Commit Graph

743 Commits

Author SHA1 Message Date
Paul Fultz II 921887a281
Use valueFlowGeneric for valueFlowForwardExpression (#2537) 2020-02-16 16:02:22 +01:00
Daniel Marjamäki e04b9fe4a4 Remove unused functions 2020-02-14 20:37:33 +01:00
Daniel Marjamäki 5f4a900f88 astyle formatting
[ci skip]
2020-02-13 17:04:05 +01:00
Paul Fultz II 7368a54629
Add generic valueflow forward analysis (#2511) 2020-02-13 16:27:06 +01:00
Daniel Marjamäki 3ec03b8915 Fixed #9571 (False positive: containerSize) 2020-02-12 18:53:36 +01:00
Paul Fultz II 8fa7dd0fe0
Fix issue 9595: False positive: Using pointer to temporary doesn't account for const ref extended temporary lifetimes (#2525) 2020-02-10 18:01:11 +01:00
Daniel Marjamäki 2b336ac147 Refactoring; stricter lambda capture 2020-02-01 08:28:18 +01:00
Daniel Marjamäki 6c1cc54671 Refactoring; Avoid template<> 2020-02-01 08:24:31 +01:00
Rikard Falkeborn 0bb98aeef9 Fix 9577 (endless recursion in Valueflow::bifurcate()) (#2492)
Ensure bifurcate() does not recurse endlessly where a variable is
initialized recursively, or a variable is initialized as x(0) or x{0}
followed by a recursive assignment (for example int x(0); x = x / 1;).

The first case is solved by bailing out if there initialization is done
using x(0) or x{0}, the second by adding a missing depth argument to a
recursive call.
2020-01-17 03:17:26 +01:00
Daniel Marjamäki 380cc78077 Clang; Run ValueFlow 2020-01-11 14:00:41 +01:00
Daniel Marjamäki 6b983a9587 Revert ValueFlow changes, there was unexpected problems in testrunner 2020-01-11 13:11:19 +01:00
Daniel Marjamäki 052eaba632 Clang; run ValueFlow analysis 2020-01-11 13:04:51 +01:00
Daniel Marjamäki 96ff57e275 ValueFlow; Refactoring 2020-01-11 09:17:32 +01:00
Daniel Marjamäki a9dbf129f0 Clang import; some small tweaks 2020-01-09 13:52:17 +01:00
Daniel Marjamäki 1589ac5352 Clang import; Set links properly 2020-01-09 12:42:29 +01:00
Paul Fultz II 90f82d0374 Fix issue 9541: false negative: knownConditionTrueFalse (#2473)
* Fix issue 9541: false negative: knownConditionTrueFalse

* Add another test case

* Add another test

* Fix FPs

* Format

* Fix compile error

* Remove double conditions

* Fix compile error
2020-01-05 16:25:33 +01:00
Paul Fultz II e1a97c524d Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index. (#2470)
* Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index.

* Format

* Remove unnecesary condition check
2020-01-04 11:39:52 +01:00
Paul Fultz II 82c91f9484 Fix issue 9550: False positive: Same iterator is used with containers 'x' that are defined in different scopes (#2463) 2019-12-31 08:09:04 +01:00
Paul Fultz II 75de485c4d Fix issue 9551: Out-of-bounds in getLifetimeTokens() (#2461) 2019-12-29 08:23:58 +01:00
Daniel Marjamäki 31bddb6ae0 astyle formatting
[ci skip]
2019-12-26 15:48:29 +01:00
Paul Fultz II ce1fc56e96 Fix issue 6890: ValueFlow: min/max value for variable, after condition (#2460)
* Set bounds when combining values

* Adust bounds when they are negated

* Try to infer conditional values

* Switch false and true

* Fix checking of conditions

* Fix compare

* Fix remaining tests

* Fix overflows
2019-12-26 15:47:53 +01:00
Paul Fultz II 42d44f02a2 Use lifetime analysis for checking mismatching containers (#2456)
* Use lifetimes to check for mismatching containers

* Fix error messages

* Format

* Remove unused variables

* Fix configuration and track iterators through algorithms

* Fix iterator value types in qt config

* Fix library issue with QStringList

* Remove unused functions

* Fix cppcheck errors
2019-12-25 09:32:50 +01:00
Daniel Marjamäki fe23d017f3 Fixed #8419 (False positive accessMoved on int) 2019-12-21 07:39:14 +01:00
Daniel Marjamäki 33ec78fe6e Fixed #9036 (false positive: (style) Condition 's.x<127U' is always true) 2019-12-20 19:06:35 +01:00
Daniel Marjamäki a241be0ecc Fixed #9434 (False positive: Out of bounds access when using const pointer) 2019-12-15 20:10:28 +01:00
Daniel Marjamäki bcfc5924fa Fixed #9532 (False positive: Out of bounds access in expression 'v[0]' because 'v' is empty.) 2019-12-14 19:04:19 +01:00
Rikard Falkeborn 1c92170179 ValueFlow: Remove unused argument (#2442) 2019-12-10 17:48:27 +01:00
Sebastian 95e0b0d0f9
Fix #9510: Crash in valueflow.cpp solveExprValues() (division by zero) (#2420)
`break` if divider `intval` is 0 to avoid division by 0 as suggested by @pfultz2
Trac ticket: https://trac.cppcheck.net/ticket/9510
2019-12-06 08:08:40 +01:00
versat e712df7cb4 Run astyle [ci skip] 2019-12-04 13:53:10 +01:00
Paul Fultz II 36977becba Fix issue 9196: Lambda confuses check (#2415) 2019-12-03 18:30:52 +01:00
Paul Fultz II 79a2e61721 Fix issue 6850: Valueflow: pointer alias, conditional value (#2402) 2019-11-30 09:22:03 +01:00
Paul Fultz II f9d33c07f8 Fix issue 9458: Crash with shadow variables in a lambda (#2406)
* Fix issue 9458: Crash with shadow variables in a lambda

* Format
2019-11-29 09:45:02 +01:00
Paul Fultz II 4ebf54d090 Fix issue 9437: Dont assume init list constructor for strings (#2366)
* Fix issue 9437: Dont assume init list constuctor for strings

* Update the schema

* Add documentation
2019-11-17 03:22:04 +01:00
Paul Fultz II 7841430793 Fix issue 9428: FP uninitvar for pointer passed to sscanf (#2344)
* Add indirect to library cfg files

* Check indirect for non null arguments

* Reenable subfunction analysis

* Use indirect 1 when using not-null

* Parse correct string name

* Update documentation

* Make attribute optional
2019-11-13 12:46:54 +01:00
Paul Fultz II c75bbbe253 Fix issue 9404: False positive: Either the condition 'if(x)' is redundant or there is possible null pointer dereference: a->x (#2322)
* Fix issue 9404: False positive: Either the condition 'if(x)' is redundant or there is possible null pointer dereference: a->x

* Use simpleMatch

* Add a test case for the FP

* Check if expression is changed

* Check for no return scope

* Use simpleMatch
2019-11-08 08:11:41 +01:00
Paul Fultz II 2e955d0f22 Fix issue 9453: False positive: danglingLifetime, address of array argument (#2335) 2019-11-07 09:33:17 +01:00
Paul Fultz II d1f225b8ee Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct (#2303)
* Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct

* Fix capture of non-local variables in lambdas
2019-11-05 07:10:32 +01:00
Paul Fultz II c38bbb75e4 Fix issue 9448: Check for temporaries from library function calls (#2312) 2019-11-03 22:02:10 +01:00
Daniel Marjamäki 6e9d496ab3 ValueFlow: handling of char literal size before ValueType has been set 2019-10-31 14:06:46 +01:00
Paul Fultz II 694d147097 Refactor ProgramMemory and PathAnalysis (#2311)
* Traverse conditions for container size

* Move program memory to seperate file

* Revert "Traverse conditions for container size"

This reverts commit 914783769f.

* Move pathanalysis to seperate files
2019-10-30 17:57:46 +01:00
Rikard Falkeborn f83eb127ae ValueFlow: sizeof string and char literals (#2285) 2019-10-20 21:02:28 +02:00
Daniel Marjamäki 78c02f0505 ValueFlow: Fixed false positives after escape scope 2019-10-20 20:57:16 +02:00
Daniel Marjamäki e50b9e2bef Fixed #8784 (False positive uninitialized variable) 2019-10-20 15:20:05 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Daniel Marjamäki 9a2b71494f ValueFlow: Set value for :: 2019-10-19 21:08:59 +02:00
Daniel Marjamäki e0093c99ce Fixed #9276 (False positive: ValueFlow does not handle return in switch properly.) 2019-10-18 16:16:56 +02:00
Daniel Marjamäki 3a0a0fdefb Fixed #9424 (False positive: known condition after function call) 2019-10-18 08:21:07 +02:00
Daniel Marjamäki 15d7b9c83f Fixed #9347 (FP uninitvar for pointer passed to sscanf) 2019-10-17 17:41:54 +02:00
Ken-Patrick Lehrmann 24211cf8b9 Fix crashes in valueflow (#2236)
* Fix crashes in valueflow

http://cppcheck1.osuosl.org:8000/crash.html

For instance in http://cppcheck1.osuosl.org:8000/styx
```
==19651==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x556f21abc3df bp 0x7ffc140d2720 sp 0x7ffc140d2710 T0)
==19651==The signal is caused by a READ memory access.
==19651==Hint: address points to the zero page.
    #0 0x556f21abc3de in Variable::isGlobal() const ../lib/symboldatabase.h:342
    #1 0x556f221f801a in valueFlowForwardVariable ../lib/valueflow.cpp:2471
    #2 0x556f22208130 in valueFlowForward ../lib/valueflow.cpp:3204
    #3 0x556f221e9e14 in valueFlowReverse ../lib/valueflow.cpp:1892
    #4 0x556f221f1a43 in valueFlowBeforeCondition ../lib/valueflow.cpp:2200
    #5 0x556f2223dbb5 in ValueFlow::setValues(TokenList*, SymbolDatabase*, ErrorLogger*, Settings const*) ../lib/valueflow.cpp:6521
    #6 0x556f220e5991 in Tokenizer::simplifyTokens1(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/tokenize.cpp:2342
    #7 0x556f21d8d066 in CppCheck::checkFile(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::istream&) ../lib/cppcheck.cpp:508
    #8 0x556f21d84cd3 in CppCheck::check(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/cppcheck.cpp:192
    #9 0x556f21a28796 in CppCheckExecutor::check_internal(CppCheck&, int, char const* const*) ../cli/cppcheckexecutor.cpp:884
    #10 0x556f21a24be8 in CppCheckExecutor::check(int, char const* const*) ../cli/cppcheckexecutor.cpp:198
    #11 0x556f22313063 in main ../cli/main.cpp:95
```

* Add test case for crash in valueflow
2019-10-16 20:54:07 +02:00
Paul Fultz II 19cf636a4a Move necessary code into valuetype (#2265)
* Fix parsing of smart pointers

* Improve deduction of return type

* Valuetype computation for decayed pointers
2019-10-12 11:40:02 +02:00