Commit Graph

664 Commits

Author SHA1 Message Date
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki 2ecfae0a98 CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now 2019-03-13 06:45:01 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki 4ababeb704 Fix 'make checkcfg' 2019-03-11 21:39:39 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki 17253cdb55 buffer overflow: Fix false positive 2019-03-11 19:40:17 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki a933261e14 Add message id arrayIndexOutOfBoundsCond 2019-03-11 19:12:03 +01:00
orbitcowboy 0721c9f7f0 Running astyle [ci skip]. 2019-03-11 15:32:30 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki 3eb5de756c Buffer overrun: Refactorings; use range for loops and write in message 2019-03-09 22:19:09 +01:00
amai2012 eb9edbc177 #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. 2019-03-08 11:07:33 +01:00
Daniel Marjamäki c32d015337 Fixed false positives from terminateStrncpy 2019-03-06 18:50:50 +01:00
Daniel Marjamäki 3f37d5ac2d Refactoring strncpy/strncat checking to use ValueFlow and AST 2019-03-06 09:04:04 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Daniel Marjamäki 271763e680 CTU: Refactoring 2018-12-25 21:11:23 +01:00
Daniel Marjamäki 2214ef5359 Refactor isVLAIndex 2018-11-23 20:23:20 +01:00
orbitcowboy 0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. (#1438)
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].

* Formatted the code. There are no functional changes intended.

* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. (#1419)
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.

* Formatted the code, there are functional changes.

* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki 20121b34d8 Fixed #7718 (False positive: out of bounds of already resized std::string) 2018-10-09 06:53:26 +02:00
Daniel Marjamäki 12b7c9e597 Fix Cppcheck warning 2018-09-01 08:41:41 +02:00
Daniel Marjamäki f388c77042 Fixed #8721 (Regression: False positive array index out of bounds) 2018-08-31 18:25:43 +02:00
Daniel Marjamäki 27aae8d032 Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function) 2018-08-30 10:04:07 +02:00
Daniel Marjamäki 54cfdb731e Refactoring; Use Token::isUnaryOp() to clarify code 2018-07-13 23:12:20 +02:00
Daniel Marjamäki 4c6270f9b2 Refactoring: use range for loop 2018-06-30 15:34:48 +02:00
Daniel Marjamäki cb48aae594 buffer overrun: Remove bailout. There is no test case and I fail to produce false positives. 2018-06-24 09:50:55 +02:00
Daniel Marjamäki 19cf0d1fa4 Refactoring; use range for loop 2018-06-17 18:37:40 +02:00
Daniel Marjamäki ad4ce84cf7 Rename private member variables 2018-06-17 17:20:16 +02:00
Daniel Marjamäki 79ffe1d4fc Rename _tokenizer, _settings, _errorLogger 2018-06-16 16:10:28 +02:00
Matthias Krüger be6c273e6b CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC). 2018-05-31 12:28:34 +02:00
Daniel Marjamäki ca8e19c96d SymbolDatabase: Refactor SymbolDatabase: variable list 2018-04-28 09:38:33 +02:00
Daniel Marjamäki f336c2efe7 Refactoring; Renamed Scope::classStart and Scope::classEnd 2018-04-27 22:36:30 +02:00
Daniel Marjamäki f058d9ad08 CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better. 2018-04-23 12:21:18 +02:00
PKEuS d2146844dd Refactorizations:
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
PKEuS b15cc3f236 Refactorization: Replace several push_back-sequences by initializer lists 2018-04-09 09:54:39 +02:00
Daniel Marjamäki a0906140a6 Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName. 2018-04-09 06:43:48 +02:00
Daniel Marjamäki 3ad6c7ebce Refactoring, use early continue 2018-04-05 08:21:43 +02:00
jrp2014 67a71fa362 Refactor lib/checkbufferoverrun.cpp 2018-04-05 08:17:56 +02:00
jrp2014 b6504c70ca Improve constness 2018-04-04 21:51:31 +02:00
Daniel Marjamäki 96167ffa51 Compatibility fixes for gcc 4.5 2018-03-29 17:37:06 +02:00
Daniel Marjamäki 71511f3131 Refactor f487182 2018-02-06 08:59:36 +01:00
Ivan Maidanski f487182075 Suppressed unused functions should not lead to nonzero exit code (#1026) (#1078)
This is a fix of commit 97ffec8.
2018-02-06 07:44:53 +01:00
Daniel Marjamäki 5b6ec49a6f Pointer overflow: Fixed false positive 2018-01-27 22:09:43 +01:00
Daniel Marjamäki 189e0b3890 Fix Cppcheck warning about uninitialized variable 2018-01-27 22:05:29 +01:00
Daniel Marjamäki bc40f5041d Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun) 2018-01-27 15:39:39 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Ivan Maidanski 97ffec85c0 Fixed #7502 (Correct exit code if never used function is found) (#1026) 2018-01-12 08:24:01 +01:00
Daniel Marjamäki 7d2450e445 Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc) 2017-12-31 14:58:26 +01:00
Daniel Marjamäki 79f6793076 minor code cleanup 2017-12-31 12:30:02 +01:00
Oleksandr Redko a8700f5622 Remove redundant parts of conditional expressions (#988)
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
Daniel Marjamäki ba8222de1c ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive. 2017-09-20 22:41:36 +02:00
Ayaz Salikhov f0b5327450 Fix codestyle (#953) 2017-09-07 13:00:46 +02:00
Dmitry-Me 0e444aa133 Cache and reuse values 2017-09-05 17:50:36 +03:00
Ayaz Salikhov b8cd7dbb5c Use nullptr instead of 0 or NULL (#936) 2017-08-09 20:00:26 +02:00
Matthias Krüger 9b6d371762 checkbufferoverrun: remove dead store
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.

Was:

lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
                tok = tok->next();
                ^     ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00
Daniel Marjamäki 058c439b2a Coverity detected useless function call, cleanup code 2017-08-01 12:45:37 +02:00
Daniel Marjamäki fec0c46af0 Refactoring, use continue in loop 2017-07-30 14:53:58 +02:00
Ayaz Salikhov 4bbc830a85 Fix warnings 2017-07-17 10:13:11 +03:00
uburuntu f4ce49d883 ENH: perfomance: using clear() and empty() more faster for stl containers 2017-06-02 22:38:00 +04:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 1dd42d9a9e arrayIndexOutOfBounds: Make sure error message is clarified for daca2 --template format 2017-05-25 08:18:37 +02:00
Daniel Marjamäki 70c2de62b7 arrayIndexOutOfBounds: better note 2017-05-23 16:06:32 +02:00
Daniel Marjamäki e73657b198 Clarify arrayIndexOutOfBounds 2017-05-23 14:58:43 +02:00
Daniel Marjamäki f7cda81c0c Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning' 2017-05-23 11:43:56 +02:00
Daniel Marjamäki 55ae206ecc ErrorPath: better output 2017-05-19 17:29:16 +02:00
Daniel Marjamäki c617851567 ErrorLogger: Added ErrorPath where each item has token and info 2017-05-16 22:38:13 +02:00
Daniel Marjamäki f92e7b3bfc Emit better errorpath in CheckBufferOverrun::negativeIndexError 2017-05-16 19:08:47 +02:00
Simon Martin b526fd7c49 Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). 2017-04-21 23:36:10 +02:00
PKEuS b1f4bd7504 Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set (#7995) 2017-04-11 11:49:26 +02:00
Matthias Krüger 7d12e1f3a6 valueFlowGetArrayIndexes: convert Token::Match to Token::simpleMatch.
The pattern is a sole "[", but since "[" is also used for complexe patterns, the internal check that finds potential simple match patterns bailed out here.
2017-04-09 17:27:46 +02:00
Daniel Marjamäki 633ed23c0d Fix Cppcheck warnings about mismatching function argument names 2017-04-01 09:31:27 +02:00
Daniel Marjamäki cc3ef7bbe8 Fix so array access out of bounds for external arrays are detected again 2017-03-30 10:14:17 +02:00
PKEuS 3c8f5b85ae Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10% 2017-03-27 18:48:34 +02:00
PKEuS 2938278f00 Refactorization: Store minsizes in vector instead of list which has less overhead 2017-03-27 17:53:43 +02:00
PKEuS 63d39390b4 checkbufferoverrun.cpp: refactorizations 2017-03-27 16:09:51 +02:00
PKEuS 83b1e1c329 CheckBufferOverrun: Refactorizations
- Improved/Optimized conditions in checkBufferAllocatedWithStrlen()
- Avoid copying strings for checkScope()
2017-03-27 11:48:34 +02:00
PKEuS 680828788b Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests 2017-03-27 11:30:07 +02:00
PKEuS 171e1b8244 Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck() 2017-03-27 11:07:49 +02:00
orbitcowboy 6c71d74563 Cleanup: There is no need to clear a string directly after its creation. 2017-01-16 20:10:28 +01:00
Daniel Marjamäki f0d91fb74b Fixed #7869 (False positive: Array index out of bounds) 2016-12-20 22:01:19 +01:00
Daniel Marjamäki f5ad7482a8 CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member. 2016-12-18 22:10:30 +01:00
PKEuS cfac3b457d Several small refactorizations 2016-12-06 22:12:02 +01:00
Stefan Weil 57b57428c2 Fix some typos in comments (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-11-27 11:40:42 +01:00
Daniel Marjamäki a61f4e9c94 Fixed #7831 (false-positive: terminateStrncpy) 2016-11-24 07:04:58 +01:00
Daniel Marjamäki 4732667488 ValueFlow: allow more value types 2016-11-13 22:33:39 +01:00
Daniel Marjamäki 9ff3e85899 Added --cppcheck-build-dir flag 2016-10-29 12:18:11 +02:00
Daniel Marjamäki 499e52c976 astyle formatting
[ci skip]
2016-08-15 18:04:55 +02:00
Roberto Martelloni 41dee04e90 CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor 2016-08-14 18:23:41 +01:00
Robert Reif 55b3f0bf38 Fixed #752 (SymbolDatabase: Does not match function if redundant keywords mismatch (C++)) 2016-08-04 09:06:32 +02:00
PKEuS 3f4fe8f578 Refactorized CheckBufferOverrun:
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS 9a6569fde1 Always set ErrorMessage::file0 to ensure that the source file that cppcheck is checking when an error occurs can be identified
Removed unused function and unused includes from preprocessor.h/cpp
2016-07-26 16:28:40 +02:00
Simon Martin bae81fba05 Silent clang -Wshadow warning. (#812)
Add an optional extended description…
2016-07-09 19:07:58 +02:00
PKEuS 44a19b527e Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums (#7576) 2016-07-08 20:53:08 +02:00
PKEuS 644a216394 Fixed two false positives related to char arrays initialized by a literal:
- Run check for writing to string literals on non-simplified token list (#7283)
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/)
2016-07-07 19:38:15 +02:00
umanamente 0f11007c19 Fixed #7083 (false positive: typedef and initialization with strings) 2016-06-21 22:42:46 +02:00
PKEuS 8c0eab3eb3 Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays (#5975)
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
PKEuS 728d4242dc Refactorizations in CheckBufferOverrun:
- Improved performance of CheckBufferOverrun::checkScope()
- Made some patterns less restrictive
2016-05-25 11:50:34 +02:00
Roberto Martelloni d3645d874e Mapped toomanyconfigs ,AssignmentAddressToInteger
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00