Commit Graph

646 Commits

Author SHA1 Message Date
PKEuS 63254b33f9 Fixed uncaught exception in testbufferoverrun.cpp 2014-03-27 19:55:11 +01:00
Daniel Marjamäki 6da9cca4ab fixed unit test that I broke by mistake 2014-03-25 21:45:25 +01:00
Daniel Marjamäki 87daf5783e buffer overflow: clean up old checking for negative index 2014-03-25 20:37:32 +01:00
Daniel Marjamäki c8004a8d31 Buffer overruns: Use ValueFlow to detect negative index 2014-03-25 18:22:22 +01:00
Daniel Marjamäki aa05bf0f16 ValueFlow: Improved abstract interpretation 2014-03-24 06:48:06 +01:00
Daniel Marjamäki dbc8273cb7 ValueFlow: improved abstract interpretation of for loops 2014-03-24 00:16:02 +01:00
Daniel Marjamäki b6276058da Value Flow: Improved abstract interpretation of arithmetical expressions 2014-03-22 19:02:33 +01:00
PKEuS 49b25b05d9 Fixed crash in CheckBufferOverrun on garbage code (#5595) 2014-03-21 13:20:44 +01:00
Daniel Marjamäki e240282443 Value Flow: Another try with the abstract interpretation of for loops 2014-03-17 18:43:47 +01:00
Daniel Marjamäki 8c3f2c2ad9 Revert 894a65b0. abstract interpretation of for loops. there was some crashes and performance problems. I will fix those problems when I have time and recommit. 2014-03-16 08:38:52 +01:00
Daniel Marjamäki 894a65b0b1 ValueFlow: Refactor the for-loop handling. Use abstract interpretation. 2014-03-15 11:29:33 +01:00
Daniel Marjamäki 7fa73c0d64 Merge pull request #256 from xypron/5505
5505: FP: Array accessed out of bounds
2014-03-09 08:47:18 +01:00
Heinrich Schuchardt bd67db96f1 5505: FP: Array accessed out of bounds
CheckBufferOverrun::checkFunctionParameter alreacy considered usage of a
function parameter inside an if block as a special case.

With the patch the same is done for switch statements.

A test is added.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2014-03-07 19:51:13 +01:00
Daniel Marjamäki fd3a8a2a18 Update copyright 2014-02-15 07:45:39 +01:00
Martin Ettl 6ca7daec10 Fixed #389: Providing negative value to memory allocation function. 2014-02-01 22:38:29 +01:00
Daniel Marjamäki 9aa9530e0d Fixed #5426 (crash: btrfs-progs cmds-inspect.c) 2014-01-31 06:19:36 +01:00
Daniel Marjamäki abe8439917 Fixed #5416 (False positive: Array accessed at index, which is out of bounds.) 2014-01-28 16:55:10 +01:00
Daniel Marjamäki 0dbb86f0cb Cleanup ExecutionPath from CheckBufferOverrun 2014-01-22 21:25:37 +01:00
Daniel Marjamäki b91f42453b value flow: improved handling of cast 2014-01-20 22:26:55 +01:00
Daniel Marjamäki 3e23e243f6 BufferOverflow: Updated message for out of bounds array index or redundant condition 2014-01-17 19:44:45 +01:00
Daniel Marjamäki 18d6285ad2 BufferOverrun: Improved error message when array index is used before checking that its in limits 2014-01-17 18:56:46 +01:00
Daniel Marjamäki 30cae358d8 Removed the --value-flow flag. ValueFlow analysis will always be enabled from now on. 2014-01-17 18:07:05 +01:00
Daniel Marjamäki 0b4de97e2b value flow: Use ValueFlow in CheckBufferOverrun 2014-01-16 19:23:14 +01:00
Daniel Marjamäki a1b0d190df Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().) 2014-01-02 10:46:19 +01:00
Daniel Marjamäki 32be4094e7 Symbol database: only put variables in variable list 2013-12-31 17:51:56 +01:00
PKEuS 4f0121ee2f Splitted simplification out of tokenize() 2013-12-30 17:45:28 +01:00
Simon Martin fe75686595 Ticket #5203: Don't crash when checking buffer overrun for invalid code. 2013-11-30 07:40:32 +01:00
Daniel Marjamäki 946722faf0 Fixed #4968 (False positive: Structure with 'read' member is confused with read() function.) 2013-10-05 18:25:44 +02:00
Alexander Mai 450442287c Fixed #4974 (CheckBufferOverrun::writeOutsideBufferSize() too strict) 2013-08-25 18:46:07 +02:00
Daniel Marjamäki 5ce7189bc0 Merge pull request #166 from last5bits/ticket4213
Fixing #4213 arrayIndexThenCheck and adding tests
2013-08-23 22:36:30 -07:00
Alexey Zhikhartsev d24a321ba2 Fixing #4213 arrayIndexThenCheck and adding tests 2013-08-23 19:04:01 +04:00
Daniel Marjamäki 64733d9e63 astyle formatting 2013-08-10 12:32:59 +02:00
Simon Martin ad33d95ec1 Ticket #4764: properly handle template instantiations with only default parameters. 2013-08-10 12:00:16 +02:00
PKEuS a9a5dc0354 Updated to AStyle 2.03, require this version 2013-08-07 16:27:37 +02:00
Lucas Manuel Rodriguez d6be4559cd Fixed #4840 (false negative: buffer access out of bounds) 2013-06-25 06:37:51 +02:00
Daniel Marjamäki a861817a01 Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration) 2013-05-28 16:52:23 +02:00
Daniel Marjamäki ea60c5b14b CheckBufferOverrun: Code cleanup 2013-05-05 08:14:19 +02:00
Daniel Marjamäki 4e65800adf TestRunner: Updated warning message when there is unsimplified code 2013-04-16 16:54:19 +02:00
Daniel Marjamäki 393c75af70 Simplified remaining TestBufferOverrun test cases 2013-04-13 15:49:15 +02:00
Daniel Marjamäki cbe2cdafcf Simplify TestBufferOverrun test cases (casts, pointer addition, calculation) 2013-04-13 13:58:21 +02:00
Daniel Marjamäki fe911f92e1 Simplify TestBufferOverrun test cases (known variable value) 2013-04-13 13:13:13 +02:00
Daniel Marjamäki 78d3aef40e Simplified TestBufferOverrun test cases (sizeof, known variable value) 2013-04-13 11:01:19 +02:00
Daniel Marjamäki 3b880f9e2e Simplified TestBufferOverrun test cases (sizeof, known variables, casts, etc) 2013-04-13 08:19:14 +02:00
Daniel Marjamäki 7871f16e9d Simplified TestBufferOverrun::readlink test cases (sizeof) 2013-04-13 07:31:15 +02:00
Daniel Marjamäki 6afdd1b7c0 Simplified TestBufferOverrun::readlinkat test cases (sizeof, known variables) 2013-04-13 07:22:01 +02:00
PKEuS cdce755471 Removed duplicate unit tests in testbufferoverrun.cpp 2013-04-12 12:17:08 -07:00
PKEuS c487ea843d Better fix for #4706: Use Token::nextArgument() properly. Removed redundant ' in message 2013-04-09 08:30:53 -07:00
Ettl Martin ba8cca8fa9 #4706 fix crash when a struct member is used as first argument. Replaced Token::nexArgument with %any% in Token::Match call. Added unittests in testing Token::nexArgument. 2013-04-04 15:12:18 +02:00
Ettl Martin 54d398c7dd unittests: removed not needed '\n' at the end of testcases. 2013-03-19 09:18:58 +01:00
Ettl Martin ff826d7c62 #4664: new check: (POSIX) write outside buffer size. 2013-03-19 08:22:48 +01:00
PKEuS 096fa2f771 Fixed #4380 2013-03-14 10:18:48 -07:00
Thomas Jarosch 61d9424631 astyle formatting 2013-03-14 11:10:12 +01:00
Ettl Martin cd1392749c Removed not needed '\n' at the end of testcases in testbufferoverrun.cpp. No functional changes. 2013-03-14 09:45:47 +01:00
Ettl Martin c8798b2207 #3838 added more testcases. 2013-03-14 09:36:38 +01:00
Ettl Martin 19c430530f #3838 added another testcase to avoid a FP. 2013-03-14 09:21:31 +01:00
Robert Reif 4b9b87e310 Fixed #4646 (false positive: (style, inconclusive) Technically the member function 'C<T>::operator+=' can be const.) 2013-03-14 06:34:12 +01:00
Ettl Martin 34b3fe6af0 #1659 added TODO-testcases. 2013-03-13 10:55:20 +01:00
PKEuS 14feaa8d39 Refactorizations:
- Fixed lots of cppcheck messages about functions that can be const or static
- Fixed possible nullpointer dereference message in symboldatabase.cpp
- Replaced tokAt(+-1) by next()/previous()
2013-03-12 07:42:00 -07:00
PKEuS d78c06dc3f Replaced _settings->isEnabled("style") by _settings->isEnabled("warning") wherever warnings are issued 2013-03-03 02:41:59 -08:00
PKEuS 27f7917349 Changed severity and message formatting of argumentSize message. 2013-02-16 00:52:27 -08:00
Robert Reif 3b08b410a2 Symbol database: Improved function lookup (a.b.f()). Ticket: #4494 2013-01-25 06:49:04 +01:00
Reijo Tomperi 5d5f7085bf Updating year 2012 -> 2013 to .cpp and .h files and man page. 2013-01-01 18:29:08 +02:00
Thomas Jarosch 4708be09f5 Fixed #4444 (segmentation fault) 2012-12-28 11:15:18 +01:00
PKEuS 735069e3a7 Fixed unit tests 2012-12-26 12:50:59 +01:00
Robert Reif ce380301fd Fixed #4432 (Crash on parsing PHP interpreter) 2012-12-26 08:29:10 +01:00
Daniel Marjamäki 7f6a10599b Fixed #4262 (Small Request/Suggestion for checks on array size of args (bounty offer)) 2012-12-22 09:23:34 +01:00
Daniel Marjamäki 365a260ddc Fixed #4398 (False negative: out of bounds (for loop)) 2012-12-22 08:00:05 +01:00
PKEuS 4737966caf Unit test cleanup: Removed some empty lines and whitespaces before \n. 2012-12-06 10:19:22 -08:00
Daniel Marjamäki 031adef6ea Array index checking: Fixed TODO comment (false negatives when using ?:) 2012-11-30 09:01:15 +01:00
Daniel Marjamäki 68240fffc6 Fixed #4228 ((error) Internal error. Token::Match called with varid 0 (multiple declarations in for loop)) 2012-09-23 17:15:39 +02:00
Daniel Marjamäki ec01cc811e Second fix for #4207 (Internal error. Token::Match called with varid 0) 2012-09-23 13:25:28 +02:00
Daniel Marjamäki a17f37c67d CheckBufferOverrun: Better handling of functions with variable arguments 2012-09-22 16:19:19 +02:00
XhmikosR 3c14e4b52a test: tabs to spaces, remove trailing spaces and extra empty lines at the end of files 2012-09-17 13:51:40 +02:00
Daniel Marjamäki a99515ca91 Fixed #3933 (Negative array index issue (because sizeof struct is assumed to be 100)) 2012-09-16 08:20:43 +02:00
Daniel Marjamäki 6b56b4a9d3 Show that inconclusive message is inconclusive 2012-09-07 16:11:15 +02:00
Daniel Marjamäki 3032ded9aa replaced tabs with spaces 2012-09-05 19:46:44 +02:00
Deepak Gupta 4202866100 Fixed #4096 (Improve check: Buffer overrun in for loop, postfix increment in array access) 2012-09-01 19:17:28 +02:00
Daniel Marjamäki 8afdde0b5e Fixed #3931 (FP: Buffer access out-of-bounds) 2012-08-12 17:06:54 +02:00
PKEuS 9834888f19 Removed some duplicate tests and a redundant variable 2012-07-25 01:34:54 -07:00
Ettl Martin 4312d31b87 #3979 added todo testcases 2012-07-19 09:44:06 +02:00
PKEuS 2103811291 Refactorizations in testrunner:
- Removed unnecessary space characters
- Removed comments from test cases which are not preprocessed
2012-07-16 05:02:33 -07:00
PKEuS 639f15645a Message refactorization: checkbufferoverrun.cpp (2), checkclass.cpp, checkexceptionsafety.h 2012-07-09 02:11:05 -07:00
PKEuS ed7e950671 Message refactorization: checkbufferoverrun.cpp 2012-07-08 06:51:24 -07:00
Daniel Marjamäki 848fd59cbd Fixed #3913 (boundcheck, false positive continue in loop) 2012-07-08 14:34:47 +02:00
PKEuS 43c060b630 Removed preprocessor directives from tests that aren't preprocessed before being tokenized. 2012-07-07 11:21:08 -07:00
Daniel Marjamäki 5de82c1c42 Updated arrayIndexOutOfBounds error message. Thank you Kimmo for the suggestion. 2012-06-23 09:51:32 +02:00
Daniel Marjamäki 4e98cb3ed9 Fixed #3907 (improve check: detect buffer overrun when using && or || in for loop) 2012-06-23 09:23:14 +02:00
Daniel Marjamäki ac524c56ad Reviewed handling of unknown types in ExecutionPathBufferOverrun 2012-06-23 08:15:59 +02:00
Daniel Marjamäki 7d59d86ed6 Fixed #3893 (Improve check: Array index out of bounds not detected when down conting) 2012-06-16 17:44:51 +02:00
Ettl Martin ffb9342084 Added array index out of bounds tests to testsuite. 2012-05-23 23:59:14 +02:00
Ettl Martin b3d862e27e #3838 added todo-testcase 2012-05-23 23:32:58 +02:00
PKEuS ec00824fd3 Fixed #3357:
- Print "inconclusive" tag in cli
- Fixed inconclusive handling in checkbufferoverrun.cpp
- Merged reportInconclusiveError into reportError by adding an additional parameter "bool inconclusive" which is false per default
2012-05-06 10:37:41 -07:00
PKEuS 4dcb2ef57b Refactorizations in test suite:
- Removed again one custom stringify implementation
- Avoided unnecessary std::string creation in testbufferoverrun.cpp
2012-04-16 20:02:52 +02:00
PKEuS b37cf11d20 Refactorizations:
- Increased encapsulation by making some functions private
- Removed redundant function CheckBufferOverrun::ArrayInfo::declare
- Avoided copy of ArrayInfo object
- Removed unnecessary and suspicious "if(sizeof(int) == 4)"
2012-03-27 19:40:39 +02:00
Daniel Marjamäki 2be85e9d37 Fixed #3538 (false positive caused by bad tokenizer simplification) 2012-02-01 21:13:26 +01:00
Edoardo Prezioso aaa6070fc9 Run astyle. 2012-01-31 18:43:11 +01:00
Ettl Martin 86a5a9a7bf fixed wrong testcase 2012-01-31 16:48:05 +01:00
Ettl Martin c1e2802175 ticket 3569: added further testcases 2012-01-31 16:25:57 +01:00
Ettl Martin 7110fa2c0c added tests for ticket #3569 2012-01-31 16:13:28 +01:00
Reijo Tomperi 8cae17fda8 Update year to 2012 2012-01-01 01:05:37 +02:00
Daniel Marjamäki 7c95c6f680 Array index out of bounds: Added test case for #3428 (same name of structs) 2011-12-18 16:43:46 +01:00
Daniel Marjamäki 772b8cc37d Array index out of bounds: Avoid false positives when there are duplicate names for structs 2011-12-18 08:12:42 +01:00
Daniel Marjamäki 5f712cc213 Array index out of bounds: Fixed false positive when taking address beyond array using calculated array index 2011-12-17 21:35:12 +01:00
Daniel Marjamäki 95123854ba Array index out of bounds: Fixed false positive when size is not known. 2011-12-17 13:20:42 +01:00
Daniel Marjamäki 497c54a1a7 Fixed #3168 (false negative: buffer overflow in subfunction) 2011-12-11 08:16:58 +01:00
Daniel Marjamäki ee39f6402c reverted fix for #3168, I'll rewrite it 2011-12-10 20:46:10 +01:00
Daniel Marjamäki 897e8637b4 Fixed #3168 (false negative: buffer overflow in subfunction) 2011-12-10 19:26:12 +01:00
PKEuS 1bef8d1247 Tokenizer: Code cleanups 2011-12-08 17:42:26 +01:00
Ettl Martin 4884a1dfe0 sanity check for ticket #3387 ( buffer access out of bounds) 2011-12-06 20:53:56 +01:00
Zachary Blair 344d7e2f34 Fixed #3283 (False negative: array index out of bounds not found for constant string and known array index value) 2011-11-30 19:17:09 -08:00
Marek Zmysłowski e0b50719f4 Fixed #909 (improve check: out of bounds of memchr function and out of bounds check) 2011-11-27 07:54:52 +01:00
Ettl Martin 603a37b08a added testcase for ticket #3273 2011-11-01 11:52:39 +01:00
Daniel Marjamäki dc29d43e83 astyle formatting 2011-10-29 20:27:50 +02:00
Daniel Marjamäki d7be62a6f9 Fixed #3221 (FP: Array 'arr[2147483648]' index 0 out of bounds in loop when size unknown to cppcheck) 2011-10-29 20:26:24 +02:00
Thomas Jarosch 3413ffef3e Refactor readlink() buffer check to also handle readlinkat() 2011-10-24 21:23:18 +02:00
Marek Zmysłowski b332ea8222 Fixed #3204 (Refactor standards support in Settings) 2011-10-22 09:45:48 +02:00
Thomas Jarosch a52b73f9f9 Fix #3208 (Simplify pointer to standard type, C only)
The symbol database is unavailable during token simplification
and &data[0] might return something completely different for C++.

Moved code_is_c() from checkOther to Tokenizer.
2011-10-16 08:09:57 +02:00
Thomas Jarosch 7ae39f13cc Fixed #3198 (Add check for readlink()) 2011-10-14 19:45:51 +02:00
Daniel Marjamäki 6f8e42a5af changed the astyle formatting flags 2011-10-13 20:53:06 +02:00
Daniel Marjamäki b73896bcc5 Fixed #3163 (Out of bounds pointer arithmetic not reset) 2011-10-12 20:54:39 +02:00
Thomas Jarosch abd2525339 Fixed #3161 (Show buffers size info for snprintf() buffer overruns) 2011-10-05 20:17:57 +02:00
Robert Reif 65b0fb4519 fix #3153 (false positive buffer access out-of-bounds) 2011-09-30 17:28:59 -04:00
Robert Reif ac070b90f2 fix for loop false positives when zero length arrays present 2011-09-22 21:23:40 -04:00
Robert Reif b349d36c50 fix #3124 (FP: Buffer access out-of-bounds when memset two dimension array (a[5][6])) 2011-09-19 20:32:50 -04:00
Robert Reif 3f517b5f23 partial fix for #2960 (false negative: buffer access out of bounds) 2011-09-11 21:51:05 -04:00
Robert Reif 40009d091d add multi-dimension array support to second checkScope and use it for member arrays 2011-09-11 20:42:57 -04:00
Robert Reif 0d6592dd2e use correct checkScope function in CheckBufferOverrun for single dimension member arrays 2011-09-11 19:21:13 -04:00
Robert Reif 19928e26d1 refactor to unify functionally identical code in CheckBufferOverrun::checkScope() 2011-09-11 14:00:53 -04:00
Robert Reif 547a79d4fe calculate array size for variable length structures with array at end in CheckBufferOverrun::checkStructVariable() when possible 2011-09-10 10:14:32 -04:00
Robert Reif b0eab2587d better detection of variable sized structure in CheckBufferOverrun::checkStructVariable() 2011-09-09 08:37:24 -04:00
Robert Reif 27bfa2a346 fix some CheckBufferOverrun::checkStructVariable() flase negatives for possible variable length structs 2011-09-09 07:46:06 -04:00
Robert Reif 16924c7c7a fix #3094 (Buffer access out-of-bounds in struct variable) 2011-09-09 07:16:39 -04:00
Robert Reif 812a17f294 fix one of the TODO testcases added for #3094 (Buffer access out-of-bounds in struct variable) 2011-09-08 22:44:25 -04:00
Robert Reif 65b1a4df19 add soem test cases for #3094 (Buffer access out-of-bounds in struct variable) 2011-09-08 22:41:18 -04:00
Robert Reif 7451c5cece warn when buffer is not zero terminated after memmove 2011-09-05 15:59:41 -04:00
Robert Reif f5d71d1ac5 warn when buffer is not zero terminated after memcpy 2011-09-05 15:41:37 -04:00
Robert Reif 3c8988e7a5 warn when buffer is not zero terminated after strncpy 2011-09-05 15:19:38 -04:00
Robert Reif fe85b8779e fix #2528 (false negative: buffer access out of bounds) 2011-09-04 21:39:52 -04:00
Robert Reif 50688b28fd fix #2889 (false negative: buffer access out of bounds on local struct member) 2011-09-04 19:54:57 -04:00
Robert Reif c2b76cd41f add some variable length array tests 2011-09-04 14:39:24 -04:00
Robert Reif e782d98241 final fix for #3063 (false negative: multi dimensional arrays not well supported) 2011-09-03 21:51:00 -04:00
Daniel Marjamäki d23c58d387 enable: break out 'performance' and 'portability' from the 'style' id. Ticket: #3074 2011-09-03 15:30:30 +02:00
Robert Reif d749e28dc0 another partial fix for #3063 (false negative: multi dimensional arrays not well supported) 2011-09-02 21:07:29 -04:00
Robert Reif d85410de8c partial fix for #3063 (false negative: multi dimensional arrays not well supported) 2011-09-02 19:35:09 -04:00
Daniel Marjamäki ef30da51bf Fixed #3034 (Cppcheck crash on specific file (truecrypt).) 2011-08-29 19:16:52 +02:00
Robert Reif cf6d04de74 fix #3044 (Symbol database: handle multidim array with unknown dimension 'char a[][4]') 2011-08-28 11:40:55 -04:00
Robert Reif d643397a7e better message for strncpy zero-terminated check 2011-08-28 09:06:51 -04:00
Robert Reif 8c093d0f8a refactor CheckBufferOverrun::checkScope strncpy check and change experimental to inconclusive 2011-08-27 21:18:39 -04:00
Robert Reif c4fdb8d113 better test for symbol database bug fixed in last commit 2011-08-24 06:53:27 -04:00
Robert Reif 8c1efe9bb6 improve message for #3035 (false negative: strcpy(dst, src) where src is bigger than dst) 2011-08-21 15:18:41 -04:00
Robert Reif 67e8731a96 partial fix for #3035 (false negative: strcpy(dst, src) where src is bigger than dst) 2011-08-21 14:44:55 -04:00
Robert Reif a30da73d3e fix #2986 (segmentation fault of cppcheck ( x[y] )) 2011-08-09 19:45:18 -04:00
Daniel Marjamäki e2367b4149 Fixed #2976 (False positive: array out of bounds) 2011-08-08 18:22:15 +02:00
Daniel Marjamäki 999b80bbb8 Buffer overrun: Fix false negative 2011-08-07 17:54:25 +02:00
Kimmo Varis cfcfa3f000 Use "enabled" list for the style checking.
Settings-class currently enables style checking via dedicated
boolean attribute. All other CLI's enable-options are handled
through the enable-list. This commit moves style-check enabling
to use the enable-list.

Main advantage is the consistency how options are handled/stored
in the Settings class. Which also unifies using them for the other
code. You need to enable certain type of checks? Use the
addEnabled()-method. You want to check if certain type of checks
are enabled? Use the isEnabled()-method.
2011-08-07 10:28:52 +03:00
Daniel Marjamäki fd7e085c9d Array index out of bounds: prevent false positive when a dimension for an array is unknown 2011-08-05 13:08:48 +02:00
Daniel Marjamäki 0186fc0650 tweaked the error message somewhat for id arrayIndexThenCheck 2011-08-05 09:10:07 +02:00
Daniel Marjamäki ceb763f57a Fixed #2956 (False negative: read array and then immediately check the index 'str[i] && i<sizeof(str)') 2011-08-04 11:15:14 +02:00
Daniel Marjamäki 3cfef6285c Fixed #2920 (False positive: Array 'arr[0]' index 0 out of bounds (array size and index are unknown)) 2011-07-20 07:57:42 +02:00
Daniel Marjamäki 7dcb68f5a4 CheckBufferOverrun: Detect overflows when buffer is allocated with alloca 2011-07-17 09:35:51 +02:00
Daniel Marjamäki e597ad72e7 Fixed #2841 (False positive: Array index out of bounds, can't compare ints to chars) 2011-06-29 18:44:05 +02:00
Daniel Marjamäki af7c97f972 Fixed #1684 (false positive: buffer access out of bounds when using extern variable declaration) 2011-05-07 11:34:48 +02:00
Daniel Marjamäki e5d43d4ed2 Renamed Settings::stupid to Settings::experimental 2011-04-10 15:55:08 +02:00
Daniel Marjamäki 30ee9ba6e4 Added Settings::stupid flag that can be used to hide checking that generates false positives. 2011-04-10 13:23:45 +02:00
Daniel Marjamäki 07fe361964 Fixed #2638 (Tokenizer::setVarId : varid is wrongly given when unknown macro is used) 2011-03-13 17:52:45 +01:00
Daniel Marjamäki bea3875386 Fixed #2607 (segmentation fault of cppcheck ( struct C {} {} x)) 2011-03-09 21:00:28 +01:00
Daniel Marjamäki bf2362d558 Fixed #2634 (False positive: buffer access out of bounds) 2011-03-08 19:49:56 +01:00
Reijo Tomperi 7f9dc42ff1 Fix test array_index_24() to share code with environments where plain char is either signed or unsigned.
This was done, because that particular test has been already fixed a couple of times and it is still broken in some systems.
2011-02-22 21:46:12 +02:00
Daniel Marjamäki bfe28d3b26 Fixed #2597 (False positive: Buffer access out-of-bounds for u_char, uint*_t, ...) 2011-02-20 21:24:57 +01:00
Raphael Geissert 5998ec4af9 Really fix the build failure this time 2011-02-15 14:10:56 -06:00
Daniel Marjamäki aacb94c427 Revert "Buffer overruns: Removed TODO test case. We intentionally don't check struct/class arrays fully to avoid false positives"
This reverts commit 87cc42e6f0.
2011-02-13 22:48:26 +01:00
Daniel Marjamäki 87cf0949f2 Buffer overruns: Removed TODO test case. We intentionally don't check struct/class arrays fully to avoid false positives 2011-02-13 21:48:13 +01:00
Daniel Marjamäki 87cc42e6f0 Buffer overruns: Removed TODO test case. We intentionally don't check struct/class arrays fully to avoid false positives 2011-02-13 21:42:35 +01:00
Daniel Marjamäki 518a495334 Fixed #2576 (False positive: (error) Buffer access out-of-bounds) 2011-02-12 18:34:12 +01:00
Daniel Marjamäki 318f2e8a57 Fixed #2561 (False positive on array index when using conditional operator) 2011-02-12 11:31:10 +01:00
Raphael Geissert d8119cd57a Fix test for architectures where char is unsigned 2011-02-12 02:42:31 -06:00
Erik Lax c7821675dd Preprocessor: Test handling of strings with multiple spaces (Ticket: #2548) 2011-02-11 18:57:58 +01:00
Daniel Marjamäki 757c840633 astyle formatting 2011-01-31 17:26:07 +01:00
Ettl Martin f3111b541e #2528 added todo-testcase 2011-01-31 13:46:51 +01:00
Pete Johns 098f0bf3e6 Fixed #2526 (Make TODO_ASSERT_EQUALS take three arguments (value, to_be, as_is)?...
Removed replaced EXPECTED with...

WANTED (to-be):     The future expected value.
CURRENT (as-is):    Documenting how cppcheck behaves now.

This removes the need for an ASSERT_EQUALS but enforces the check for every TODO_ASSERT_EQUALS.
2011-01-30 23:20:11 +11:00
Daniel Marjamäki 9d3b242cd8 Fixed #1952 (false negative: buffer acces out of bounds with memcpy) 2011-01-22 21:31:26 +01:00
Reijo Tomperi 226b605774 Change year 2010 -> 2011 in license texts. 2011-01-09 21:33:36 +02:00
Daniel Marjamäki 79ef02812d Fixed #2211 (false negative: buffer access out of bounds for(int i=0; i !=6;i++)) 2011-01-09 18:51:28 +01:00
Kimmo Varis b750a52f6d Improve strncat 3rd parameter usage warning message.
See forum thread:
https://sourceforge.net/apps/phpbb/cppcheck/viewtopic.php?f=3&t=192
2011-01-04 23:17:44 +02:00
Daniel Marjamäki 4ec9d418ff Fixed #2215 (Improve check: Writing outside malloc bounds not detected) 2011-01-01 20:56:21 +01:00
Daniel Marjamäki 2da3fea1b8 Fixed #2386 (segmentation fault occurs in the checking when typedef has same name as an enum constant) 2010-12-31 20:55:28 +01:00
Daniel Marjamäki 04eb9cf305 Fixed #2378 (Refactoring: create utility function that skips redundant if/for/while) 2010-12-31 18:07:46 +01:00
Daniel Marjamäki ed6c76ce04 Fixed #2385 (False positive: array index out of bounds) 2010-12-31 17:43:38 +01:00
Daniel Marjamäki 38e7209d26 Fixed #2373 (Using XML2 in --errorlist output) 2010-12-29 12:43:29 +01:00
Daniel Marjamäki bdf0cb7115 Fixed #2370 (false negative: Buffer access out-of-bounds (for with if, no break)) 2010-12-28 20:46:31 +01:00
Daniel Marjamäki 6aa400fd80 Buffer overrun: UB when pointer arithmetic result points out of bounds. Ticket #1774 2010-12-26 21:23:28 +01:00
Daniel Marjamäki 8247270f35 Fixed #2328 (false positive: buffer overrun (for loop with a break => the end value is not reached)) 2010-12-19 10:39:43 +01:00
Daniel Marjamäki f6c00fc478 Fixed #2323 (false positive: Buffer access out of bounds) 2010-12-18 10:54:36 +01:00
Daniel Marjamäki eb0231b48f astyle formatting 2010-12-16 20:15:22 +01:00
Daniel Marjamäki 5ce63a1df0 Fixed #2292 (segmentation fault with cppcheck 1.46 with --errorlist) 2010-12-13 18:17:33 +01:00
Robert Reif f12c0c7ada Tokenizer: add assert(_settings) to Tokenizer to insure the tokenizer always has settings. Ticket: #2219 2010-12-01 18:00:55 +01:00
Daniel Marjamäki ec6edaee6e Buffer overflow: Added unit test that makes sure that array index out of bounds is detected inside loop. Ticket: #2199 2010-11-21 12:24:57 +01:00
Daniel Marjamäki 66c2825b23 Fixed #2210 (False positive: buffer overrun (snprintf, unknown type)) 2010-11-18 19:26:46 +01:00
Daniel Marjamäki 586f4992d8 Tokenizer::simplifyKnownVariables: Fixed TODO test cases in TestBufferOverrun 2010-11-07 17:42:32 +01:00
Daniel Marjamäki fb068a4e71 Fixed #2170 (false positive: After a strncpy() the buffer should be zero-terminated) 2010-11-07 09:37:45 +01:00
Daniel Marjamäki dd41c74d7f Fixed #2136 (false negative: array bounds) 2010-11-06 09:10:10 +01:00
Daniel Marjamäki 52faadda89 Tokenizer: simplify calculations with zero better 2010-11-05 20:35:31 +01:00
Daniel Marjamäki b55f6458a2 Fixed #2120 (False positive: array index out of bounds (unknown type in struct, sub function)) 2010-10-30 12:32:43 +02:00
Daniel Marjamäki 79583ee45d #2133 (cppcheck: floating point exception) 2010-10-26 20:05:34 +02:00
Daniel Marjamäki 306587b1d0 Buffer overruns: Fixed TODO test case 2010-10-24 11:32:27 +02:00
Daniel Marjamäki f3c6c64e9a Fixed #2121 (False positive: Buffer access out-of-bounds when using uint32_t) 2010-10-23 13:12:17 +02:00
Daniel Marjamäki 5deb046ac5 Fixed #2120 (False positive: array index out of bounds (unknown type in struct, sub function)) 2010-10-23 08:49:03 +02:00
Daniel Marjamäki 9fdc03fc1d Fixed #2117 (false positive: buffer access out of bounds) 2010-10-22 20:15:51 +02:00
Daniel Marjamäki 2ca7dbc004 Fixed #2109 (false positive: buffer overrun) 2010-10-19 18:23:44 +02:00
Daniel Marjamäki 92a1e9e76e Severities: Added 'warning' and 'performance' severities. No changes to the command line options nor to the XML format. Ticket: #2106 2010-10-17 14:41:00 +02:00
Daniel Marjamäki ba2b986ece Fixed #2097 (false positive: buffer access out of bounds) 2010-10-14 20:00:32 +02:00
Daniel Marjamäki b6c995ea47 Fixed #2096 (False positive: buffer overrun (extern array)) 2010-10-13 20:57:59 +02:00
Daniel Marjamäki 229604b3e3 Fixed #2093 (False positive: buffer access out of bounds (unknown type)) 2010-10-13 18:06:50 +02:00
Daniel Marjamäki 9e15c4ef38 Fixed #2088 ([test.c:12]: (error) Buffer access out-of-bounds: l) 2010-10-12 19:35:20 +02:00
Daniel Marjamäki 74bf1821e6 Array index: detect array index out of bounds when datatype is unknown. Ticket: #2086 2010-10-11 20:52:14 +02:00
Daniel Marjamäki a73ada54d5 Fixed #1705 (false negative: access past end of buffer) 2010-10-10 09:15:18 +02:00
Daniel Marjamäki e7f7c77eab Fixed #1948 (C++ class scoping not followed) 2010-08-24 22:04:14 +02:00
Erik Lax 248bb3b6e8 Fixed #1935 (false negative: detect buffer overrun from network functions (recv, recvfrom..)) 2010-08-14 20:19:23 +02:00
Daniel Marjamäki 1b2f16f443 Buffer overflow: Fixed two TODO test cases 2010-08-05 11:01:47 +02:00
Daniel Marjamäki 33bf8bf730 Fixed #1670 (False negative: Array index out of bounds in return statement) 2010-08-04 20:38:52 +02:00
Daniel Marjamäki bea714445a Fixed #1850 (An access to a nested std::map via a negative integer key is reported as 'Array index out of bounds') 2010-07-14 12:24:07 +02:00
Daniel Marjamäki b02fc037ed Buffer Overrun: Fixed false positive when variable is reassigned in called function 2010-07-05 22:19:27 +02:00
Robert Reif 18bb7488b9 Fixed #1787 (false negative: out of bounds in derived class) 2010-06-13 07:17:50 +02:00
Martin Ettl 0d34416bce added TODO_TESTCASE for ticket 1734: Array index out of bounds 2010-06-06 16:20:50 +02:00
Daniel Marjamäki 5789eb116d astyle formatting 2010-06-02 18:09:25 +02:00
Zachary Blair 33b4254d33 Fixed #568 (string functions with command line arguments may overflow buffer) 2010-06-01 22:41:07 -07:00
Daniel Marjamäki 7601089bee astyle formatting 2010-05-29 11:19:56 +02:00
Zachary Blair 59086fa599 Fixed #818 (Detect sprintf buffer overrun with struct members) 2010-05-28 22:51:28 -07:00
Daniel Marjamäki d23f63c805 astyle formatting 2010-05-26 19:21:34 +02:00
Zachary Blair 619cfbc56f Fixed #168 (buffer overflow: not enough room for the null terminator) 2010-05-26 01:56:34 -07:00
Daniel Marjamäki c31accc52a Fixed #1695 (Ticket #1614 is broken using latest from git) 2010-05-19 19:23:09 +02:00
Daniel Marjamäki f8442391af astyle formatting 2010-05-17 19:51:35 +02:00
Monika Lukow 71e5c56bf9 Fixed #1418 (false negative: buffer access out of bounds) 2010-05-16 23:53:42 +02:00
Daniel Marjamäki 01034cd48d Refactoring: Removed 'possible error' message about cin 2010-05-16 19:09:36 +02:00
Daniel Marjamäki 26fab24de4 Refactoring: Removed some inconclusive checking in CheckBufferOverrun 2010-05-16 15:30:39 +02:00
Daniel Marjamäki 0415560912 refactoring: changed the severity for strncatUsage from possibleError to style 2010-05-02 09:54:08 +02:00
Daniel Marjamäki 883d462553 refactoring: Use style severity instead of possible error for the 'The size argument is given as a char constant' 2010-05-02 09:16:45 +02:00
Daniel Marjamäki 0444ff5298 Fixed #1627 (###### If you see this, there is a bug ###### - Token::Match('%varid% [ %num% ]', 0)) 2010-04-26 18:52:40 +02:00
Daniel Marjamäki 1a34e7daf6 Fixed #948 (array index out of bound not detected 'a[i-1] = 0') 2010-04-25 07:34:50 +02:00
Daniel Marjamäki 8ccd95a643 Fixed #836 (buffer overrun: memmove) 2010-04-24 21:48:58 +02:00
Martin Ettl 5eb9c78533 added further testcases to multidimensional out of bounds unit test 2010-04-23 22:04:49 +02:00
Martin Ettl bd4bead561 update in todo testcase (line number was wrong) 2010-04-23 21:59:46 +02:00
Martin Ettl 572ae0c1b4 added todo testcases for multidimensional out of bounds checking 2010-04-23 21:56:35 +02:00
Daniel Marjamäki a3b781a181 Fixed #819 (array index out of bounds not detected for multidimension arrays) 2010-04-23 16:26:40 +02:00
Daniel Marjamäki b9d8f52cca CheckBufferOverrun: Fixed false positives caused by refactorings 2010-04-22 19:22:23 +02:00
Daniel Marjamäki f9f6927e63 CheckBufferOverrun: Don't give false positives when reading from array with strncpy/strncat 2010-04-21 20:02:58 +02:00
Daniel Marjamäki f057e127a0 CheckBufferOverrun: Refactoring the checking of function calls 2010-04-21 19:27:28 +02:00
Daniel Marjamäki 798aa84151 Refactoring: CheckBufferOverrun refactorings. split up the checkScope into two separate functions. The ArrayInfo usage was improved. Also broke out for-loop handling into separate functions. 2010-04-21 18:33:21 +02:00
Reijo Tomperi 96d66af478 Change "Array index -1 corresponds with 4294967295..." error message into "Array index -1 is out of bounds" 2010-04-20 21:44:31 +03:00
Daniel Marjamäki 7e2f39290d Fixed #1614 (negative array index issues in latest from git) 2010-04-20 16:43:51 +02:00
Daniel Marjamäki 8eff4fcbba Buffer overruns: Added testcase for negative index when using 2-dimensional array 2010-04-18 21:07:21 +02:00
Daniel Marjamäki b6ab419a06 Buffer Overrun: Broke out the checking for negative array index 2010-04-18 20:51:39 +02:00
Daniel Marjamäki a473345f18 Buffer overruns: First change to detect overruns in multidimensional arrays (#819) 2010-04-18 11:08:29 +02:00
Daniel Marjamäki 6db4ab68ef Unit Testing: added assertions for todo testcases to detect changes 2010-04-17 15:01:18 +02:00
Daniel Marjamäki c0e9a546f7 Refactoring: Refactoring the Settings class 2010-04-17 09:23:54 +02:00
Reijo Tomperi 35d2a27b9c Update copyright year in all source files 2010-04-13 22:23:17 +03:00
Reijo Tomperi d102369196 Fix #1590 (False negative: Array index out of bounds: "0 <= i")
http://sourceforge.net/apps/trac/cppcheck/ticket/1590
2010-04-12 22:04:59 +03:00
Reijo Tomperi 7f7e621ecb More tests added to test/testbufferoverrun.cpp 2010-04-11 23:22:16 +03:00
Daniel Marjamäki 6f74c0af5e Fixed #1587 (Crash while processing file) 2010-04-11 20:57:30 +02:00
Daniel Marjamäki 5fed938f56 Fixed #1190 (array index out of bounds when index variable is assigned in a condition) 2010-04-10 21:12:00 +02:00
Daniel Marjamäki e17cce6ac4 Unit Testing: Added an ASSERT 2010-04-10 18:54:12 +02:00
Daniel Marjamäki 15da4fe689 Refactoring: simplified test case 2010-04-10 18:50:28 +02:00
Daniel Marjamäki e9b4ea44a2 Refactoring: Disable inconclusive checks. They can still be activated for debugging/testing purposes 2010-04-10 14:05:33 +02:00
Daniel Marjamäki b4e9185177 Fixed #1134 (improve check: pointer access out of bounds not detected (allocated with malloc)) 2010-04-10 07:57:29 +02:00
Daniel Marjamäki 9a4707c025 Fixed #1576 ('Index out of bounds' false positive) 2010-04-08 19:57:38 +02:00
Martin Ettl 2e11805c1a added TODO testcase for checking fwrite() and fread() check for buffer overrun 2010-04-06 20:56:01 +02:00
Reijo Tomperi c28b365ea0 astyle fix 2010-04-06 16:56:06 +03:00
Martin Ettl c4d1d47f6b fixed ticket 997, now fread and fwrite checked for bufferoverrun 2010-04-06 13:55:03 +02:00
Reijo Tomperi 928163b0cf Fix line number in previously committed unit test 2010-04-05 23:37:30 +03:00
Daniel Marjamäki 0cffe547f9 Unit Testing: Added unit test for untested code in CheckBufferOverrun. Using memset on struct. 2010-04-05 21:50:40 +02:00
Reijo Tomperi d3c251f53a Refactor and fix "After a strncpy() the buffer should be zero-terminated" checking, 2010-04-05 21:47:50 +03:00
Daniel Marjamäki 6327ed55a2 Unit Testing: Buffer overruns when using memchr/memset/memcpy/etc 2010-04-05 20:02:28 +02:00
Daniel Marjamäki 0cad22314e Reverted 'astyle fix'. Those changes are not in sync with my astyle configuration/setup. 2010-04-02 07:30:58 +02:00
Martin Ettl 193aa7d1d3 astyle fix 2010-04-02 02:21:53 +02:00
Reijo Tomperi c7d36b73ed Fix #1548 (False positive: array index out of bounds in for-loop)
http://sourceforge.net/apps/trac/cppcheck/ticket/1548
2010-04-01 22:35:36 +03:00
Robert Reif 32e597e343 Fixed #1539 (False positive: possible error Array index out of bounds) 2010-03-30 17:33:17 +02:00
Robert Reif 0bddd1977f Fixed #1536 (###### If you see this, there is a bug ###### Token::Match() - varid was 0) 2010-03-29 17:25:38 +02:00
Robert Reif 62d2845014 Fixed #1492 (false negatives: array index out of bounds) 2010-03-28 15:56:13 +02:00
Robert Reif c50469dba6 Fixed #1523 (false negative:: buffer access out of bounds when using shift operator) 2010-03-27 07:21:08 +01:00
Reijo Tomperi 88840e6a08 Fix #1453 (possible infinite loop processing GNU Go's engine/montecarlo.c)
http://sourceforge.net/apps/trac/cppcheck/ticket/1453
2010-02-27 23:47:56 +02:00
Daniel Marjamäki 8f4edb5e45 Fixed #1409 (False positive: Buffer access out-of-bounds with strncpy and an array in typedef'ed struct) 2010-02-21 15:23:50 +01:00
Reijo Tomperi e44f0b1b8d Fix #1392 (Segfault in CheckBufferOverrun::checkScope)
http://sourceforge.net/apps/trac/cppcheck/ticket/1392
2010-02-15 23:20:09 +02:00
Monika Lukow e9e5174797 Fixed #1333 (Detect access out of bounds 'for (i = 100; i > 0; --i) a[i] = 0;') 2010-02-14 23:10:15 +01:00
Reijo Tomperi 2a78637da7 Fix #1340 (False positive: Array out of bounds for re-initialised array pointer)
http://sourceforge.net/apps/trac/cppcheck/ticket/1340
2010-02-10 23:11:08 +02:00
Reijo Tomperi 9852ab86e9 Fix #1358 (False negative: out-of-bounds not found near return)
http://sourceforge.net/apps/trac/cppcheck/ticket/1358
2010-02-05 23:55:10 +02:00
Reijo Tomperi db2aff03c7 Added test case for #1333 (Detect access out of bounds 'for (i = 100; i > 0; --i) a[i] = 0;')
http://sourceforge.net/apps/trac/cppcheck/ticket/1333
2010-01-31 22:02:26 +02:00
Daniel Marjamäki c666a9662b BufferOverrun: negative index is out of bounds 2010-01-11 21:18:07 +01:00
Daniel Marjamäki 57d1da3910 Ticket #1228 : Handle tokensBack in the Token class. When adding&removing tokens the Token class can make sure that this pointer is updated accordingly. It is very important that the tokensBack has the same scope as the token list, otherwise there will be a dead pointer problem. 2010-01-06 20:19:27 +01:00
Daniel Marjamäki e6d5c76138 refactoring 2010-01-03 15:52:52 +01:00
Daniel Marjamäki 79223b71d5 added test case for #1193 (false negative: array out of bounds in loop when there is calculation) 2010-01-03 15:49:17 +01:00
Daniel Marjamäki 5925b88b38 Robert Reif: improve check: array index out of bounds, show name of array, array size and array index 2009-12-25 15:25:58 +01:00
Daniel Marjamäki 8a1940e043 astyle 2009-12-19 17:57:58 +01:00
Daniel Marjamäki 0da0b5ffed ericsesterhenn: Fixed #1106 (check if buffer is zero terminated after a strncpy) 2009-12-18 17:26:15 +01:00
Daniel Marjamäki 0b09c36851 Fixed #1026 (false positive: buffer access out of bounds) 2009-12-05 11:41:30 +01:00
Martin Ettl 03e7914c98 partial fix of ticket #997; added check for write() two testcases 2009-11-28 13:41:24 +01:00
Daniel Marjamäki f75c9619d1 Fixed #1021 (Out-of-bounds access false positive) 2009-11-28 12:51:23 +01:00
Reijo Tomperi 12a87fa3a4 Fix #1007 (False positive array index out of bounds concerning a switch statement in a for loop)
Bailout if switch is found in for loop.
http://sourceforge.net/apps/trac/cppcheck/ticket/1007
2009-11-25 22:40:51 +02:00
Reijo Tomperi 9bdf4502ed Fix #995 (false positive: buffer access out of bounds when using fgets)
http://sourceforge.net/apps/trac/cppcheck/ticket/995
2009-11-21 15:45:52 +02:00
Reijo Tomperi 6417704577 Fix #985 (Detect buffer overrun with read())
http://sourceforge.net/apps/trac/cppcheck/ticket/985
2009-11-20 23:47:06 +02:00
Reijo Tomperi 9275b49688 Fix #964 (Integer division by zero exception)
http://sourceforge.net/apps/trac/cppcheck/ticket/964
2009-11-15 17:44:30 +02:00