Daniel Marjamäki
036b2f8ccf
CheckBufferOverrun: Added bufferOverrun2 that is based on ValueFlow/SymbolDatabase/Ast from the start. Replaced some old checking.
2014-06-26 17:36:20 +02:00
PKEuS
ec1bd420a7
Refactorizations optimizing std::string usage:
...
1) Added global static const std::string emptyString; object:
-> Replaces some static variables in functions which might be not threadsafe
-> Avoids constructor call (std::string::string(""))
-> Even functions that return an empty string in some branches can return by reference now.
Added to config.h to ensure that it is available everywhere
2) Added overloads for TestFixture::assertEquals for the most common use cases:
-> Moves conversion from const char[] to std::string into a function, reducing code duplication in binary.
2014-06-26 11:51:02 +02:00
PKEuS
2d54bace1b
Improved performance of CheckBufferOverrun::checkScope() ( #5944 ):
...
-> Speedup by 40% (MSVC12, x64, not matchcompiled) on the file attached to the ticket
2014-06-23 19:06:59 +02:00
PKEuS
8f79dc3ff8
Cleaned up includes and forward declarations in checkers:
...
- Removed definitely unnecessary forward declarations (e.g. "class Token"; token.h is already included by check.h, so a definition is unnecessary)
- Removed unused includes
2014-05-24 12:50:03 +02:00
PKEuS
3275881056
Improved checkBufferOverrun::classInfo ( #4667 )
2014-05-22 09:13:29 +02:00
Daniel Marjamäki
3c64c70ce2
ValueFlow: Added utility functions getValueLE and getValueGE to simplify usage
2014-04-02 06:49:28 +02:00
Daniel Marjamäki
e5301b2b7a
ValueFlow: Improved valueflow of for loop 'for (i=a; i<10; i++)' => unknown start value but end value is known
2014-03-29 20:20:22 +01:00
Daniel Marjamäki
87daf5783e
buffer overflow: clean up old checking for negative index
2014-03-25 20:37:32 +01:00
Daniel Marjamäki
fd3a8a2a18
Update copyright
2014-02-15 07:45:39 +01:00
Martin Ettl
6ca7daec10
Fixed #389 : Providing negative value to memory allocation function.
2014-02-01 22:38:29 +01:00
Daniel Marjamäki
0dbb86f0cb
Cleanup ExecutionPath from CheckBufferOverrun
2014-01-22 21:25:37 +01:00
Daniel Marjamäki
18d6285ad2
BufferOverrun: Improved error message when array index is used before checking that its in limits
2014-01-17 18:56:46 +01:00
Daniel Marjamäki
a1b0d190df
Fixed #3688 (false positive: (inconclusive, posix) (warning) The buffer 'cBuffer' is not zero-terminated after the call to readlink().)
2014-01-02 10:46:19 +01:00
PKEuS
c95b153700
Refactorizations:
...
- Removed some redundant operator=, copy-ctor and dtor implementations
- use operator[] instead of at() in library loading code
2013-10-27 13:55:13 +01:00
Ettl Martin
9ab6655d85
Fixed #5007 (Same include guard naming)
2013-09-04 20:59:49 +02:00
PKEuS
a9a5dc0354
Updated to AStyle 2.03, require this version
2013-08-07 16:27:37 +02:00
Daniel Marjamäki
9c67af058a
SymbolDatabase: Renamed Variable::varId() to Variable::declarationId() to make it more clear how it works.
2013-07-20 12:31:04 +02:00
Daniel Marjamäki
785d54046f
Fixed Cppcheck warning, method can be static
2013-06-01 14:06:48 +02:00
Daniel Marjamäki
a861817a01
Fixed #4751 (CheckBufferOverrun: better handling when struct member instance doesn't have same varid as struct member declaration)
2013-05-28 16:52:23 +02:00
Ettl Martin
ff826d7c62
#4664 : new check: (POSIX) write outside buffer size.
2013-03-19 08:22:48 +01:00
Robert Reif
4b9b87e310
Fixed #4646 (false positive: (style, inconclusive) Technically the member function 'C<T>::operator+=' can be const.)
2013-03-14 06:34:12 +01:00
Reijo Tomperi
5d5f7085bf
Updating year 2012 -> 2013 to .cpp and .h files and man page.
2013-01-01 18:29:08 +02:00
Daniel Marjamäki
7f6a10599b
Fixed #4262 (Small Request/Suggestion for checks on array size of args (bounty offer))
2012-12-22 09:23:34 +01:00
XhmikosR
6e4e3dfbfb
lib: tabs to spaces, remove trailing spaces and extra empty lines at the end of files
2012-09-17 13:51:23 +02:00
Deepak Gupta
4202866100
Fixed #4096 (Improve check: Buffer overrun in for loop, postfix increment in array access)
2012-09-01 19:17:28 +02:00
PKEuS
046712aaec
Removed --doc formating hack that removes more than three newlines and added format testing of Check::classInfo instead.
...
- Fixed test failures shown by new test.
Use const_iterator instead of iterator in testcppcheck.cpp when possible
2012-08-26 16:22:46 +02:00
PKEuS
1b40668e04
Refactorizations:
...
- Made several functions (Check*::myName and others) because they don't touch depend on a specific instance. (cppcheck findings)
- Removed description of a check in CheckConst that has moved to CheckIO
2012-08-02 09:50:48 -07:00
PKEuS
4b80e91145
Implemented support for building cppcheck lib into a dll
...
Updated VS9 solution
New VS10 solution that builds cppcheck into a dll used by cli and testrunner.
Functional changes and advantages of new solution:
- Share code between testrunner and cli; ability to share code with gui as well (not yet implemented)
- Files of /lib are no longer compiled twice (should improve build time on single core machines)
- Added configuration for building with PCRE support
- Executables are build into /bin (/bin/debug in debug mode) folder (Should no longer require rebuild when switching between debug and release)
- Completely x64 compatible (contains also x64-debug configuration now)
2012-06-10 05:19:09 -07:00
Edoardo Prezioso
eacf74be8d
Changed the order of some structures in order to improve, even if for a bit, their padding.
2012-05-14 20:49:03 +02:00
PKEuS
b37cf11d20
Refactorizations:
...
- Increased encapsulation by making some functions private
- Removed redundant function CheckBufferOverrun::ArrayInfo::declare
- Avoided copy of ArrayInfo object
- Removed unnecessary and suspicious "if(sizeof(int) == 4)"
2012-03-27 19:40:39 +02:00
PKEuS
e3b3b7b62f
Refactorizations on buffer overrun check:
...
- Replaced a few indendation counters by smaller and faster code
- Make use of safer nextArgument() function instead of some local implementations
- Replaced some simple patterns by direct function calls
- Made a strncpy/strncat search pattern more generic
- Replaced offset variable by incrementation of Token* to avoid subsequent calls to tokAt
- Increased data encapsulation in header
2012-03-17 21:55:08 +01:00
PKEuS
b1ff900aaa
Some refactorizations
2012-02-18 23:43:51 +01:00
Reijo Tomperi
8cae17fda8
Update year to 2012
2012-01-01 01:05:37 +02:00
Daniel Marjamäki
497c54a1a7
Fixed #3168 (false negative: buffer overflow in subfunction)
2011-12-11 08:16:58 +01:00
Daniel Marjamäki
ee39f6402c
reverted fix for #3168 , I'll rewrite it
2011-12-10 20:46:10 +01:00
Daniel Marjamäki
897e8637b4
Fixed #3168 (false negative: buffer overflow in subfunction)
2011-12-10 19:26:12 +01:00
Daniel Marjamäki
2e08c8c5b1
DJGPP: Fixed a few compiler errors by using std::size_t instead of size_t
2011-11-22 21:14:14 +01:00
Thomas Jarosch
3413ffef3e
Refactor readlink() buffer check to also handle readlinkat()
2011-10-24 21:23:18 +02:00
Thomas Jarosch
7ae39f13cc
Fixed #3198 (Add check for readlink())
2011-10-14 19:45:51 +02:00
Daniel Marjamäki
6f8e42a5af
changed the astyle formatting flags
2011-10-13 20:53:06 +02:00
Thomas Jarosch
abd2525339
Fixed #3161 (Show buffers size info for snprintf() buffer overruns)
2011-10-05 20:17:57 +02:00
Robert Reif
0d6592dd2e
use correct checkScope function in CheckBufferOverrun for single dimension member arrays
2011-09-11 19:21:13 -04:00
Robert Reif
e18fe56d56
refactor CheckBufferOverrun to only use multi-dimension array error messages and remove single dimension array message
2011-09-11 09:54:26 -04:00
Robert Reif
a9b4e21f60
refactor CheckBufferOverrun::checkScope to take an ArrayInfo parameter
2011-09-10 11:21:52 -04:00
Robert Reif
547a79d4fe
calculate array size for variable length structures with array at end in CheckBufferOverrun::checkStructVariable() when possible
2011-09-10 10:14:32 -04:00
Robert Reif
7451c5cece
warn when buffer is not zero terminated after memmove
2011-09-05 15:59:41 -04:00
Robert Reif
f5d71d1ac5
warn when buffer is not zero terminated after memcpy
2011-09-05 15:41:37 -04:00
Robert Reif
3c8988e7a5
warn when buffer is not zero terminated after strncpy
2011-09-05 15:19:38 -04:00
Robert Reif
8c093d0f8a
refactor CheckBufferOverrun::checkScope strncpy check and change experimental to inconclusive
2011-08-27 21:18:39 -04:00
Robert Reif
6e78b51071
make all functions that call reportError names in checkbufferoverrun end in Error for consisentcy
2011-08-24 07:11:39 -04:00
Robert Reif
8c1efe9bb6
improve message for #3035 (false negative: strcpy(dst, src) where src is bigger than dst)
2011-08-21 15:18:41 -04:00
Robert Reif
67e8731a96
partial fix for #3035 (false negative: strcpy(dst, src) where src is bigger than dst)
2011-08-21 14:44:55 -04:00
Daniel Marjamäki
ceb763f57a
Fixed #2956 (False negative: read array and then immediately check the index 'str[i] && i<sizeof(str)')
2011-08-04 11:15:14 +02:00
Robert Reif
48e6ea271a
start using symbol database array info for buffer overrun checks
2011-06-22 22:44:11 -04:00
Robert Reif
dac826d0ac
use a more conventional technique for accessing ArrayInfo private variables
2011-06-22 20:35:58 -04:00
Daniel Marjamäki
08811c8179
CheckBufferOverrun: Refactoring. Broke out checkScope code for parsing 'for' bodies
2011-02-10 21:56:06 +01:00
Greg Hewgill
be195a72c9
initialise Check::_name in constructor rather than relying on virtual Check::name()
2011-02-02 22:58:25 +13:00
Daniel Marjamäki
9d3b242cd8
Fixed #1952 (false negative: buffer acces out of bounds with memcpy)
2011-01-22 21:31:26 +01:00
Reijo Tomperi
226b605774
Change year 2010 -> 2011 in license texts.
2011-01-09 21:33:36 +02:00
Daniel Marjamäki
4ec9d418ff
Fixed #2215 (Improve check: Writing outside malloc bounds not detected)
2011-01-01 20:56:21 +01:00
Daniel Marjamäki
fa3853803b
gcc: fixed -Wconversion warnings
2010-12-31 09:30:56 +01:00
Daniel Marjamäki
38e7209d26
Fixed #2373 (Using XML2 in --errorlist output)
2010-12-29 12:43:29 +01:00
Daniel Marjamäki
6aa400fd80
Buffer overrun: UB when pointer arithmetic result points out of bounds. Ticket #1774
2010-12-26 21:23:28 +01:00
Daniel Marjamäki
9d9a5b0623
VS: Fixed compiler warnings. Ticket: #2200
2010-11-21 11:48:27 +01:00
Ettl Martin
a56f6d276a
fixed warning from cppcheck: [lib/checkbufferoverrun.h:129]: (style) 'operator=' should not return a const reference
2010-09-15 22:25:12 +02:00
Daniel Marjamäki
adc47f1820
Fixed #1487 (fix gcc compiler warnings)
2010-08-06 21:02:43 +02:00
Daniel Marjamäki
1b2f16f443
Buffer overflow: Fixed two TODO test cases
2010-08-05 11:01:47 +02:00
Daniel Marjamäki
5789eb116d
astyle formatting
2010-06-02 18:09:25 +02:00
Zachary Blair
33b4254d33
Fixed #568 (string functions with command line arguments may overflow buffer)
2010-06-01 22:41:07 -07:00
Zachary Blair
619cfbc56f
Fixed #168 (buffer overflow: not enough room for the null terminator)
2010-05-26 01:56:34 -07:00
Daniel Marjamäki
01034cd48d
Refactoring: Removed 'possible error' message about cin
2010-05-16 19:09:36 +02:00
Daniel Marjamäki
26fab24de4
Refactoring: Removed some inconclusive checking in CheckBufferOverrun
2010-05-16 15:30:39 +02:00
Daniel Marjamäki
8ccd95a643
Fixed #836 (buffer overrun: memmove)
2010-04-24 21:48:58 +02:00
Daniel Marjamäki
a3b781a181
Fixed #819 (array index out of bounds not detected for multidimension arrays)
2010-04-23 16:26:40 +02:00
Daniel Marjamäki
f9f6927e63
CheckBufferOverrun: Don't give false positives when reading from array with strncpy/strncat
2010-04-21 20:02:58 +02:00
Daniel Marjamäki
f057e127a0
CheckBufferOverrun: Refactoring the checking of function calls
2010-04-21 19:27:28 +02:00
Daniel Marjamäki
798aa84151
Refactoring: CheckBufferOverrun refactorings. split up the checkScope into two separate functions. The ArrayInfo usage was improved. Also broke out for-loop handling into separate functions.
2010-04-21 18:33:21 +02:00
Daniel Marjamäki
b6ab419a06
Buffer Overrun: Broke out the checking for negative array index
2010-04-18 20:51:39 +02:00
Daniel Marjamäki
af3f2faa41
Refactoring: Renamed ArrayInfo::type_size to ArrayInfo::element_size
2010-04-18 20:18:25 +02:00
Daniel Marjamäki
814f706329
BufferOverflow: Refactoring ArrayInfo
2010-04-18 19:46:45 +02:00
Daniel Marjamäki
a473345f18
Buffer overruns: First change to detect overruns in multidimensional arrays ( #819 )
2010-04-18 11:08:29 +02:00
Daniel Marjamäki
c718a7c595
astyle: Update to astyle 1.24
2010-04-15 20:08:51 +02:00
Reijo Tomperi
35d2a27b9c
Update copyright year in all source files
2010-04-13 22:23:17 +03:00
Daniel Marjamäki
5fed938f56
Fixed #1190 (array index out of bounds when index variable is assigned in a condition)
2010-04-10 21:12:00 +02:00
Daniel Marjamäki
0cad22314e
Reverted 'astyle fix'. Those changes are not in sync with my astyle configuration/setup.
2010-04-02 07:30:58 +02:00
Martin Ettl
193aa7d1d3
astyle fix
2010-04-02 02:21:53 +02:00
Daniel Marjamäki
e911d1f1df
doxygen updates
2010-03-17 22:16:18 +01:00
Daniel Marjamäki
30d3418b11
doxygen: added more comments for CheckNullPointer and CheckUninitVar
2010-03-13 21:42:59 +01:00
Daniel Marjamäki
8f4edb5e45
Fixed #1409 (False positive: Buffer access out-of-bounds with strncpy and an array in typedef'ed struct)
2010-02-21 15:23:50 +01:00
Daniel Marjamäki
9394816fcf
Refactoring: Use std::string instead of const char *
2010-02-14 19:58:17 +01:00
Daniel Marjamäki
5925b88b38
Robert Reif: improve check: array index out of bounds, show name of array, array size and array index
2009-12-25 15:25:58 +01:00
Daniel Marjamäki
d4adab3e78
added error info about the strncpy check
2009-12-18 17:33:33 +01:00
Daniel Marjamäki
0da0b5ffed
ericsesterhenn: Fixed #1106 (check if buffer is zero terminated after a strncpy)
2009-12-18 17:26:15 +01:00
Daniel Marjamäki
09859c1019
refactoring the folder structure
2009-10-25 12:49:06 +01:00