Daniel Marjamäki
92f4113b59
Array index: Checking array index out of bounds for dynamic buffers
2019-03-17 13:09:15 +01:00
Daniel Marjamäki
2ecfae0a98
CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now
2019-03-13 06:45:01 +01:00
Daniel Marjamäki
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
Daniel Marjamäki
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
Daniel Marjamäki
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
Daniel Marjamäki
4ababeb704
Fix 'make checkcfg'
2019-03-11 21:39:39 +01:00
Daniel Marjamäki
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
Daniel Marjamäki
17253cdb55
buffer overflow: Fix false positive
2019-03-11 19:40:17 +01:00
Daniel Marjamäki
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
Daniel Marjamäki
a933261e14
Add message id arrayIndexOutOfBoundsCond
2019-03-11 19:12:03 +01:00
orbitcowboy
0721c9f7f0
Running astyle [ci skip].
2019-03-11 15:32:30 +01:00
Daniel Marjamäki
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki
3eb5de756c
Buffer overrun: Refactorings; use range for loops and write in message
2019-03-09 22:19:09 +01:00
amai2012
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
Daniel Marjamäki
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
Daniel Marjamäki
3f37d5ac2d
Refactoring strncpy/strncat checking to use ValueFlow and AST
2019-03-06 09:04:04 +01:00
Daniel Marjamäki
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
Daniel Marjamäki
271763e680
CTU: Refactoring
2018-12-25 21:11:23 +01:00
Daniel Marjamäki
2214ef5359
Refactor isVLAIndex
2018-11-23 20:23:20 +01:00
orbitcowboy
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
Daniel Marjamäki
12b7c9e597
Fix Cppcheck warning
2018-09-01 08:41:41 +02:00
Daniel Marjamäki
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
Daniel Marjamäki
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
Daniel Marjamäki
54cfdb731e
Refactoring; Use Token::isUnaryOp() to clarify code
2018-07-13 23:12:20 +02:00
Daniel Marjamäki
4c6270f9b2
Refactoring: use range for loop
2018-06-30 15:34:48 +02:00
Daniel Marjamäki
cb48aae594
buffer overrun: Remove bailout. There is no test case and I fail to produce false positives.
2018-06-24 09:50:55 +02:00
Daniel Marjamäki
19cf0d1fa4
Refactoring; use range for loop
2018-06-17 18:37:40 +02:00
Daniel Marjamäki
ad4ce84cf7
Rename private member variables
2018-06-17 17:20:16 +02:00
Daniel Marjamäki
79ffe1d4fc
Rename _tokenizer, _settings, _errorLogger
2018-06-16 16:10:28 +02:00
Matthias Krüger
be6c273e6b
CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC).
2018-05-31 12:28:34 +02:00
Daniel Marjamäki
ca8e19c96d
SymbolDatabase: Refactor SymbolDatabase: variable list
2018-04-28 09:38:33 +02:00
Daniel Marjamäki
f336c2efe7
Refactoring; Renamed Scope::classStart and Scope::classEnd
2018-04-27 22:36:30 +02:00
Daniel Marjamäki
f058d9ad08
CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better.
2018-04-23 12:21:18 +02:00
PKEuS
d2146844dd
Refactorizations:
...
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
PKEuS
b15cc3f236
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:54:39 +02:00
Daniel Marjamäki
a0906140a6
Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName.
2018-04-09 06:43:48 +02:00
Daniel Marjamäki
3ad6c7ebce
Refactoring, use early continue
2018-04-05 08:21:43 +02:00
jrp2014
67a71fa362
Refactor lib/checkbufferoverrun.cpp
2018-04-05 08:17:56 +02:00
jrp2014
b6504c70ca
Improve constness
2018-04-04 21:51:31 +02:00
Daniel Marjamäki
96167ffa51
Compatibility fixes for gcc 4.5
2018-03-29 17:37:06 +02:00
Daniel Marjamäki
71511f3131
Refactor f487182
2018-02-06 08:59:36 +01:00
Ivan Maidanski
f487182075
Suppressed unused functions should not lead to nonzero exit code ( #1026 ) ( #1078 )
...
This is a fix of commit 97ffec8
.
2018-02-06 07:44:53 +01:00
Daniel Marjamäki
5b6ec49a6f
Pointer overflow: Fixed false positive
2018-01-27 22:09:43 +01:00
Daniel Marjamäki
189e0b3890
Fix Cppcheck warning about uninitialized variable
2018-01-27 22:05:29 +01:00
Daniel Marjamäki
bc40f5041d
Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun)
2018-01-27 15:39:39 +01:00
Daniel Marjamäki
c4caee6b18
Updated copyright year
2018-01-14 15:37:52 +01:00
Ivan Maidanski
97ffec85c0
Fixed #7502 (Correct exit code if never used function is found) ( #1026 )
2018-01-12 08:24:01 +01:00
Daniel Marjamäki
7d2450e445
Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)
2017-12-31 14:58:26 +01:00
Daniel Marjamäki
79f6793076
minor code cleanup
2017-12-31 12:30:02 +01:00
Oleksandr Redko
a8700f5622
Remove redundant parts of conditional expressions ( #988 )
...
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
Daniel Marjamäki
ba8222de1c
ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive.
2017-09-20 22:41:36 +02:00
Ayaz Salikhov
f0b5327450
Fix codestyle ( #953 )
2017-09-07 13:00:46 +02:00
Dmitry-Me
0e444aa133
Cache and reuse values
2017-09-05 17:50:36 +03:00
Ayaz Salikhov
b8cd7dbb5c
Use nullptr instead of 0 or NULL ( #936 )
2017-08-09 20:00:26 +02:00
Matthias Krüger
9b6d371762
checkbufferoverrun: remove dead store
...
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.
Was:
lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
tok = tok->next();
^ ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00
Daniel Marjamäki
058c439b2a
Coverity detected useless function call, cleanup code
2017-08-01 12:45:37 +02:00
Daniel Marjamäki
fec0c46af0
Refactoring, use continue in loop
2017-07-30 14:53:58 +02:00
Ayaz Salikhov
4bbc830a85
Fix warnings
2017-07-17 10:13:11 +03:00
uburuntu
f4ce49d883
ENH: perfomance: using clear() and empty() more faster for stl containers
2017-06-02 22:38:00 +04:00
Ayaz Salikhov
28aa939d69
iwyu - include what you use
2017-05-27 04:33:47 +02:00
Daniel Marjamäki
1dd42d9a9e
arrayIndexOutOfBounds: Make sure error message is clarified for daca2 --template format
2017-05-25 08:18:37 +02:00
Daniel Marjamäki
70c2de62b7
arrayIndexOutOfBounds: better note
2017-05-23 16:06:32 +02:00
Daniel Marjamäki
e73657b198
Clarify arrayIndexOutOfBounds
2017-05-23 14:58:43 +02:00
Daniel Marjamäki
f7cda81c0c
Refactoring: ValueFlow::Value::errorSeverity() will have the logic if value is 'error' or 'warning'
2017-05-23 11:43:56 +02:00
Daniel Marjamäki
55ae206ecc
ErrorPath: better output
2017-05-19 17:29:16 +02:00
Daniel Marjamäki
c617851567
ErrorLogger: Added ErrorPath where each item has token and info
2017-05-16 22:38:13 +02:00
Daniel Marjamäki
f92e7b3bfc
Emit better errorpath in CheckBufferOverrun::negativeIndexError
2017-05-16 19:08:47 +02:00
Simon Martin
b526fd7c49
Ticket #7964 : Don't crash on valid code using function pointers named strcpy or strcat in main().
2017-04-21 23:36:10 +02:00
PKEuS
b1f4bd7504
Refactorization: Reimplemented Settings::_enabled as a bitfeld instead of std::set ( #7995 )
2017-04-11 11:49:26 +02:00
Matthias Krüger
7d12e1f3a6
valueFlowGetArrayIndexes: convert Token::Match to Token::simpleMatch.
...
The pattern is a sole "[", but since "[" is also used for complexe patterns, the internal check that finds potential simple match patterns bailed out here.
2017-04-09 17:27:46 +02:00
Daniel Marjamäki
633ed23c0d
Fix Cppcheck warnings about mismatching function argument names
2017-04-01 09:31:27 +02:00
Daniel Marjamäki
cc3ef7bbe8
Fix so array access out of bounds for external arrays are detected again
2017-03-30 10:14:17 +02:00
PKEuS
3c8f5b85ae
Refactorization: Allocate Token::_values (ValueFlow information) dynamically, reducing size of each token by around 10%
2017-03-27 18:48:34 +02:00
PKEuS
2938278f00
Refactorization: Store minsizes in vector instead of list which has less overhead
2017-03-27 17:53:43 +02:00
PKEuS
63d39390b4
checkbufferoverrun.cpp: refactorizations
2017-03-27 16:09:51 +02:00
PKEuS
83b1e1c329
CheckBufferOverrun: Refactorizations
...
- Improved/Optimized conditions in checkBufferAllocatedWithStrlen()
- Avoid copying strings for checkScope()
2017-03-27 11:48:34 +02:00
PKEuS
680828788b
Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests
2017-03-27 11:30:07 +02:00
PKEuS
171e1b8244
Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck()
2017-03-27 11:07:49 +02:00
orbitcowboy
6c71d74563
Cleanup: There is no need to clear a string directly after its creation.
2017-01-16 20:10:28 +01:00
Daniel Marjamäki
f0d91fb74b
Fixed #7869 (False positive: Array index out of bounds)
2016-12-20 22:01:19 +01:00
Daniel Marjamäki
f5ad7482a8
CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member.
2016-12-18 22:10:30 +01:00
PKEuS
cfac3b457d
Several small refactorizations
2016-12-06 22:12:02 +01:00
Stefan Weil
57b57428c2
Fix some typos in comments (found by codespell)
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-11-27 11:40:42 +01:00
Daniel Marjamäki
a61f4e9c94
Fixed #7831 (false-positive: terminateStrncpy)
2016-11-24 07:04:58 +01:00
Daniel Marjamäki
4732667488
ValueFlow: allow more value types
2016-11-13 22:33:39 +01:00
Daniel Marjamäki
9ff3e85899
Added --cppcheck-build-dir flag
2016-10-29 12:18:11 +02:00
Daniel Marjamäki
499e52c976
astyle formatting
...
[ci skip]
2016-08-15 18:04:55 +02:00
Roberto Martelloni
41dee04e90
CWE mapping of assignBoolToFloat, strncatUsage, sizeArgumentAsChar, terminateStrncpy, bufferNotZeroTerminated, negativeArraySize, noExplicitConstructor, virtualDestructor
2016-08-14 18:23:41 +01:00
Robert Reif
55b3f0bf38
Fixed #752 (SymbolDatabase: Does not match function if redundant keywords mismatch (C++))
2016-08-04 09:06:32 +02:00
PKEuS
3f4fe8f578
Refactorized CheckBufferOverrun:
...
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS
9a6569fde1
Always set ErrorMessage::file0 to ensure that the source file that cppcheck is checking when an error occurs can be identified
...
Removed unused function and unused includes from preprocessor.h/cpp
2016-07-26 16:28:40 +02:00
Simon Martin
bae81fba05
Silent clang -Wshadow warning. ( #812 )
...
Add an optional extended description…
2016-07-09 19:07:58 +02:00
PKEuS
44a19b527e
Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums ( #7576 )
2016-07-08 20:53:08 +02:00
PKEuS
644a216394
Fixed two false positives related to char arrays initialized by a literal:
...
- Run check for writing to string literals on non-simplified token list (#7283 )
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/ )
2016-07-07 19:38:15 +02:00
umanamente
0f11007c19
Fixed #7083 (false positive: typedef and initialization with strings)
2016-06-21 22:42:46 +02:00
PKEuS
8c0eab3eb3
Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays ( #5975 )
...
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
PKEuS
728d4242dc
Refactorizations in CheckBufferOverrun:
...
- Improved performance of CheckBufferOverrun::checkScope()
- Made some patterns less restrictive
2016-05-25 11:50:34 +02:00
Roberto Martelloni
d3645d874e
Mapped toomanyconfigs ,AssignmentAddressToInteger
...
,AssignmentIntegerToAddress ,CastIntegerToAddressAtReturn
,CastAddressToIntegerAtReturn ,assertWithSideEffect ,assignmentInAssert
,uselessAssignmentArg ,uselessAssignmentPtrArg
,comparisonOfFuncReturningBoolError
,comparisonOfTwoFuncsReturningBoolError ,comparisonOfBoolWithBoolError
,incrementboolean ,comparisonOfBoolWithInt ,compareBoolExpressionWithInt
,negativeIndex ,pointerOutOfBounds ,arrayIndexThenCheck
,possibleBufferAccessOutOfBounds ,argumentSize
,arrayIndexOutOfBoundsCond ,noConstructor ,copyCtorPointerCopying
,noCopyConstructor ,uninitMemberVar ,operatorEqVarError
,unusedPrivateFunction ,memsetClassFloat ,mallocOnClassWarning
,operatorEq ,thisSubtraction ,operatorEqRetRefThis ,operatorEqToSelf
,useInitializationList ,duplInheritedMember ,assignIfError
,comparisonError ,multiCondition ,mismatchingBitAnd
,oppositeInnerCondition ,incorrectLogicOperator ,redundantCondition
,moduloAlwaysTrueFalse to their CWEs ids.
2016-02-26 23:53:52 +00:00