Commit Graph

699 Commits

Author SHA1 Message Date
Daniel Marjamäki 84bb024662 Refactoring; Reuse variable typeSize 2020-01-19 09:17:38 +01:00
Daniel Marjamäki cefd7fb33f Fix testrunner 2020-01-18 12:29:03 +01:00
Daniel Marjamäki 9ffb657c1a Fixed #8597 (False positive - Array index is used before limits check.) 2019-12-20 09:46:01 +01:00
Daniel Marjamäki fcc5fad3ed Fixed #9113 (false positive: (error) Buffer is accessed out of bounds) 2019-11-10 16:42:48 +01:00
Rikard Falkeborn 73a569be97 TestBufferOverRun: Handle string literals (#2287) 2019-10-21 07:11:22 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Paul Fultz II 6b6553e320 Dont warn for arrays that are containers (#2240) 2019-10-05 16:14:30 +02:00
Oliver Stöneberg de9f489b08 use range loops / constness (#2181)
* use range loops / constness

* platform.cpp: avoid shadowed variable
2019-09-19 20:29:33 +02:00
Daniel Marjamäki 32eda27391 Refactoring: Use enum class 2019-07-16 10:51:26 +02:00
Daniel Marjamäki 1888b39314 Use 'nonneg' instead of 'unsigned' in checkbufferoverrun 2019-07-16 07:59:35 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Daniel Marjamäki 6da42a3d63 Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.) 2019-05-01 13:00:14 +02:00
Daniel Marjamäki 74fad6ce05 Modernizing; Use std::accumulate instead of for loop 2019-04-28 11:25:43 +02:00
Daniel Marjamäki 9c5d24c551 Modernizing: Use std::accumulate instead of for loop 2019-04-28 11:17:11 +02:00
Daniel Marjamäki 9d72e24edb Refactoring; Use stl algorithm instead of for loop 2019-04-28 10:30:20 +02:00
Daniel Marjamäki f503386666 Refactoring; replace for loop with std::find_if 2019-04-28 10:07:11 +02:00
Rikard Falkeborn d23e987941 Fix CheckInternal warnings (#1790) 2019-04-06 06:55:46 +02:00
Daniel Marjamäki de4f57ec0f Buffer overflow: Add CTU checking for pointer arithmetic overflows 2019-04-03 06:43:56 +02:00
Daniel Marjamäki c5807459f9 CheckBufferOverrun: Add check for pointer arithmetics 2019-03-31 09:00:52 +02:00
Daniel Marjamäki b5a285319c Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) 2019-03-29 19:37:23 +01:00
Daniel Marjamäki 18aa968a7a Astyle formatting 2019-03-23 19:03:57 +01:00
Daniel Marjamäki 5126e4b1af Try to fix Visual Studio compiler error 2019-03-23 19:02:05 +01:00
Daniel Marjamäki d27a4ad82e CheckBufferOverrun: Fix ctu checking 2019-03-23 15:26:13 +01:00
Daniel Marjamäki a135683d2f Refactoring; Renamed CWE786 and CWE788 2019-03-23 08:41:20 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki 6cbe818f1a Fix uninitialized variable usage 2019-03-19 13:17:27 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Daniel Marjamäki b53a2e5dc4 CheckBufferOverrun: restore minsize code 2019-03-17 20:34:49 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Sebastian 19e9e42dd7
Library: Enhance minsize configuration and allow simple values. (#1736)
Some POSIX and Windows functions require buffers of at least some
specific size. This is now possible to configure via for example this
minsize configuration: `<minsize type="value" value="26"/>`.
The range for valid buffer size values is 1 to LLONG_MAX
(9223372036854775807)
2019-03-17 14:22:26 +01:00
Daniel Marjamäki 0771929518 Buffer overflow: Handling of dynamically allocated buffer 2019-03-17 13:40:56 +01:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki 2ecfae0a98 CheckBufferOverrun: the bufferNotZeroTerminated did not work well, hide that for now 2019-03-13 06:45:01 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki 4ababeb704 Fix 'make checkcfg' 2019-03-11 21:39:39 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki 17253cdb55 buffer overflow: Fix false positive 2019-03-11 19:40:17 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki a933261e14 Add message id arrayIndexOutOfBoundsCond 2019-03-11 19:12:03 +01:00
orbitcowboy 0721c9f7f0 Running astyle [ci skip]. 2019-03-11 15:32:30 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
Daniel Marjamäki 3eb5de756c Buffer overrun: Refactorings; use range for loops and write in message 2019-03-09 22:19:09 +01:00
amai2012 eb9edbc177 #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. 2019-03-08 11:07:33 +01:00
Daniel Marjamäki c32d015337 Fixed false positives from terminateStrncpy 2019-03-06 18:50:50 +01:00
Daniel Marjamäki 3f37d5ac2d Refactoring strncpy/strncat checking to use ValueFlow and AST 2019-03-06 09:04:04 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Daniel Marjamäki 271763e680 CTU: Refactoring 2018-12-25 21:11:23 +01:00
Daniel Marjamäki 2214ef5359 Refactor isVLAIndex 2018-11-23 20:23:20 +01:00
orbitcowboy 0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. (#1438)
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].

* Formatted the code. There are no functional changes intended.

* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. (#1419)
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.

* Formatted the code, there are functional changes.

* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki 20121b34d8 Fixed #7718 (False positive: out of bounds of already resized std::string) 2018-10-09 06:53:26 +02:00
Daniel Marjamäki 12b7c9e597 Fix Cppcheck warning 2018-09-01 08:41:41 +02:00
Daniel Marjamäki f388c77042 Fixed #8721 (Regression: False positive array index out of bounds) 2018-08-31 18:25:43 +02:00
Daniel Marjamäki 27aae8d032 Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function) 2018-08-30 10:04:07 +02:00
Daniel Marjamäki 54cfdb731e Refactoring; Use Token::isUnaryOp() to clarify code 2018-07-13 23:12:20 +02:00
Daniel Marjamäki 4c6270f9b2 Refactoring: use range for loop 2018-06-30 15:34:48 +02:00
Daniel Marjamäki cb48aae594 buffer overrun: Remove bailout. There is no test case and I fail to produce false positives. 2018-06-24 09:50:55 +02:00
Daniel Marjamäki 19cf0d1fa4 Refactoring; use range for loop 2018-06-17 18:37:40 +02:00
Daniel Marjamäki ad4ce84cf7 Rename private member variables 2018-06-17 17:20:16 +02:00
Daniel Marjamäki 79ffe1d4fc Rename _tokenizer, _settings, _errorLogger 2018-06-16 16:10:28 +02:00
Matthias Krüger be6c273e6b CheckBufferOverrun::checkScope_inner(): save a few pointer derefernces (NFC). 2018-05-31 12:28:34 +02:00
Daniel Marjamäki ca8e19c96d SymbolDatabase: Refactor SymbolDatabase: variable list 2018-04-28 09:38:33 +02:00
Daniel Marjamäki f336c2efe7 Refactoring; Renamed Scope::classStart and Scope::classEnd 2018-04-27 22:36:30 +02:00
Daniel Marjamäki f058d9ad08 CLI: Added more fields for --template and added a new --template-location. The gcc predefined template now matches latest gcc better. 2018-04-23 12:21:18 +02:00
PKEuS d2146844dd Refactorizations:
- Replace several push_back-calls by emplace_back
- Replace some x = x.substr(0, y) calls by x.erase(y)
2018-04-11 09:44:35 +02:00
PKEuS b15cc3f236 Refactorization: Replace several push_back-sequences by initializer lists 2018-04-09 09:54:39 +02:00
Daniel Marjamäki a0906140a6 Suppressions: New extensible Suppressions xml format that allow more attributes. To start with it also allows symbolName. 2018-04-09 06:43:48 +02:00
Daniel Marjamäki 3ad6c7ebce Refactoring, use early continue 2018-04-05 08:21:43 +02:00
jrp2014 67a71fa362 Refactor lib/checkbufferoverrun.cpp 2018-04-05 08:17:56 +02:00
jrp2014 b6504c70ca Improve constness 2018-04-04 21:51:31 +02:00
Daniel Marjamäki 96167ffa51 Compatibility fixes for gcc 4.5 2018-03-29 17:37:06 +02:00
Daniel Marjamäki 71511f3131 Refactor f487182 2018-02-06 08:59:36 +01:00
Ivan Maidanski f487182075 Suppressed unused functions should not lead to nonzero exit code (#1026) (#1078)
This is a fix of commit 97ffec8.
2018-02-06 07:44:53 +01:00
Daniel Marjamäki 5b6ec49a6f Pointer overflow: Fixed false positive 2018-01-27 22:09:43 +01:00
Daniel Marjamäki 189e0b3890 Fix Cppcheck warning about uninitialized variable 2018-01-27 22:05:29 +01:00
Daniel Marjamäki bc40f5041d Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun) 2018-01-27 15:39:39 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Ivan Maidanski 97ffec85c0 Fixed #7502 (Correct exit code if never used function is found) (#1026) 2018-01-12 08:24:01 +01:00
Daniel Marjamäki 7d2450e445 Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc) 2017-12-31 14:58:26 +01:00
Daniel Marjamäki 79f6793076 minor code cleanup 2017-12-31 12:30:02 +01:00
Oleksandr Redko a8700f5622 Remove redundant parts of conditional expressions (#988)
All issues were found with PVS-Studio:
V560 A part of conditional expression is always true: tok. astutils.cpp 407
V560 A part of conditional expression is always true: size > 0. checkbufferoverrun.cpp 709
V547 Expression 'secondTrue' is always true. checkcondition.cpp 1013
V547 Expression 'firstTrue' is always true. checkcondition.cpp 1020
V560 A part of conditional expression is always true: !scan. checkio.cpp 1036
V560 A part of conditional expression is always true: scope->function. checknullpointer.cpp 395
V560 A part of conditional expression is always true: tok2. checkstl.cpp 268
V560 A part of conditional expression is always true: par. tokenize.cpp 9440
V547 Expression '!erased' is always true. symboldatabase.cpp 3990
2017-11-03 10:39:57 +01:00
Daniel Marjamäki ba8222de1c ValueFlow: Put 'inconclusive' state in the ValueKind. A value can't be both known and inconclusive. 2017-09-20 22:41:36 +02:00
Ayaz Salikhov f0b5327450 Fix codestyle (#953) 2017-09-07 13:00:46 +02:00
Dmitry-Me 0e444aa133 Cache and reuse values 2017-09-05 17:50:36 +03:00
Ayaz Salikhov b8cd7dbb5c Use nullptr instead of 0 or NULL (#936) 2017-08-09 20:00:26 +02:00
Matthias Krüger 9b6d371762 checkbufferoverrun: remove dead store
the variable was declared inside a loop and the dead store also took place inside the loop (guarded by a condition) without further access of the value after that store.
Found by clang analyzer.

Was:

lib/checkbufferoverrun.cpp:1223:17: warning: Value stored to 'tok' is never read
                tok = tok->next();
                ^     ~~~~~~~~~~~
2017-08-01 16:53:00 +02:00
Daniel Marjamäki 058c439b2a Coverity detected useless function call, cleanup code 2017-08-01 12:45:37 +02:00
Daniel Marjamäki fec0c46af0 Refactoring, use continue in loop 2017-07-30 14:53:58 +02:00
Ayaz Salikhov 4bbc830a85 Fix warnings 2017-07-17 10:13:11 +03:00
uburuntu f4ce49d883 ENH: perfomance: using clear() and empty() more faster for stl containers 2017-06-02 22:38:00 +04:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 1dd42d9a9e arrayIndexOutOfBounds: Make sure error message is clarified for daca2 --template format 2017-05-25 08:18:37 +02:00
Daniel Marjamäki 70c2de62b7 arrayIndexOutOfBounds: better note 2017-05-23 16:06:32 +02:00
Daniel Marjamäki e73657b198 Clarify arrayIndexOutOfBounds 2017-05-23 14:58:43 +02:00