniel Marjamäki cde63c7573 Use Variable::valueType instead of Variable::typeStartToken in auto variables 2018-06-24 08:25:19 +02:00
Daniel Marjamäki 79ffe1d4fc Rename _tokenizer, _settings, _errorLogger 2018-06-16 16:10:28 +02:00
Daniel Marjamäki f336c2efe7 Refactoring; Renamed Scope::classStart and Scope::classEnd 2018-04-27 22:36:30 +02:00
Daniel Marjamäki 2073bd02d8 Refactoring: Use range for loop 2018-04-20 22:13:05 +02:00
Daniel Marjamäki a0906140a6 Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName. 2018-04-09 06:43:48 +02:00
Daniel Marjamäki c110770481 Fixed #8325 (False negative: address of auto variable being returned when assigned to another variable first) 2018-01-27 14:48:45 +01:00
Daniel Marjamäki cb297a00fc Auto variables: Assign address of local variable to global pointer (#6825) 2018-01-25 22:50:41 +01:00
Daniel Marjamäki 599e038282 AutoVariables: Warn when address of local array is assigned to global pointer and pointer is not reassigned 2018-01-24 21:33:58 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
PKEuS 817f66d74d Fixed crash on garbage code (#8317) 2018-01-07 12:52:28 +01:00
Ayaz Salikhov 64eccd780c Don't use static where not needed (#952) 2017-09-07 13:01:07 +02:00
Daniel Marjamäki 59034e17f1 Refactoring, reuse code to skip lambda functions 2017-08-29 22:35:55 +02:00
Ayaz Salikhov 3cd2f2d092 Don't cast bool to bool 2017-06-01 01:49:40 +03:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
PKEuS b1f4bd7504 Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set (#7995) 2017-04-11 11:49:26 +02:00
PKEuS 3c8f5b85ae Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10% 2017-03-27 18:48:34 +02:00
Daniel Marjamäki f68fa72095 Fixed #7583 (Defect: False positive '(error) Reference to temporary returned') 2017-02-26 13:41:49 +01:00
PKEuS ea53bd22b7 Fixed false positive returnTempReference with operator++ (#7874) 2016-12-22 11:49:59 +01:00
Daniel Marjamäki aaf19c1e4f Fixed #7839 (Prefix increment triggers parameter modification warning) 2016-12-19 15:25:36 +01:00
Daniel Marjamäki 4388435ce1 Revert "checkautovariable: fix #7818, crash when accessing nullpointer tok2->next()."
This reverts commit a5d32aa7a5.
2016-11-20 17:21:56 +01:00
Matthias Krüger a5d32aa7a5 checkautovariable: fix #7818, crash when accessing nullpointer tok2->next().
Not test case added yet because I failed to add it as .h files to testgarbage.
2016-11-16 14:46:37 +01:00
Daniel Marjamäki 4732667488 ValueFlow: allow more value types 2016-11-13 22:33:39 +01:00
PKEuS 1715969f6f Support prefix-increment/decrement in CheckAutoVariables::assignFunctionArg() (#3177) 2016-10-10 21:34:40 +02:00
Alexander Mai d492500f34 #5844 False positive: returnReference fp for inner lambda function 2016-05-20 23:46:56 +02:00
Roberto Martelloni d3645d874e Mapped toomanyconfigs ,AssignmentAddressToInteger
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00
PKEuS 23ad881c64 Fixed false positive returnLocalVariable (#7180) 2016-01-30 20:18:12 +01:00
Daniel Marjamäki 5e10e680da CWE: refactoring. use constants instead of magic numbers. 2016-01-25 20:01:48 +01:00
Roberto Martelloni bb6880919c CWE mapping 2016-01-15 17:07:14 +01:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Daniel Marjamäki 0f9d90d2be Changed Copyrights. Removed my name. 2015-11-18 20:04:50 +01:00
Daniel Marjamäki 71bf0f076f CheckAutoVariables: Handle 'x-y' better in isAutoVarArray 2015-11-15 19:34:36 +01:00
Daniel Marjamäki 4e578af603 CheckAutoVar: Improved usage of AST and ValueFlow 2015-11-15 14:48:13 +01:00
Daniel Marjamäki c10a10c26f CheckAutoVariables: use ValueFlow to detect more errors when pointer aliases are used 2015-11-15 12:10:35 +01:00
Daniel Marjamäki ad0d23036c Fixed some cppcheck warnings about methods that can be static/const 2015-11-14 18:43:07 +01:00
PKEuS a8cf63239a Fixed false positive autovarInvalidDeallocation if deallocting result of member function (#6551) 2015-11-11 16:59:31 +01:00
Daniel Marjamäki 47f64df8aa minor refactoring 2015-09-09 10:08:37 +02:00
Simon Martin 59abb04042 Ticket #6596: Address of local variables can also be assigned to pointer-pointer arguments using the ptr[] syntax. 2015-08-28 20:29:51 +02:00
PKEuS 7bb79562e9 Skip inner classes in CheckAutoVariables::returnReference() (#6951) 2015-08-26 13:31:51 +02:00
PKEuS 6b4a0a5ed7 Merge pull request #652 from Dmitry-Me/mergeIdenticalMAtches
Merge identical matches
2015-08-26 11:38:50 +02:00
Dmitry-Me 77317c3373 Merge identical matches 2015-08-26 10:43:15 +03:00
Simon Martin 6fb19b02d0 Properly differentiate arrays of pointers and pointers to arrays. 2015-08-25 21:19:19 +02:00
PKEuS 4d80df2f4a Added pointer to Type to Token (similar to Token::Variable() and Token::function()):
- Accessible via Token::type()
- Renamed former Token::type() to Token::tokType()
- Removed SymbolDatabase::isClassOrStruct()
2015-08-15 11:19:21 +02:00
PKEuS a297a03b64 Fixed false positive #6787: Skip over lambdas in CheckAutoVariables::returnReference() 2015-08-14 13:03:07 +02:00