Commit Graph

607 Commits

Author SHA1 Message Date
Paul Fultz II 9eb5eadd35
Fix 9777: False Positive: Condition is always true with reset/release on unique_ptr (#3440) 2021-09-04 19:06:13 +02:00
Paul Fultz II 8a708e556c
Fix 10456: FP identicalConditionAfterEarlyExit with variable captured by reference (#3439) 2021-09-04 19:05:41 +02:00
Paul Fultz II 740becbddf
Fix 10348: FP knownConditionTrueFalse with condition variable in do ... while loop (#3422) 2021-08-27 05:46:57 +02:00
Paul Fultz II 712ff1c073
Fix 10436: hang: valueFlowSubFunction 'ispunct(c)..' (#3423) 2021-08-27 05:46:33 +02:00
Paul Fultz II 1cd9d0479d
Fix 10433: assertion failure in ValueFlow (Interval::fromValues) (#3419) 2021-08-26 07:46:40 +02:00
Paul Fultz II 8aa37218c2
Fix 10400: FP nullPointer - for loop condition (#3417) 2021-08-25 20:33:41 +02:00
Daniel Marjamäki 11916171fe Fix crash in programmemory, crash found in daca@home package system-root 2021-08-25 06:56:19 +02:00
Paul Fultz II f7ddd7a35d
Fix 10430: FP knownConditionTrueFalse with bool from unsigned char (#3416) 2021-08-25 04:51:54 +02:00
Daniel Marjamäki 37ef29889b Fix 10424: ExpressionAnalyzer assertion failure in librevisa 2021-08-24 16:06:51 +02:00
Paul Fultz II 524db1c756
Fix 10420: assertion error when analysing juce (#3413) 2021-08-23 11:12:42 +02:00
Paul Fultz II 865163b2ba
Add library configurations for free functions like std::size, std::empty, etc (#3410) 2021-08-23 09:03:48 +02:00
Paul Fultz II e62cdbb664
Deduce symbolic values from conditions (#3406) 2021-08-19 22:01:55 +02:00
Paul Fultz II c92dab1329
Fix 10406: FP danglingLifetime with pointer-to-pointer (#3401) 2021-08-14 21:37:17 +02:00
Paul Fultz II b9ac48c90a
Fix 10409: FP 'Condition 's.size()<3' is always false' (#3396) 2021-08-14 06:48:38 +02:00
Paul Fultz II 0f897acecd
Fix FP in solveExpr when using symbolic values (#3391) 2021-08-09 20:41:10 +02:00
Paul Fultz II 7f358b2bed
Format with uncrustify (#3388) 2021-08-07 20:51:18 +02:00
Paul Fultz II 735f716603
Fix 10394 and 10395: FP knownConditionTrueFalse: loop variable (#3381) 2021-08-04 21:07:55 +02:00
Paul Fultz II 8b8ae55490
Fix 10129: false negative: knownConditionTrueFalse (#3382)
* Add symbolic matching

* Check for truncated values

* Dont propagate uninit values

* Update errorpath test

* Add test case for 10129

* Add test case for FP

* Remove symbolic values that are the same as the token

* Fix test messages

* Fix cppcheck issue

* Format
2021-08-04 21:07:31 +02:00
Paul Fultz II 61ceff39f5
Fix 10390: FP: knownConditionTrueFalse (#3374) 2021-08-02 10:49:39 +02:00
Daniel Marjamäki 1ec7397c21 astyle formatting
[ci skip]
2021-08-01 14:05:30 +02:00
Paul Fultz II 6767b57d4c
Fix FP for symbolic values when the expression is not const (#3370) 2021-07-31 14:19:37 +02:00
Paul Fultz II 3a7ba3cd29
Add symbolic values to ValueFlow (#3367) 2021-07-30 21:29:35 +02:00
Paul Fultz II c34691ff56
Fix 10354: FP knownConditionTrueFalse after bitwise and/xor (#3360) 2021-07-26 22:22:50 +02:00
Paul Fultz II 8e416a7255
Fix issue 10379: FP knownConditionTrueFalse with mod operator (#3354) 2021-07-25 18:13:14 +02:00
Paul Fultz II 00eb71fd49
Remove constexpr -> const simplification (#3346) 2021-07-22 07:22:26 +02:00
orbitcowboy 1be5bb8bbc Running astyle [ci skip] 2021-07-18 10:01:22 +02:00
Paul Fultz II 0b079937e0
Fix 10364: Performance regression (#3340) 2021-07-18 07:48:21 +02:00
Paul Fultz II 59a1c1a9d8
Refactor: Remove variable analyzer (#3339) 2021-07-18 07:46:31 +02:00
Paul Fultz II 9fc5b9472d
Fix 10353: FP knownConditionTrueFalse with conditional assignment (#3333) 2021-07-10 07:35:16 +02:00
Daniel Marjamäki 56924643be Fixed #10347 (ValueFlow: No known value set for sizeof(a[0])) 2021-07-08 18:18:44 +02:00
Paul Fultz II 3b9c399f72
Fix 10338: Hang/Crash in valueflow (#3328) 2021-07-07 08:20:32 +02:00
Paul Fultz II dd178c3ad9
Fix 10314: Possible nullPointerRedundantCheck false positive (#3298) 2021-06-19 13:59:48 +02:00
Paul Fultz II f3a33ea330
Fix 10294: ValueFlow: Wrong <Uninit> value below loop (#3291) 2021-06-09 09:20:43 +02:00
Paul Fultz II 548ec10824
Fix issue 10306: FP knownConditionTrueFalse with modulo result converted to bool (#3282) 2021-06-03 07:26:36 +02:00
Paul Fultz II ab50a75d8a
Fix 10289: ValueFlow; Wrong known value 'size_t - uint16_t > 0' (#3273) 2021-05-24 08:28:21 +02:00
Paul Fultz II 47a4144b47
Fix 10288: ValueFlow; False positives because of wrong known value when there is sign cast (#3268) 2021-05-23 10:20:29 +02:00
Paul Fultz II a772d652d8
Fix issue 9932: FP: containerOutOfBounds (#3217)
* Fix issue 9932: FP: containerOutOfBounds
2021-04-18 10:43:38 +02:00
Paul Fultz II 255f273c46
Fix issue 10088: ValueFlow: Array size, wrong known value (#3204) 2021-04-09 07:43:54 +02:00
Paul Fultz II f605f71e49
Fix issue 10225: false positive: knownConditionTrueFalse (#3196) 2021-04-05 10:20:14 +02:00
Daniel Marjamäki 44f914eaee astyle formatting
ci skip
2021-04-04 18:20:32 +02:00
Oliver Stöneberg 6397e29f84
cleaned up includes based on include-what-you-use (#3141) 2021-04-03 21:30:50 +02:00
Paul Fultz II 182ae75290
Fix issue 10216: FP containerOutOfBounds with std::array initialized with = {} (#3190) 2021-03-31 22:07:54 +02:00
Paul Fultz II 5077663684
Fix issue 9979: false positive: containerOutOfBounds with conditional resize (#3136) 2021-03-30 14:02:28 +02:00
Paul Fultz II 9de976b243
Fix issue 10194: hang with followAllReferences() (#3189)
* Decrease depth faster when there is multiple returns
2021-03-30 11:22:56 +02:00
Daniel Marjamäki 42437277dc Update Copyright year 2021-03-21 20:58:32 +01:00
shaneasd 02ac2b08a0
Fix some warnings (#3096) 2021-02-23 08:19:05 +01:00
PKEuS cf1937294a Refactorization: Removed unnecessary \n and spaces in strings
Merged from LCppC.
2021-02-20 12:58:42 +01:00
Paul Fultz II 51f93400d1
Fix issue 10166: FP uninitvar with break from infinite loop (#3124) 2021-02-11 08:07:12 +01:00
Daniel Marjamäki fbf63b932e astyle formatting
[ci skip]
2021-02-10 11:42:00 +01:00
Paul Fultz II 8569a970b4
Fix issue 10147: False positive: Out of bounds access in expression 'v[0]' because 'v' is empty. (#3123) 2021-02-10 08:11:06 +01:00
Paul Fultz II 0e871c178f
Fix issue 10141: Errors with ref assignment (duplicateValueTenary and knownEmptyContainer) (#3093) 2021-02-09 15:27:46 +01:00
Paul Fultz II cf8a5d9a22
Fix issue 10111: FP knownConditionTrueFalse (#3110) 2021-02-03 10:21:47 +01:00
Paul Fultz II 913dbeb8d8
Fix FP when inserting a range into a container (#3108) 2021-02-02 14:57:48 +01:00
Paul Fultz II e17d22eb87
Fix issue 10134: False positive: value is not known. Early return. (#3086) 2021-01-28 12:37:56 +01:00
Ken-Patrick Lehrmann 00707455be
10110: Fix FP knownConditionTrueFalse (#3053) 2021-01-25 17:23:47 +01:00
Paul Fultz II d80f2fb46f
Reapply f1cc3ad and fix performance regression (#3076) 2021-01-23 08:47:39 +01:00
Daniel Marjamäki 0fa89ff2ba Revert 14365ffc7 and f1cc3ada8, there was a performance regression 2021-01-22 10:51:46 +01:00
Paul Fultz II f1cc3ada86
Refactor valueFlowTerminatingCondition to handle inner conditions and complex conditions (#3060) 2021-01-21 20:18:53 +01:00
Paul Fultz II 25ada657da
Fix issue 9030: ValueFlow: Possible value after conditional assignment in for loop (#3059) 2021-01-18 10:12:07 +01:00
Paul Fultz II 65395aeaa1
Add regression test for 7013: valueFlowAfterCondition: false positive below overspecified code (#3055) 2021-01-17 16:29:11 +01:00
Paul Fultz II b571e9fe0b
Fix issue 10106: FP: nullPointerRedundantCheck (#3044) 2021-01-13 12:36:26 +01:00
Paul Fultz II b469da1069
Fix issue 8253: False negative: Comparison is always true (early return) (#3043) 2021-01-13 12:35:43 +01:00
Paul Fultz II 678ee00fe9
Infer variables from conditions in valueFlowSubfunction (#3037) 2021-01-11 08:00:13 +01:00
Paul Fultz II a3617fe573
Fix issue 10102: False positive: knownConditionTrueFalse in for loop (#3038) 2021-01-11 07:56:16 +01:00
Paul Fultz II bc3f5554a4
Fix issue 8871: improve check: mismatching container size conditions (#2988) 2021-01-10 13:30:00 +01:00
Paul Fultz II c267d85640
Add generic valueflowBeforeCondition (#3001) 2021-01-08 22:55:04 +01:00
Rikard Falkeborn d19454b935
Refactoring: Convert ValueType to enum class (#3005) 2021-01-02 09:30:00 +01:00
Paul Fultz II bd22070df5
Fix issue 10027: Segmentation fault in ValueFlowAnalyzer::analyze (#2987) 2020-12-26 21:26:39 +01:00
Paul Fultz II a770342593
Fix crash in getInitListSize (#2960) 2020-12-19 12:23:19 +01:00
Daniel Marjamäki 1744cbaf66 astyle formatting
[ci skip]
2020-12-19 08:56:46 +01:00
Paul Fultz II 626dcd0eba
Fix issue 10037: False positive when passing variables to functions by address (#2957) 2020-12-19 08:29:37 +01:00
Paul Fultz II b044f9ba96
Fix issue 9996: false negative: containerOutOfBounds with std::vector::front() and c++11 braced initializer (#2958) 2020-12-18 07:14:11 +01:00
Daniel Marjamäki 75f2ab20e8 Bug hunting; void* => might point at uninitialized data 2020-12-17 07:32:53 +01:00
Paul Fultz II c9d2e55ea9
Fix issue 10035: FP: knownConditionTrueFalse when bool updated in for loop (#2953) 2020-12-16 17:25:21 +01:00
Rikard Falkeborn 324e267559
getSizeOf: Handle long double (#2888) 2020-11-11 22:51:17 +01:00
Daniel Marjamäki 4330a43acb Fixed #9933 (FP: uninitvar when reading to struct) 2020-11-11 22:47:23 +01:00
Paul Fultz II bd7e915c20
Add generic reverse valueflow (#2878) 2020-11-10 16:00:55 +01:00
Paul Fultz II 64638d82bb
Fix issue 9945: FP: containerOutOfBounds (#2845) 2020-10-22 07:41:52 +02:00
Paul Fultz II 047c3ed6ba
Fix issue 9935: FP: knownConditionTrueFalse value flow doesn't account for virtual functions (#2839) 2020-10-09 17:21:27 +02:00
Paul 828a5e2326 Fix issue 9930: valueFlowLifetime hang 2020-10-03 11:01:53 +02:00
Paul Fultz II 857722f859
Fix issue 9711: FP knownConditionTrueFalse for variable modified via pointer (#2813) 2020-09-20 14:27:09 +02:00
Paul Fultz II a42976d656
Fix issue 9898: false positive: knownConditionTrueFalse (#2806) 2020-09-14 18:43:11 +02:00
Paul Fultz II bb7164171c
Fix issue 9894: ValueFlow: wrong known value below while with assignment (#2804)
* Fix issue 9894: ValueFlow: wrong known value below while with assignment
2020-09-14 08:03:25 +02:00
Paul be900873cc FIx issue 9895: ValueFlow: Wrong known value below function call with reference parameter 2020-09-11 16:03:57 -05:00
Daniel Marjamäki 600538a325
Merge pull request #2793 from Ken-Patrick/mixedoperators
Fix false positives with condition with || and &&
2020-09-11 10:11:31 +02:00
Paul 4d1b3e06c7 Fix FPs 2020-09-10 17:06:49 -05:00
Ken-Patrick Lehrmann a114bf0293 Fix false positives with condition with || and &&
The value of something in the middle of a condition with mixed || and &&
gives no information on which branch will be taken.
For instance with:
```
int f(int a, int b, bool x) {\n"
  if (a == 1 && (!(b == 2 && x))) {
  } else {
    if (x) {
    }
  }

  return 0;
}
```
We can enter the if part whether x is true or false, and similarly,
enter the else part whether x is true or false. Same thing with the
value of b.

This fixes the following false positive with above code:
```
:4:13: style: Condition 'x' is always true [knownConditionTrueFalse]
        if (x) {
            ^
:2:33: note: Assuming that condition 'x' is not redundant
    if (a == 6 && (!(b == 21 && x))) {
                                ^

```
2020-09-10 23:27:39 +02:00
Daniel Marjamäki 18e99176e5
Fix issue 9883: endless recursion in getLifetimeTokens (#2786) 2020-09-08 20:14:54 +02:00
Paul Fultz II 5099ca3c8b
Fix issue 9882: segfault in ForwardTraversal (#2785) 2020-09-08 20:14:10 +02:00
Paul d5489fd1f0 Fix issue 9883: endless recursion in getLifetimeTokens 2020-09-08 11:33:29 -05:00
Paul Fultz II ec89c57a90
Fix issue 9849: false positive: containerOutOfBounds (#2753) 2020-08-25 07:12:41 +02:00
Daniel Marjamäki 2bb73840fc astyle formatting 2020-08-23 17:17:33 +02:00
Paul Fultz II ac846b96d1
New check: Iterating a known empty container (#2740) 2020-08-22 09:16:26 +02:00
Paul 71c228a01a Check for containers that modify the size using square bracket 2020-08-10 22:07:22 -05:00
Paul fec2914700 Add tests for container changes 2020-08-09 22:52:03 -05:00
Paul 26693df788 Use forward analyzer for container forward 2020-08-08 00:10:03 -05:00
Ken-Patrick LEHRMANN a923115710 Add missing operators <<= and >>=
This fixes issues (at least false positives) in code using them.
For instance:

```
unsigned compute(unsigned long long a) {
    unsigned num = 0;
    while (a > 0xFFFFFFFF) {
      a >>= 32;
      num += 32;
    }
    if (a > 0xFFFF) {
      a >>= 16;
      num += 16;
    }
    if (a > 0xFF) {
      num += 8;
    }
    return num;
}
```

would give false positive:
```
cppcheck --enable=style  sl3.cpp
Checking sl3.cpp ...
sl3.cpp:11:11: style: Condition 'a>0xFF' is always false [knownConditionTrueFalse]
    if (a > 0xFF) {
          ^
sl3.cpp:3:14: note: Assuming that condition 'a>0xFFFFFFFF' is not redundant
    while (a > 0xFFFFFFFF) {
             ^
sl3.cpp:11:11: note: Condition 'a>0xFF' is always false
    if (a > 0xFF) {
          ^
```
2020-07-23 14:36:34 +02:00
Ken-Patrick Lehrmann 5a3789a23f 9769: Improve value flow for ternary operator
In some cases, the condition of the ternary operator is assigned a known
value after the two possible results, and in such cases, we would not
take the opportunity to assign a value to the ternary operator (and to
the other parents in the ast).
This patch adds this capability.
2020-06-20 10:29:28 +02:00
Daniel Marjamäki 2b0e4926bc valueFlowAfterAssign: variable initialization 2020-06-14 21:14:05 +02:00
Paul Fultz II 0c659a1499
Fix incorrect logic for condition (#2675) 2020-06-09 08:16:53 +02:00