Commit Graph

594 Commits

Author SHA1 Message Date
Paul Fultz II 668b88d7c0
Fix 10284: False positive; valueFlowBeforeCondition does not seem to care about increment (#3287) 2021-06-04 21:40:57 +02:00
Paul Fultz II b23c5aa742
Fix 10023: ValueFlow; Wrong result of post-increment in reverse analysis (#3289) 2021-06-04 17:20:21 +02:00
Daniel Marjamäki 3a498de306 extracttests; do not extract TestBufferOverrunterminateStrncpy tests 2021-05-24 13:17:29 +02:00
Daniel Marjamäki 5f6b56ada2 buffer overrun; Fixed false negative for dynamically allocated float buffer 2021-05-22 15:39:20 +02:00
Daniel Marjamäki 9a9f14bd8a Buffer overflow; Fixed FPs when array size is 1 2021-05-22 12:13:39 +02:00
Paul Fultz II 1e3ab460a3
Fix 10254: false positive: arrayIndexOutOfBounds in inline function (#3266) 2021-05-22 08:20:09 +02:00
Daniel Marjamäki 2c155a7a78 Uninitialized variables; use AST 2021-05-16 11:58:51 +02:00
Daniel Marjamäki e73057eb44 Fixed #10275 (ValueFlow: condition 'x>=0 && x < 10') 2021-05-16 10:34:22 +02:00
Daniel Marjamäki 2c10e0747a extracttests: ensure error comment is written on proper line 2021-05-16 08:40:04 +02:00
Daniel Marjamäki a07ea7e9e9 testbufferoverrun: refactor TODO test cases. Use TODO_ASSERT_EQUALS. 2021-05-15 21:08:07 +02:00
Daniel Marjamäki a2ff7752b4 testbufferoverrun; refactor TODO test cases 2021-05-15 20:42:57 +02:00
Daniel Marjamäki a40b85ccc6 testbufferoverrun: refactor TODO test case for strcat 2021-05-15 20:37:16 +02:00
Daniel Marjamäki b8314289c6 testbufferoverrun; fixed TODO test cases for pointer arithmetic overflows 2021-05-15 20:32:46 +02:00
Daniel Marjamäki 680a1ee1b9 testbufferoverrun; remove TODO strncat/strcat test cases 2021-05-15 20:12:36 +02:00
Daniel Marjamäki 26e9525683 testbufferoverrun; test case cleanup, ensure there is not uninitialized reads etc 2021-05-15 15:35:14 +02:00
Paul Fultz II eb96e4980e
Fix issue 10268: ValueFlow; Wrong value in for loop (#3257) 2021-05-15 08:39:20 +02:00
Daniel Marjamäki d549770b5b updated extracttests.py. fix syntax errors in test cases. 2021-05-13 20:21:02 +02:00
orbitcowboy e869452240 #10244: Fixed false negative: bufferAccessOutOfBounds 2021-04-13 16:40:38 +02:00
Oliver Stöneberg 6397e29f84
cleaned up includes based on include-what-you-use (#3141) 2021-04-03 21:30:50 +02:00
orbitcowboy e23a967215 #4750 Added a regression test 2021-03-28 09:29:46 +02:00
orbitcowboy 185a5e1ee6 #7682 Added regression test 2021-03-26 10:54:08 +01:00
orbitcowboy 6fd916a90f #3763 Added regression test 2021-03-26 10:01:44 +01:00
Daniel Marjamäki 42437277dc Update Copyright year 2021-03-21 20:58:32 +01:00
PKEuS 141d2ac215 Refactorization: Improved internal implementation of severity and certainty levels
Backported from LCppC.
2021-02-24 22:00:06 +01:00
PKEuS 4b01d5bdc6 Re-enabled a bunch of disabled unit tests, some as TODO tests
Merged from LCppC.
2021-02-20 13:02:14 +01:00
PKEuS cf1937294a Refactorization: Removed unnecessary \n and spaces in strings
Merged from LCppC.
2021-02-20 12:58:42 +01:00
Paul Fultz II fc4238829f
Fix issue 10092: false positive: (warning) The address of local variable 'data' might be accessed at non-zero index. (#3041) 2021-01-12 10:24:28 +01:00
Paul Fultz II e004731f1c
Fix issue 8650: ValueFlow: Track if pointer is created by '&' operator (#3011) 2021-01-05 16:56:38 +01:00
Ken-Patrick Lehrmann 8c2c81dbcd
Fix some false positive in loop forward analysis (#2669)
* Fix some false positive in loop forward analysis

In cases like:
```
bool b();
void f()
{
    int val[50];
    int i, sum=0;
    for (i = 1; b() && i < 50; i++)
        sum += val[i];
    for (; i < 50; i++)
        sum -= val[i];
}
```
The forward analysis assumed the second loop was entered, and we ended
up with false positive in it:
 `Array 'val[50]' accessed at index 50, which is out of bounds`

* Fix style
2020-06-05 18:06:03 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Oliver Stöneberg 2c1e36e63e
cleaned up includes based on include-what-you-use (#2600)
* cleaned up includes based on include-what-you-use

* check.h: trying to work around Visual Studio 2012 bug

* fixed Visual Studio compilation
2020-04-13 13:44:48 +02:00
orbitcowboy f05c504440 Running astyle [ci skip] 2020-03-03 20:38:30 +01:00
Dmitry-Me b61feff125 Improve test coverage for detecting invalid pointers 2020-03-02 19:01:27 +03:00
Paul Fultz II 3b20684aca
Fix issue 9360: False positive: arrayIndexOutOfBounds when function is called with different array sizes (#2541) 2020-02-17 10:31:08 +01:00
Paul Fultz II e1a97c524d Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index. (#2470)
* Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index.

* Format

* Remove unnecesary condition check
2020-01-04 11:39:52 +01:00
Daniel Marjamäki 9ffb657c1a Fixed #8597 (False positive - Array index is used before limits check.) 2019-12-20 09:46:01 +01:00
Paul Fultz II 78b4485670 Regression for issue 8653: valueFlowAfterCondition: compound conditional (#2416) 2019-12-02 11:35:51 +01:00
Sebastian c3c3d6770c
Fix #9478: Valueflow: printf does not change value (#2388)
Format-string arguments are now marked to have `in` direction, except
for `scan`-functions (like `scanf`) where these arguments are explicitly
marked to have `out` direction.
2019-11-24 01:40:31 +01:00
Daniel Marjamäki fcc5fad3ed Fixed #9113 (false positive: (error) Buffer is accessed out of bounds) 2019-11-10 16:42:48 +01:00
Rikard Falkeborn 73a569be97 TestBufferOverRun: Handle string literals (#2287) 2019-10-21 07:11:22 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Rikard Falkeborn 443fcd2ac4 TestBufferOverrun: Enable passing tests (#2246)
There are a number of tests and asserts in testbufferoverrun that pass.
Enable them to add test coverage.
2019-10-07 09:17:12 +02:00
Paul Fultz II 6b6553e320 Dont warn for arrays that are containers (#2240) 2019-10-05 16:14:30 +02:00
orbitcowboy 4b41f19c87 insecureCmdLineArgs: Added more test cases to ensure 'const'-qualifiers are handled correctly. 2019-08-15 08:45:31 +02:00
Daniel Marjamäki 602911cfca Activate a TODO test case 2019-07-29 08:06:57 +02:00
Scott Furry a195477470 Correct Zero/Null as pointer constant (#1938)
Building with enhanced clang warnings indicated a large number of
instances with the warning:

`warning: zero as null pointer constant`

Recommended practice in C++11 is to use `nullptr` as value for
a NULL or empty pointer value. All instances where this warning
was encountered were corrected in this commit.

Where warning was encountered in dependency code (i.e. external library)
no chnages were made. Patching will be offered upstream.
2019-06-30 21:39:22 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Daniel Marjamäki 6da42a3d63 Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.) 2019-05-01 13:00:14 +02:00