* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
* Identify return conditions in multiconditions
* Improve error messages
* Check return statements are always true or false
* Add more tests for FPs
* Fix FP when returning const like variables
* Fix FP when returning pointers or classes
* Fix FP with member variable access
* Check non-local variables
* Use simplematch
* Check for null
* MISRA: Allow printing of the suppressed rules to the console
--show-suppressed-rules will print rules in the suppression rule list to
the console sorted by rule number.
* MISRA: Correct rule suppression for entire file scope
The entire file scope suppression check was checking for the rule item
list to be None instead of looking for None as an entry into the list.
Correct this check and modify the documentation to explicitly state that
an entry of None in the rule item list will set the scope for that
suppression to be the entire file.
* MISRA: Tests for checking per-file rule suppressions
To run:
../../cppcheck --suppressions-list=suppressions.txt --dump misra-suppressions*-test.c
python ../misra.py misra-suppressions*-test.c.dump
There should be no violations reported
* MISRA: Allow ignoring a prefix from file paths when suppression matching
For environments that run cppcheck from the build system cppcheck may be
passed a filename that is a complete path.
Often this path will include a portion that is specific to the developer
or to the environment where the project is located.
The per-file suppression rules do filename matching based on the
filename passed to cppcheck. To match any path information also has to
be included into the suppressions file provided to cppcheck via the
--suppressions-list= option.
This limits the usefulness of the per-file based suppressions because
it requires the suppression to be customized on a per instance basis.
Add a option "--file-prefix" that allows a prefix to be excluded from
the file path when doing the suppression filename matching.
Example.
Given the following structure:
/test/path1/misra-suppressions1-test.c
/test/path1/misra-suppressions2-test.c
specifying --file-prefix /test/path1 will allow the use of
misra-suppressions1-test.c and misra-suppressions2-test.c as filenames
in the suppressions file without leading patch information but still
match the suppression rule.
* MISRA: Tests for --file-prefix option
To run:
../../cppcheck --suppressions-list=suppressions.txt \
--dump misra-suppressions*-test.c \
path1/misra-suppressions*-test.c
python ../misra.py misra-suppressions*-test.c.dump \
path1/misra-suppressions*-test.c
There should be no violations reported
Functions with variadic arguments trip an exception in the MISRA checker
because some of the token is None and does not have some of the members
the code is expecting.
Prevent this by checking to see if the token is None and skipping the
code that tries to use that value.
Dynamic memory allocation was used for a XmlReportV2 object
in the function “ResultsView::readErrorsXml”.
This object was put on the stack instead so that this software
became a bit safer and more efficient.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
* Improve STL interators checking
* Improve error messages for container iterators from different scopes
* Mini refactoring
* Replace hardcoded pattern to ValueType::Type::ITERATOR
* Error messages improvements, more tests and refactoring
* Refactoring after code review
* Put getting operand data into separate function
* Update getErrorMessages and iterator errors ids
* Refactoring
* Fix error
* Refactoring, early return implementation
* Delete redundant code
* Tiny changes in comments
Avoids git printing a warning about redirecting to https every time
the clone command is issued. The warning was:
warning: redirecting to https://github.com/danmar/cppcheck.git/
* Fix specialized template regression.
Only check for instantiation of template being processed rather than
count of all instantiations.
* Add 2 more tests.
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
* #4241: Check for address of single character passed as string
Add a check that address of a single character is not passed as argument
to argument marked as strings (using strz). The check does not warn if
the address of a character with known value '\0'.
Since ValueFlow currently does not handle global constants (see #7597),
do not warn if the variable is global to avoid FPs when the address of
a global variable assigned to '\0' is passed to a function expecting a
string.
Remove comment in docs saying strz is unused.
* Change asdf to Hello world
* Add test of address to first element in string
* Add error reporting function to getErrorMessages
* Fix strings in test
* Fixed#8693 (Template specialization: Constructor detected as normal function (functionStatic error))
Refactor template simplifier to remove the existing full specialization
function expandSpecialized and allow full specializations to use the
existing function expandTemplate. The function expandTemplate was
modified to either expand the template like it originally did by copying
it or to modify the template in place. Both instantiated and
uninstantiated full specializations are modified in place. This also
fixes#8692 and probably other related tickets as well.
The function simplifyTemplates now tries twice to simplify templates so
more templates can be simplified. We should try as many times as
necessary to find all possible templates. We can't do that now because
uninstantiated templates are left unchanged. It is relatively straight
forward to have the new code also expand in place uninstantiated
templates with their symbolic types but namespaces are not handled
properly (ticket #8671) and it would introduce regressions.
* Fix travis warnings.
The while part of a do-while loop looks almost like a function call, so
extend the check for function calls to ignore while-statements.
Note that there was only an FP when checking c-code, since the check is
disabled for c++-code. Therefore, make sure the test cases are run on a
c-file.