amai2012
eba1b0881d
Minor refactoring: use nullptr (instead of 0/NULL), change signature of Tokenizer::createTokens
2016-05-07 16:30:54 +02:00
Roberto Martelloni
d3645d874e
Mapped toomanyconfigs ,AssignmentAddressToInteger
...
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00
Dmitry-Me
26788a1dc1
Remove repeated code, better variable name
2016-01-15 17:20:40 +03:00
Lauri Nurmi
996c9244d8
Update copyright year to 2007-2016.
2016-01-01 15:34:45 +02:00
PKEuS
e8522c7883
Small refactorizations:
...
- #include cleanup
- Use std::array instead of std::vector
- Do not create a stringstream to concatenate 4 strings
- Use std::cout instead of printf
2015-11-29 10:56:44 +01:00
Daniel Marjamäki
0f9d90d2be
Changed Copyrights. Removed my name.
2015-11-18 20:04:50 +01:00
Daniel Marjamäki
48da1d5396
Refactoring CheckBufferOverrun
2015-11-08 12:39:08 +01:00
PKEuS
1a266315f1
Removed some unused code
2015-08-15 19:17:25 +02:00
Alexander Mai
2c73518e29
Fix platform-dependent test result, formatting and crash in whole program analysis
2015-06-28 17:54:48 +02:00
Daniel Marjamäki
baa1ae079d
New check: negative size in array declaration. Ticket #1760
2015-05-03 15:00:47 +02:00
Alexander Mai
6a7605271a
Fix compiler warning. Add interfaces of POSIX passwd.h and pwd.h to posix.cfg
2015-02-18 20:56:44 +01:00
Daniel Marjamäki
9aad4fa8ca
CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead
2015-02-12 17:29:36 +01:00
Daniel Marjamäki
d9deabe2ce
TestBufferOverrun: clean up
2015-02-10 17:29:36 +01:00
PKEuS
b2835051df
Refactorization: Renamed Token::Match pattern %var% to %name%, implement new pattern %var% which is true if varId > 0.
2015-01-31 12:32:04 +01:00
PKEuS
98e33a189f
Enhanced CheckBufferOverrun:
...
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
Daniel Marjamäki
ff11ba9847
Updated copyright year to 2015
2015-01-03 12:14:58 +01:00
Daniel Marjamäki
bc594d52c8
Fixed #6349 (Pointer arithmetic: clarify message)
2014-12-25 10:05:55 +01:00
Daniel Marjamäki
0b9d80c95d
Refactoring CheckUnusedFunctions so it uses new infrastructure for multifile analysis
2014-12-02 06:41:18 +01:00
Daniel Marjamäki
a002654c47
Reverted refactoring 828417c
for now. It caused a major slowdown in the unused functions checking.
2014-11-24 06:37:08 +01:00
Daniel Marjamäki
051d42ae6b
astyle formatting
2014-11-20 14:20:09 +01:00
orbitcowboy
f5d804f71a
running astyle
2014-11-20 10:13:03 +01:00
Daniel Marjamäki
828417c934
CheckUnusedFunction: Refactorings to use same infrastructure for whole program analysis as CheckUninitVar and CheckBufferOverrun
2014-11-15 18:44:23 +01:00
Daniel Marjamäki
de7e9223b8
Fixed #6272 (Improve check: multifile checking in checkbufferoverrun)
2014-11-15 10:43:49 +01:00
Daniel Marjamäki
fbc6323a9b
doc: changed --doc output to Markdown syntax
2014-09-30 14:56:12 +02:00
Daniel Marjamäki
0fd334911a
Fixed #5257 (Check memcpy size for string literals)
2014-07-06 08:41:39 +02:00
Daniel Marjamäki
6f2c8a8236
Fixed #5931 (arrayIndexOutOfBoundsCond id reported instead of arrayIndexOutOfBounds)
2014-06-28 10:09:53 +02:00
Daniel Marjamäki
6c8558c112
CheckBufferOverrun: Removed old for-loop handling. This is handled through ValueFlow from now on.
2014-06-27 06:46:42 +02:00
Daniel Marjamäki
036b2f8ccf
CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking.
2014-06-26 17:36:20 +02:00
PKEuS
ec1bd420a7
Refactorizations optimizing std::string usage:
...
1) Added global static const std::string emptyString; object:
-> Replaces some static variables in functions which might be not threadsafe
-> Avoids constructor call (std::string::string(""))
-> Even functions that return an empty string in some branches can return by reference now.
Added to config.h to ensure that it is available everywhere
2) Added overloads for TestFixture::assertEquals for the most common use cases:
-> Moves conversion from const char[] to std::string into a function, reducing code duplication in binary.
2014-06-26 11:51:02 +02:00
PKEuS
2d54bace1b
Improved performance of CheckBufferOverrun::checkScope() ( #5944 ):
...
-> Speedup by 40% (MSVC12, x64, not matchcompiled) on the file attached to the ticket
2014-06-23 19:06:59 +02:00
PKEuS
8f79dc3ff8
Cleaned up includes and forward declarations in checkers:
...
- Removed definitely unnecessary forward declarations (e.g. "class Token"; token.h is already included by check.h, so a definition is unnecessary)
- Removed unused includes
2014-05-24 12:50:03 +02:00
PKEuS
3275881056
Improved checkBufferOverrun::classInfo ( #4667 )
2014-05-22 09:13:29 +02:00
Daniel Marjamäki
3c64c70ce2
ValueFlow: Added utility functions getValueLE and getValueGE to simplify usage
2014-04-02 06:49:28 +02:00
Daniel Marjamäki
e5301b2b7a
ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known
2014-03-29 20:20:22 +01:00
Daniel Marjamäki
87daf5783e
buffer overflow: clean up old checking for negative index
2014-03-25 20:37:32 +01:00
Daniel Marjamäki
fd3a8a2a18
Update copyright
2014-02-15 07:45:39 +01:00
Martin Ettl
6ca7daec10
Fixed #389 : Providing negative value to memory allocation function.
2014-02-01 22:38:29 +01:00
Daniel Marjamäki
0dbb86f0cb
Cleanup ExecutionPath from CheckBufferOverrun
2014-01-22 21:25:37 +01:00
Daniel Marjamäki
18d6285ad2
BufferOverrun: Improved error message when array index is used before checking that its in limits
2014-01-17 18:56:46 +01:00
Daniel Marjamäki
a1b0d190df
Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().)
2014-01-02 10:46:19 +01:00
PKEuS
c95b153700
Refactorizations:
...
- Removed some redundant operator=, copy-ctor and dtor implementations
- use operator[] instead of at() in library loading code
2013-10-27 13:55:13 +01:00
Ettl Martin
9ab6655d85
Fixed #5007 (Same include guard naming)
2013-09-04 20:59:49 +02:00
PKEuS
a9a5dc0354
Updated to AStyle 2.03, require this version
2013-08-07 16:27:37 +02:00
Daniel Marjamäki
9c67af058a
SymbolDatabase: Renamed Variable::varId() to Variable::declarationId() to make it more clear how it works.
2013-07-20 12:31:04 +02:00
Daniel Marjamäki
785d54046f
Fixed Cppcheck warning, method can be static
2013-06-01 14:06:48 +02:00
Daniel Marjamäki
a861817a01
Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration)
2013-05-28 16:52:23 +02:00
Ettl Martin
ff826d7c62
#4664 : new check: (POSIX) write outside buffer size.
2013-03-19 08:22:48 +01:00
Robert Reif
4b9b87e310
Fixed #4646 (false positive: (style, inconclusive) Technically the member function 'C<T>::operator+=' can be const.)
2013-03-14 06:34:12 +01:00
Reijo Tomperi
5d5f7085bf
Updating year 2012 -> 2013 to .cpp and .h files and man page.
2013-01-01 18:29:08 +02:00
Daniel Marjamäki
7f6a10599b
Fixed #4262 (Small Request/Suggestion for checks on array size of args (bounty offer))
2012-12-22 09:23:34 +01:00
XhmikosR
6e4e3dfbfb
lib: tabs to spaces, remove trailing spaces and extra empty lines at the end of files
2012-09-17 13:51:23 +02:00
Deepak Gupta
4202866100
Fixed #4096 (Improve check: Buffer overrun in for loop, postfix increment in array access)
2012-09-01 19:17:28 +02:00
PKEuS
046712aaec
Removed --doc formating hack that removes more than three newlines and added format testing of Check::classInfo instead.
...
- Fixed test failures shown by new test.
Use const_iterator instead of iterator in testcppcheck.cpp when possible
2012-08-26 16:22:46 +02:00
PKEuS
1b40668e04
Refactorizations:
...
- Made several functions (Check*::myName and others) because they don't touch depend on a specific instance. (cppcheck findings)
- Removed description of a check in CheckConst that has moved to CheckIO
2012-08-02 09:50:48 -07:00
PKEuS
4b80e91145
Implemented support for building cppcheck lib into a dll
...
Updated VS9 solution
New VS10 solution that builds cppcheck into a dll used by cli and testrunner.
Functional changes and advantages of new solution:
- Share code between testrunner and cli; ability to share code with gui as well (not yet implemented)
- Files of /lib are no longer compiled twice (should improve build time on single core machines)
- Added configuration for building with PCRE support
- Executables are build into /bin (/bin/debug in debug mode) folder (Should no longer require rebuild when switching between debug and release)
- Completely x64 compatible (contains also x64-debug configuration now)
2012-06-10 05:19:09 -07:00
Edoardo Prezioso
eacf74be8d
Changed the order of some structures in order to improve, even if for a bit, their padding.
2012-05-14 20:49:03 +02:00
PKEuS
b37cf11d20
Refactorizations:
...
- Increased encapsulation by making some functions private
- Removed redundant function CheckBufferOverrun::ArrayInfo::declare
- Avoided copy of ArrayInfo object
- Removed unnecessary and suspicious "if(sizeof(int) == 4)"
2012-03-27 19:40:39 +02:00
PKEuS
e3b3b7b62f
Refactorizations on buffer overrun check:
...
- Replaced a few indendation counters by smaller and faster code
- Make use of safer nextArgument() function instead of some local implementations
- Replaced some simple patterns by direct function calls
- Made a strncpy/strncat search pattern more generic
- Replaced offset variable by incrementation of Token* to avoid subsequent calls to tokAt
- Increased data encapsulation in header
2012-03-17 21:55:08 +01:00
PKEuS
b1ff900aaa
Some refactorizations
2012-02-18 23:43:51 +01:00
Reijo Tomperi
8cae17fda8
Update year to 2012
2012-01-01 01:05:37 +02:00
Daniel Marjamäki
497c54a1a7
Fixed #3168 (false negative: buffer overflow in subfunction)
2011-12-11 08:16:58 +01:00
Daniel Marjamäki
ee39f6402c
reverted fix for #3168 , I'll rewrite it
2011-12-10 20:46:10 +01:00
Daniel Marjamäki
897e8637b4
Fixed #3168 (false negative: buffer overflow in subfunction)
2011-12-10 19:26:12 +01:00
Daniel Marjamäki
2e08c8c5b1
DJGPP: Fixed a few compiler errors by using std::size_t instead of size_t
2011-11-22 21:14:14 +01:00
Thomas Jarosch
3413ffef3e
Refactor readlink() buffer check to also handle readlinkat()
2011-10-24 21:23:18 +02:00
Thomas Jarosch
7ae39f13cc
Fixed #3198 (Add check for readlink())
2011-10-14 19:45:51 +02:00
Daniel Marjamäki
6f8e42a5af
changed the astyle formatting flags
2011-10-13 20:53:06 +02:00
Thomas Jarosch
abd2525339
Fixed #3161 (Show buffers size info for snprintf() buffer overruns)
2011-10-05 20:17:57 +02:00
Robert Reif
0d6592dd2e
use correct checkScope function in CheckBufferOverrun for single dimension member arrays
2011-09-11 19:21:13 -04:00
Robert Reif
e18fe56d56
refactor CheckBufferOverrun to only use multi-dimension array error messages and remove single dimension array message
2011-09-11 09:54:26 -04:00
Robert Reif
a9b4e21f60
refactor CheckBufferOverrun::checkScope to take an ArrayInfo parameter
2011-09-10 11:21:52 -04:00
Robert Reif
547a79d4fe
calculate array size for variable length structures with array at end in CheckBufferOverrun::checkStructVariable() when possible
2011-09-10 10:14:32 -04:00
Robert Reif
7451c5cece
warn when buffer is not zero terminated after memmove
2011-09-05 15:59:41 -04:00
Robert Reif
f5d71d1ac5
warn when buffer is not zero terminated after memcpy
2011-09-05 15:41:37 -04:00
Robert Reif
3c8988e7a5
warn when buffer is not zero terminated after strncpy
2011-09-05 15:19:38 -04:00
Robert Reif
8c093d0f8a
refactor CheckBufferOverrun::checkScope strncpy check and change experimental to inconclusive
2011-08-27 21:18:39 -04:00
Robert Reif
6e78b51071
make all functions that call reportError names in checkbufferoverrun end in Error for consisentcy
2011-08-24 07:11:39 -04:00
Robert Reif
8c1efe9bb6
improve message for #3035 (false negative: strcpy(dst, src) where src is bigger than dst)
2011-08-21 15:18:41 -04:00
Robert Reif
67e8731a96
partial fix for #3035 (false negative: strcpy(dst, src) where src is bigger than dst)
2011-08-21 14:44:55 -04:00
Daniel Marjamäki
ceb763f57a
Fixed #2956 (False negative: read array and then immediately check the index 'str[i] && i<sizeof(str)')
2011-08-04 11:15:14 +02:00
Robert Reif
48e6ea271a
start using symbol database array info for buffer overrun checks
2011-06-22 22:44:11 -04:00
Robert Reif
dac826d0ac
use a more conventional technique for accessing ArrayInfo private variables
2011-06-22 20:35:58 -04:00
Daniel Marjamäki
08811c8179
CheckBufferOverrun: Refactoring. Broke out checkScope code for parsing 'for' bodies
2011-02-10 21:56:06 +01:00
Greg Hewgill
be195a72c9
initialise Check::_name in constructor rather than relying on virtual Check::name()
2011-02-02 22:58:25 +13:00
Daniel Marjamäki
9d3b242cd8
Fixed #1952 (false negative: buffer acces out of bounds with memcpy)
2011-01-22 21:31:26 +01:00
Reijo Tomperi
226b605774
Change year 2010 -> 2011 in license texts.
2011-01-09 21:33:36 +02:00
Daniel Marjamäki
4ec9d418ff
Fixed #2215 (Improve check: Writing outside malloc bounds not detected)
2011-01-01 20:56:21 +01:00
Daniel Marjamäki
fa3853803b
gcc: fixed -Wconversion warnings
2010-12-31 09:30:56 +01:00
Daniel Marjamäki
38e7209d26
Fixed #2373 (Using XML2 in --errorlist output)
2010-12-29 12:43:29 +01:00
Daniel Marjamäki
6aa400fd80
Buffer overrun: UB when pointer arithmetic result points out of bounds. Ticket #1774
2010-12-26 21:23:28 +01:00
Daniel Marjamäki
9d9a5b0623
VS: Fixed compiler warnings. Ticket: #2200
2010-11-21 11:48:27 +01:00
Ettl Martin
a56f6d276a
fixed warning from cppcheck: [lib/checkbufferoverrun.h:129]: (style) 'operator=' should not return a const reference
2010-09-15 22:25:12 +02:00
Daniel Marjamäki
adc47f1820
Fixed #1487 (fix gcc compiler warnings)
2010-08-06 21:02:43 +02:00
Daniel Marjamäki
1b2f16f443
Buffer overflow: Fixed two TODO test cases
2010-08-05 11:01:47 +02:00
Daniel Marjamäki
5789eb116d
astyle formatting
2010-06-02 18:09:25 +02:00
Zachary Blair
33b4254d33
Fixed #568 (string functions with command line arguments may overflow buffer)
2010-06-01 22:41:07 -07:00
Zachary Blair
619cfbc56f
Fixed #168 (buffer overflow: not enough room for the null terminator)
2010-05-26 01:56:34 -07:00
Daniel Marjamäki
01034cd48d
Refactoring: Removed 'possible error' message about cin
2010-05-16 19:09:36 +02:00
Daniel Marjamäki
26fab24de4
Refactoring: Removed some inconclusive checking in CheckBufferOverrun
2010-05-16 15:30:39 +02:00
Daniel Marjamäki
8ccd95a643
Fixed #836 (buffer overrun: memmove)
2010-04-24 21:48:58 +02:00