Commit Graph

9971 Commits

Author SHA1 Message Date
Daniel Marjamäki 901eb15c93 Add bug hunting test case for CVE-2018-20845 2020-05-03 18:46:59 +02:00
Daniel Marjamäki 168f8b08bc Add bug hunting test case for CVE-2019-13454 2020-05-03 18:33:54 +02:00
Daniel Marjamäki 453a73e740 Add bug hunting test case for CVE-2019-1010315 2020-05-03 18:18:50 +02:00
Daniel Marjamäki 388122b64b Added bug hunting test case for CVE-2019-14981 2020-05-03 18:07:04 +02:00
Daniel Marjamäki 0f6d8546cd Add bug hunting test case for CVE-2019-15939 2020-05-03 10:35:38 +02:00
Daniel Marjamäki 40dba74ac8 Add bug hunting test case for CVE-2019-16168 2020-05-03 08:49:24 +02:00
Daniel Marjamäki 4c63940902 Add bug hunting test case for CVE-2019-7156 2020-05-02 22:22:31 +02:00
Daniel Marjamäki b204be474a Refactoring bug hunting test cases for CVE issues. Leave source code unmodified. 2020-05-02 21:57:36 +02:00
Daniel Marjamäki e75c7fa26f Add bug hunting test case for CVE-2019-10018 2020-05-02 19:56:42 +02:00
Daniel Marjamäki 0fcc0c3f6e Add bug hunting test case for CVE-2019-10019 2020-05-02 19:51:59 +02:00
Daniel Marjamäki 73c7d8b89d Add bug hunting test case for CVE-2019-10020 2020-05-02 19:34:33 +02:00
Daniel Marjamäki 22ae962dd1 Added bug hunting test case for CVE-2019-10021 2020-05-02 19:29:56 +02:00
Daniel Marjamäki 09a9556a79 Added bug hunting test case for CVE-2019-10023 2020-05-02 19:25:39 +02:00
Daniel Marjamäki 9587f22834 Add bug hunting test case for CVE-2019-19888 2020-05-02 19:16:26 +02:00
Daniel Marjamäki eadd5fb97a Add bug hunting test for CVE-2019-10024 2020-05-02 17:09:43 +02:00
Daniel Marjamäki 5eeeba97eb SymbolDatabase: Better handling of function pointer function argument 2020-05-02 17:04:54 +02:00
Daniel Marjamäki 90108002e5 Add bug hunting test case for CVE-2019-10025 2020-05-02 11:48:15 +02:00
Daniel Marjamäki b62214a8fd Added bug hunting test case for CVE-2019-10026 2020-05-02 11:16:05 +02:00
Daniel Marjamäki 4a96799446 Bug hunting: in cve tests use proper compiler define 2020-05-01 20:29:27 +02:00
orbitcowboy 184977730c wxwidgets.cfg: Fixed false positive because Cppcheck cfg is not able to handle overloaded functions 2020-05-01 20:12:42 +02:00
Daniel Marjamäki e52eb087a3 Add bug hunting test CVE-2019-19872 2020-05-01 17:20:13 +02:00
Daniel Marjamäki 5084c253b3 Add bug hunting test CVE-2019-14494 2020-05-01 16:33:14 +02:00
Daniel Marjamäki 34572a40ab Bug hunting: Fixed handling of switch 'case %char%' 2020-05-01 15:15:24 +02:00
Daniel Marjamäki 2011a4dcbf Bug hunting: Add CVE test case 2020-05-01 14:27:18 +02:00
Daniel Marjamäki 1683bd38d1 Bug hunting: Added CVE test case 2020-05-01 13:59:17 +02:00
Daniel Marjamäki daae26c474 Bug hunting: Add CVE test suite 2020-05-01 12:21:08 +02:00
Daniel Marjamäki ef2e272f20 Fixed test/bug-hunting/itc.py 2020-05-01 10:22:05 +02:00
Daniel Marjamäki b97250e0fa ExprEngine; Try to handle assignments better 2020-04-30 21:05:34 +02:00
Daniel Marjamäki dab8b9fd31 ExprEngine: Improved checking of contracts in function calls 2020-04-28 17:16:13 +02:00
Daniel Marjamäki 2e369cc842 astyle formatting
[ci skip]
2020-04-27 17:35:52 +02:00
Lionel Gimbert ad6be7b122
Enforcing CppCoreGuideline C.35 on virtual class destructor (#2572)
* Enforcing CppCoreGuideline C.35
A base class destructor should be either public and virtual, or protected and non-virtual

https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Rc-dtor-virtual

* Protected destructor of ciurtual class can be virtual
2020-04-27 09:22:42 +02:00
Daniel Marjamäki 47c998e52d Fixed #9689 (setVarId: wrong varid when 'not' is used) 2020-04-25 14:42:45 +02:00
Paul Fultz II 2a09465a07
Fix issue 9686: Regression: ValueFlow should handle try/catch better (#2618) 2020-04-22 19:20:03 +02:00
Oliver Stöneberg 1af959af2c
fixed -Wextra-semi-stmt Clang warnings (#2553)
* fixed -Wextra-semi-stmt Clang warnings

* adjusted REDIRECT macro to require a semicolon

* testmathlib.cpp: rolled back accidental change
2020-04-21 17:27:51 +02:00
Daniel Marjamäki bda73600e0 Tokenizer: Improved removal of unused template (#9588) 2020-04-20 20:48:22 +02:00
Daniel Marjamäki da6e0308c5 Fixed #9195 (False positive: shadowFunction when constructor is shadowed) 2020-04-20 18:02:10 +02:00
Zorgovskiy 08fc956990
Fixes issue #9664 (#2614) 2020-04-20 08:59:35 +02:00
Daniel Marjamäki 219180b00a Fixed #9038 (Auto type with explicit pointer symbol detected as integer) 2020-04-19 20:08:47 +02:00
Daniel Marjamäki e8bbfdbfee Fixed #9559 (Multiple checks to std::atomic are not redundant) 2020-04-19 17:29:40 +02:00
Daniel Marjamäki 3c56ccc33f Fixed #9531 (Syntax Error: AST broken, 'for' doesn't have two operands.) 2020-04-19 17:00:22 +02:00
Paul Fultz II e2efb338b6
Fix issue 9678: False positive: generic valueflow forward analysis (#2611) 2020-04-19 08:28:07 +02:00
Daniel Marjamäki 54978847c5 Fixed #8916 (FP: followVar does not seem to handle non-const method call properly) 2020-04-18 19:54:55 +02:00
Daniel Marjamäki de53f63f76 Fixed #9665 (Tokenizer::setVarId: for loop variables) 2020-04-18 12:08:53 +02:00
Daniel Marjamäki 4ba2aa82bb astyle formatting
[ci skip]
2020-04-18 09:38:23 +02:00
Carl Michael Grüner Monzón 7c93f51885
Consider pre{inc,dec}rements on assert checks (#2605)
* Consider pre{inc,dec}rements on assert checks

* Simplify code by using new AST APIs

* Fix assert test with invalid syntax
2020-04-18 09:26:24 +02:00
Paul Fultz II 453a69dd8c
Fix issue 9677: False positive: returning pointer to oject that will not be invalid (#2607)
* Fix issue 9677: False positive: returning pointer to oject that will not be invalid

* Formatting
2020-04-18 09:23:10 +02:00
Daniel Marjamäki aa1bbf2e62 Fixed #9679 (False positive: use this after free (lambda not executed directly)) 2020-04-17 20:20:45 +02:00
Daniel Marjamäki e4bea02cad Fixed #7578 (varid not set for 'pointer to array' member variable in method) 2020-04-15 20:56:21 +02:00
Paul Fultz II 985c82730e
Add regression test for 9573: ValueFlow: Wrong tracking of value in function call (#2603) 2020-04-15 08:09:36 +02:00
Daniel Marjamäki 98be091d80 Fixed typedef simplification for array of function pointers 2020-04-13 16:28:01 +02:00
Oliver Stöneberg 2c1e36e63e
cleaned up includes based on include-what-you-use (#2600)
* cleaned up includes based on include-what-you-use

* check.h: trying to work around Visual Studio 2012 bug

* fixed Visual Studio compilation
2020-04-13 13:44:48 +02:00
shaneasd 82c09f243b
Maybeunusedsupport (#2570)
* Add rudimentary support for [[maybe_unused]]

* Add more test cases. use the symboldatabase rather than reparsing. Fix travis error.

* test review actions

* change var to usage._var
2020-04-12 20:35:54 +02:00
Daniel Marjamäki 6b579293b6 Clang import; Destructor 2020-04-12 17:27:49 +02:00
Daniel Marjamäki 97b04ba9a7 Syntax check: Using keyword in global scope 2020-04-11 17:36:22 +02:00
Paul Fultz II 8b27f1c216
Fix issue 9667: crash: crash in valueflow for weird code where label address is returned (#2602) 2020-04-11 13:56:53 +02:00
Daniel Marjamäki e8e3c2660d Detect syntax error 'x ==> y' 2020-04-11 11:05:27 +02:00
Daniel Marjamäki c029d5150c Fixed #9123 (False positive: uninitialized variable) 2020-04-10 12:33:15 +02:00
Daniel Marjamäki 0725c2290c Tokenizer: Do not simplify function pointers to normal pointers as we loose important information 2020-04-10 11:53:32 +02:00
Daniel Marjamäki e0c8118c02 Fixed crash in AST 2020-04-09 17:42:51 +02:00
Daniel Marjamäki 8e9d7290b2 Tokenizer::simplifyTypedef: Better handling of r-value references 2020-04-08 22:40:45 +02:00
Daniel Marjamäki 37a4e375ba astyle formatting
[ci skip]
2020-04-08 22:39:17 +02:00
Achouv 7719e4309d
avoid false positive unused static const struct member (#2598) 2020-04-08 18:09:20 +02:00
Paul Fultz II 3773d0e875
Find more redundant conditions (#2597) 2020-04-07 07:15:15 +02:00
Daniel Marjamäki 66ee3a0afc Clang import: Better handling of methods that are defined after declaration 2020-04-06 17:18:52 +02:00
Paul Fultz II 8fd0839fea
Add regression test for 9534: False positive: Returning pointer to local variable 'x' that will be invalid when returning. (#2596) 2020-04-06 16:02:10 +02:00
Daniel Marjamäki 8dd0a9241c TemplateSimplifier: Simplification of const types 2020-04-05 13:51:58 +02:00
Daniel Marjamäki f01783238e Fixed #9596 (False positive: Returning an integer in a function with a pointer return type auto handling) 2020-04-04 20:03:48 +02:00
Paul Fultz II efdc5f5c4e
Fix issue 9435: False negative: invalidContainer when using range for loop (#2587)
* Fix issue 9435: False negative: invalidContainer when using range for loop

* Use ast

* Make string const
2020-04-04 11:47:02 +02:00
Oliver Stöneberg 1dd8d4afaf
fixes for Clang and clang-tidy 10 (#2588)
* clang_tidy.cmake: added clang-tidy-10 to program list

* fixed -Wrange-loop-construct Clang warnings

* fixed readability-qualified-auto clang-tidy warnings

* .clang-tidy: actually disable clang-analyzer-* warnings

* .clang-tidy: disabled some new warnings introduced with clang-tidy-10
2020-04-04 11:44:59 +02:00
Paul Fultz II 40e1e82a65
Fix issue 9644: Token::astOperand1() cyclic dependency on valid C++ code (#2590)
* Remove check for lambda

* Add test case
2020-04-04 10:55:31 +02:00
Daniel Marjamäki e0acd1abf8 Tokenizer: Report unknown macro that contains '.x=..' argument 2020-04-04 10:32:56 +02:00
Paul Fultz II 58e3f19ed8
Fix issue 9662: AST broken, ternary operator missing operand(s) on valid C++ code (#2589)
* Fix issue 9662: AST broken, ternary operator missing operand(s) on valid C++ code

* Add test for issue 9537
2020-04-03 10:04:10 +02:00
Paul Fultz II 71deaaeb18
Fix issue 9608: False Positive: returnDanglingLifetime with braced-init-list (#2583) 2020-04-02 10:17:58 +02:00
Paul Fultz II 02ae71917a
Fix issue 9536: False positive: Reference to temporary returned when using operator() (#2582)
* Fix issue 9536: False positive: Reference to temporary returned when using operator()

* Add more test cases
2020-04-01 22:35:41 +02:00
Paul Fultz II 6cc58e1086
Set a max for the combination of arguments that can be passsed through valueFlowSubFunction (#2579)
* Set a max for the combination of arguments that can be passsed

* Skip mismatch path ids when computing the cross product
2020-04-01 22:33:09 +02:00
Dmitry-Me b51e4dfeea Improved test to have all lines reached 2020-03-27 19:11:38 +03:00
Dmitry-Me e1d38a854b Improved test to have all lines reached 2020-03-25 18:11:05 +03:00
Paul Fultz II 5462e43161
Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning (#2576)
* Follow reference when tracking local variables

* Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning
2020-03-23 22:54:53 +01:00
Paul Fultz II b68d6f9471
Fix crash in valueflow when using local classes (#2575) 2020-03-22 10:12:53 +01:00
Paul Fultz II 7fd3580f21
Dont traverse conditions multiple times (#2574) 2020-03-20 10:37:16 +01:00
Paul Fultz II f2527f5340
Fix crash in valueFlowForLoopSimplifyAfter (#2573) 2020-03-20 07:16:05 +01:00
Daniel Marjamäki 1173186876 Fixed daca@home crash by stopping for unknown macro 'MACRO(a();b();)' 2020-03-12 13:28:09 +01:00
Daniel Marjamäki 900b99fbd8 Tokenizer; Report unknown macro used in function declaration 2020-03-10 20:22:46 +01:00
Sebastian b8432b7e23
testsymboldatabase.cpp: Fix AppVeyor build error (#2568) 2020-03-10 12:26:00 +01:00
Daniel Marjamäki f093d23a36 SymbolDatabase: Fixed addArguments 2020-03-09 15:13:50 +01:00
Daniel Marjamäki 1008868506 AST: Better handling of '(type){..}' 2020-03-08 16:46:06 +01:00
Daniel Marjamäki cdee62c032 AST: Fixed AST for struct cast '(struct T){...}' 2020-03-08 16:21:22 +01:00
Daniel Marjamäki 5ea01c5d60 Fix Cppcheck warning 2020-03-08 10:02:46 +01:00
Daniel Marjamäki 5376ba1701 AST: Throw validation exception if ternary operator is missing operands 2020-03-07 21:46:38 +01:00
amai2012 b795d30db6 Enable another zeroDivCond test which got fixed recently 2020-03-06 17:15:54 +01:00
orbitcowboy f05c504440 Running astyle [ci skip] 2020-03-03 20:38:30 +01:00
Dmitry-Me b61feff125 Improve test coverage for detecting invalid pointers 2020-03-02 19:01:27 +03:00
Paul Fultz II 6ea4f60600
Enable valueFlowSubfunction for multiple parameters (#2550) 2020-03-01 16:46:20 +01:00
Daniel Marjamäki 5df6d5bc7c Tokenizer; Warn about unknown macro used in string concatenation 2020-02-28 21:52:01 +01:00
Sebastian f0e3f9e79a
gtk.cfg: Fix/enhance Gtk library configuration (g_abort and others) (#2558)
test/CMakeLists.txt: Fix missing INCONCLUSIVE for Gtk configuration test
2020-02-27 13:16:43 +01:00
Daniel Marjamäki 38b570138f AST: Try to handle c++17 for properly 'for (auto [a,b]:c)' 2020-02-27 09:58:53 +01:00
Daniel Marjamäki 84995485ea VarId: fixed varids for 'for (auto [x,y]: xy)' 2020-02-27 07:18:07 +01:00
orbitcowboy a5ca3cb1f0 wxwidgets.cfg: Fixed FP for wxSizer::Add() 2020-02-26 16:10:10 +01:00
Sebastian 8fd17546ad
qt.cfg: #9650: Fix missing configuration for QString.chop() (#2556)
chop() and also remove() change the size of a QString, so they have to
be added in the container configuration accordingly to avoid false
positives.
2020-02-26 10:53:03 +01:00
Sebastian fb36889d29
gtk.cfg: Fix syntax errors and false positives (#2552)
A missing definition for g_assert_cmp*() causes syntax errors if code
like g_assert_cmpint(a, ==, b); is encountered.
The function g_hash_table_iter_replace() does not have to be marked
with leak-ignore since the memory could be freed later if corresponding
functions are present in the GHashTable. Since we can not know if this
is the case we have to assume that the memory is freed to avoid false
positives. The same is true for g_hash_table_insert() and
g_hash_table_replace().
2020-02-26 10:33:23 +01:00