Commit Graph

302 Commits

Author SHA1 Message Date
PKEuS 141d2ac215 Refactorization: Improved internal implementation of severity and certainty levels
Backported from LCppC.
2021-02-24 22:00:06 +01:00
PKEuS cf1937294a Refactorization: Removed unnecessary \n and spaces in strings
Merged from LCppC.
2021-02-20 12:58:42 +01:00
Paul Fultz II 0ecac8e23b
Fix issue 10090: ValueFlow: Wrong lifetime, pointer member is not allocated on stack (#3109) 2021-02-03 10:22:31 +01:00
shaneasd 53734a3da1
Test for return address of reference (#2991) 2020-12-28 10:50:42 +01:00
Daniel Marjamäki 9c27ba835d astyle formatting 2020-11-19 21:25:49 +01:00
Paul Fultz II e8c1c792a5
Fix issue 9987: false positive: danglingTempReference with && variable and assignment (#2907) 2020-11-17 06:52:12 +01:00
Paul Fultz II 372161c89b
Fix issue 9939: False positive: Reference to temporary returned (static variable) (#2840) 2020-10-06 09:16:54 +02:00
Daniel Marjamäki bf236e91d7 Fixed #9918 (False positive: autoVariable pointer is NULLed later) 2020-09-28 22:48:57 +02:00
Paul Fultz II 857722f859
Fix issue 9711: FP knownConditionTrueFalse for variable modified via pointer (#2813) 2020-09-20 14:27:09 +02:00
Paul Fultz II e5d0ffdbe7
Fix issue 9900: False positive: Returning lambda that captures local variable 'x' that will be invalid when returning. (#2809) 2020-09-17 08:33:52 +02:00
Paul Fultz II 782684a7cc
Fix issue 9530: False positive: Reference to temporary returned when using initializer lists (#2796) 2020-09-17 08:33:16 +02:00
Paul Fultz II 11c99d7387
Fix issue 9880: False positive: danglingLifetime (#2810) 2020-09-17 07:23:38 +02:00
Paul Fultz II ebbff08932
Fix issue 9899: False positive: Non-local variable will use object that points to local variable (#2808) 2020-09-15 07:11:52 +02:00
Daniel Marjamäki d46b9cec5f
Merge pull request #2795 from pfultz2/fp-lifetime-temp-function-obj
Fix issue 9889: False positive: Using reference to dangling temporary with function object
2020-09-11 09:05:43 +02:00
Paul 71bc79ac28 Fix issue 9889: False positive: Using reference to dangling temporary with function object 2020-09-10 22:58:17 -05:00
Paul b26c581556 Fix issue 9888: False positive: Using reference to dangling temporary with std::move 2020-09-10 22:38:31 -05:00
Paul Fultz II 34d65e25d6
Merge branch 'main' into lifetime-subfunction 2020-09-09 12:02:02 -05:00
Daniel Marjamäki b1401c6536
Merge pull request #2789 from pfultz2/smart-ptr-constructor
Fix issue 9496: False negative: Dereferencing returned smart null-pointer
2020-09-09 08:16:30 +02:00
Paul 382408f59e Fix issue 9496: False negative: Dereferencing returned smart null-pointer 2020-09-08 21:54:38 -05:00
Paul 8d7088aa24 Fix issue 9835: False negative: Return reference to temporary with const reference 2020-09-08 18:30:45 -05:00
Paul 1be67ea008 Merge 2020-09-08 11:00:57 -05:00
Paul Fultz II 362ab44c40
Fix issue 9646: False negative: Return reference to temporary with const reference (#2782) 2020-09-07 10:52:54 +02:00
Paul 786672e19d Format 2020-09-06 21:59:21 -05:00
Paul c7a5d3c5f1 Fix FPs 2020-09-06 21:58:36 -05:00
Paul Fultz II cc2bc74084
Track lifetime for lambdas with explicit capture (#2776) 2020-09-05 07:56:01 +02:00
Paul 264c0cae8b Formatting 2020-09-04 11:59:30 -05:00
Paul bb37b07def Extend lifetimes to subfunctions 2020-09-04 11:56:34 -05:00
Paul Fultz II 03cefd5d70
Fix issue 9853: False positive: returnReference when using a pointer to container (#2765) 2020-09-02 20:01:08 +02:00
Paul Fultz II 32df807b22
Fix issue 9783: wrong lifetime analysis temporary assigned to object (#2711) 2020-09-02 07:13:15 +02:00
Paul Fultz II 0a718694af
Fix issue 9852: False positive: danglingTemporaryLifetime when returning a vector of vectors (#2766) 2020-09-01 11:21:29 +02:00
Paul 0cc1f69862 Fix issue 9770: FP returnDanglingLifetime for class method taking const char* and returning std::string 2020-08-05 23:17:35 -05:00
Paul f7029e62ac Check for mor FPs 2020-06-17 17:06:06 -05:00
Paul Fultz II bbe6157e16
Fix issue 9712: False positive: Returning pointer to local variable when return line implicitly cast to return type (#2662) 2020-05-23 23:12:00 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Paul Fultz II 453a69dd8c
Fix issue 9677: False positive: returning pointer to oject that will not be invalid (#2607)
* Fix issue 9677: False positive: returning pointer to oject that will not be invalid

* Formatting
2020-04-18 09:23:10 +02:00
Paul Fultz II 8fd0839fea
Add regression test for 9534: False positive: Returning pointer to local variable 'x' that will be invalid when returning. (#2596) 2020-04-06 16:02:10 +02:00
Paul Fultz II 71deaaeb18
Fix issue 9608: False Positive: returnDanglingLifetime with braced-init-list (#2583) 2020-04-02 10:17:58 +02:00
Paul Fultz II 02ae71917a
Fix issue 9536: False positive: Reference to temporary returned when using operator() (#2582)
* Fix issue 9536: False positive: Reference to temporary returned when using operator()

* Add more test cases
2020-04-01 22:35:41 +02:00
Paul Fultz II 5462e43161
Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning (#2576)
* Follow reference when tracking local variables

* Fix issue 9639: False positive: Returning object that points to local variable that will be invalid when returning
2020-03-23 22:54:53 +01:00
Paul Fultz II e55ddacd18
Fix issue 9597: False positive: Reference to temporary returned if explicitly casted to base class (#2531) 2020-02-11 11:41:41 +01:00
Paul Fultz II 8fa7dd0fe0
Fix issue 9595: False positive: Using pointer to temporary doesn't account for const ref extended temporary lifetimes (#2525) 2020-02-10 18:01:11 +01:00
Paul Fultz II 9cb39b1d7e Fix issue 9482: False positive: Reference to temporary returned using trailing return type (#2413) 2019-12-01 15:10:02 +01:00
Daniel Marjamäki 937c82efbe AST: initializer list with lambda 2019-11-27 06:44:58 +01:00
Daniel Marjamäki ab2274b8ad AST: lambdas and scopes in expressions 2019-11-23 21:36:36 +01:00
Paul Fultz II 4ebf54d090 Fix issue 9437: Dont assume init list constructor for strings (#2366)
* Fix issue 9437: Dont assume init list constuctor for strings

* Update the schema

* Add documentation
2019-11-17 03:22:04 +01:00
Rikard Falkeborn af170c8e3f Add regression test for #8923 (#2348)
This was fixed in 5a32d2d017. Add a regression test
with array arguments.
2019-11-11 07:15:24 +01:00
Paul Fultz II c1da6c7dd2 Fix issue 9461: False positive: Reference to temporary returned using trailing return type (#2345) 2019-11-10 09:44:04 +01:00
Paul Fultz II 650408a210 Improve librarys config of substr to improve checking cases in issue 8021 (#2338) 2019-11-08 08:02:33 +01:00
Paul Fultz II 2e955d0f22 Fix issue 9453: False positive: danglingLifetime, address of array argument (#2335) 2019-11-07 09:33:17 +01:00
Paul Fultz II d1f225b8ee Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct (#2303)
* Fix issue 9201: FP: returnDanglingLifetime on pointer to variable of static struct

* Fix capture of non-local variables in lambdas
2019-11-05 07:10:32 +01:00
Paul Fultz II c38bbb75e4 Fix issue 9448: Check for temporaries from library function calls (#2312) 2019-11-03 22:02:10 +01:00
Paul Fultz II 1ef85f9229 Fix issue 9432 and 9433: False positive: Reference to temporary returned (#2302) 2019-10-29 19:12:58 +01:00
Daniel Marjamäki 62d972061b astyle formatting
[ci skip]
2019-10-14 19:41:51 +02:00
Paul Fultz II bf5c90a2be Fix issue 9409: FP returnTempReference (#2266)
* Fix issue 9409: FP returnTempReference

* Format
2019-10-13 19:12:46 +02:00
Paul Fultz II a5c6ae1e08 Fix issue 9400: FP returnTempReference - triggered by cast (#2259) 2019-10-10 06:52:11 +02:00
Daniel Marjamäki 9f40341ba8 SymbolDatabase: Hardcoded handling for std::make_shared and std::make_unique , todo: library configuration would be better than hard coding 2019-10-08 17:19:24 +02:00
Paul Fultz II 4eb4762d95 Extend lifetime checking to temporaries (#2242)
* Use lifetimes to check for returning reference to temporaries

* Check for dangling temporaries

* Check for unknown types for returining by reference

* Remove old returnTemporary check

* Format

* Check for deref op

* Ternary operator return an lvalue reference

* Warn when returning temporaries from member functions

* Improve handling of pointer to function

* Extend lifetimes of const references
2019-10-08 09:28:39 +02:00
Paul Fultz II cf1c766292 Fix issue 9317: False positive returnDanglingLifetime when using reference to constant inside if statement (#2241) 2019-10-05 16:32:20 +02:00
Paul Fultz II ba037837c9 Track lifetime across multiple returns
This will now warn when doing something like this:

```cpp
template <class T, class K, class V>
const V& get_default(const T& t, const K& k, const V& v) {
    auto it = t.find(k);
    if (it == t.end()) return v;
    return it->second;
}
const int& bar(const std::unordered_map<int, int>& m, int k) {
    auto x = 0;
    return get_default(m, k, x);
}
```

The lifetime warning is considered inconclusive in this case.

I also updated valueflow to no tinject inconclusive values unless `--inconclusive` flag is passed. This creates some false negatives because library functions are not configured to not modify their input parameters, and there are some checks that do not check if the value is inconclusive or not.
2019-09-11 19:25:09 +02:00
Paul Fultz II 1afd56e964 Fix issue 8785: ValueFlow: Track pointer alias
This fixes the issue by making `ProgramMemory` keep track of values based on the conditions.

It also removes the `deadpointer` check since it duplicates the `invalidLifetime` check.
2019-09-03 17:16:15 +02:00
Paul Fultz II 4f76588f98 Fix issue 9275: False positive: Non-local object uses local variable (#2084) 2019-08-14 20:09:33 +02:00
Paul Fultz II b049fd9303 Improve propogation of lifetimes of function arguments
This will now warn for cases like this:

```cpp
int* f(int * x) {
    return x;
}
int * g(int x) {
    return f(&x);
}
````
2019-07-26 07:02:07 +02:00
Paul Fultz II 60b670babd Fix issue 9219: False positive, returnDanglingLifetime (#2026)
* Check for pointer deref for container methods

* Formatting
2019-07-23 21:59:05 +02:00
Paul Fultz II b0d10273ed Fix issue 3695: Handle class pointers
This switches to use lifetime analysis to check for assigning to non-local variables:

```cpp
class test
{
public:

  void f()
  {
    int x;
    this->ptr = &x;
  }

protected:
  int *ptr;
};
```
2019-07-07 10:16:19 +02:00
Paul Fultz II e0ced1c415 Parse lambdas as functions (#1955)
* Parse lambdas as functions

* Fix issue with missing paren

* Fix error when parsing non-existent args

* Remove unused function variable
2019-07-05 12:30:42 +02:00
Paul Fultz II 66e0f06494 Fixx issue 9163: FP returnDanglingLifetime - returning std::string::find (#1912)
* Fixx issue 9163: FP returnDanglingLifetime - returning std::string::find

* Use simpleMatch
2019-06-24 18:52:17 +02:00
Paul Fultz II 8a1c0dd017 Fix FP with non-local variable referencing a non-local variable (#1864) 2019-06-02 10:21:26 +02:00
Paul Fultz II 6ae7be0f53 Fix FP with lifetime containers (#1865) 2019-06-02 10:14:48 +02:00
Daniel Marjamäki 57c6628732 Revert 'Cleaning up unsimplified templates'. This fix caused problems. 2019-05-16 21:11:04 +02:00
Daniel Marjamäki 2e7725dfa7 Fix test case, my change is reverted 2019-05-15 07:06:04 +02:00
Daniel Marjamäki d58d4273f9 Cleaning up unsimplified templates 2019-05-11 13:00:03 +02:00
Daniel Marjamäki 7efcb3cfe3 astyle formatting
[ci skip]
2019-05-05 11:41:29 +02:00
Paul Fultz II 8c03be3212 Fix issue 9077: False positive: Returning pointer to local variable (#1821)
* Avoid implicit conversion for lifetimes

* Fix issue 9077

* Add more tests

* Rename function

* Fix implicit conversion with containers

* Format

* Fix crash
2019-05-05 11:40:59 +02:00
Paul Fultz II 71bd7f68d4 Fix bug in lifetime constructors (#1816) 2019-05-01 07:52:52 +02:00
Frank Zingsheim 574b77cf1f Fixed: FP return reference to thread_local variable (#1758) 2019-03-27 12:22:53 +01:00
Paul Fultz II 774464eabb Fix issue 8996: False positive duplicateCondition
This fixes issue 8996 by improving the alias checking by using lifetime analysis. It also extends the lifetime checker to handle constructors and initializer lists for containers and arrays.
2019-03-19 06:25:10 +01:00
Daniel Marjamäki 92485245ce Restore severity for 'autoVariables' 2019-03-15 15:13:11 +01:00
Daniel Marjamäki 3656f1ae4f Auto variables: Fix false negatives for normal tokens 2019-03-14 13:51:35 +01:00
Daniel Marjamäki 6eeee743d2 Auto variables: Minor cleanup 2019-03-14 06:41:11 +01:00
amai2012 7859d7d879 #3030 add another regression test 2019-02-22 21:10:05 +01:00
Paul Fultz II 507c7a4388 Improvement to lifetime tracking of addressof and derefencing
This will now warn for cases like this:

```cpp
auto& f() {
    std::vector<int> x;
    return x[0];
}
```

It also improves the handling of address of operator, so it can now warn across some function calls, like this:

```cpp
int& f(int& a) {
    return a;
}
int* hello() {
    int x = 0;
    return &f(x);
}
```
2019-02-22 06:38:56 +01:00
Paul Fultz II 715714f4de Forward lifetimes in "for" loops (#1682)
* Forward lifetimes in for loops

* Format
2019-02-22 06:37:02 +01:00
Kamil Dudka 2908593cf6 checkautovariables: eliminate false positives on assignment of &ptr->item (#1667)
Even if `ptr` is a local variable, the object `ptr->item` might be not.
So taking address of `ptr->item` is definitely not unsafe in general.

This commit fixes false positives triggered by commit
1.85-249-gf42648fe2 on the following code of sssd:

https://github.com/SSSD/sssd/blob/d409df33/src/sbus/request/sbus_request.c#L359
2019-02-18 09:35:07 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II c176775afb Avoid infinite recursion in getLifetimeVariable (#1634)
* Fix direct recursion

* Limit depth of getLifetimeVariable
2019-01-31 10:34:41 +01:00
Paul Fultz II 165a22ed0f Lifetime: Support analysis with functions that do not return a reference (#1632)
* Initial support for function return

* Add test case

* Add support for reference parameters

* Format
2019-01-29 09:47:52 +01:00
Paul Fultz II d6aaf401df Lifetime: Follow functions that return references
This will now warn for cases like this:

```cpp
int& f(int& a) {
    return a;
}
int& hello() {
    int x = 0;
    return f(x);
}
```
2019-01-26 11:03:57 +01:00
Paul Fultz II 3975913637 Extend lifetime checking for references
This will use the lifetime checker for dangling references. It will find these cases for indirectly assigned reference:

```cpp
int &foo()
{
    int s = 0;
    int& x = s;
    return x;
}
```

This will also fix issue 510 as well:

```cpp
int &f( int k )
{
    static int &r = k;
    return r;
}
```
2019-01-23 07:29:16 +01:00
Daniel Marjamäki 8dd641b8be Use OVERRIDE in test 2019-01-12 15:45:25 +01:00
Paul Fultz II 921f6e4313 Fix issue 8883: False positive: returnDanglingLifetime with local struct or class (#1585) 2019-01-11 09:51:02 +01:00
practicalswift 0a1b3a9d6f Fix typos (#1568) 2019-01-06 17:15:57 +01:00
Paul Fultz II e4677ae640 Fix issue 8910: Regression: ValueFlow: wrong conditional tokvalue
This fixes issue in:

```cpp
void f()
{
    char stack[512];
    RGNDATA *data;

    if (data_size > sizeof (stack))
        data = malloc (data_size);
    else
        data = (RGNDATA *)stack;

    if ((char *)data != stack)
            free (data); // <- data is not stack
}
```

It seems the `ProgramMemory` can't handle two known values(such as int and tok) together. So instead `ValueFlowAfterAssign` runs `ValueFlowForward` with tok values and then runs it with the other values.
2018-12-29 09:31:21 +01:00
Paul Fultz II 45dcfad9f9 Fix issue 8899: False positive returnDanglingLifetime when returning by value
This fixes the FP from:

```cpp
#include <string>

class MyString
{
        public:
        MyString(char* source)
        {
                length = strlen( source );
                buffer = new char[length+1];
                if( buffer )
                {
                        strcpy( buffer, source );
                }
        }

        char* buffer;
        int length;
};

MyString Foo()
{
        char arr[20];
        sprintf(arr, "hello world");

        return arr;
}

void main()
{
        MyString str = Foo();

        printf(str.buffer);
}
```
2018-12-15 17:58:45 +01:00
Paul Fultz II 3e1b34dd8f Fix FPs and crashes with byDerefCopy (#1503)
* Fix FP when inserting a range into a container

* Formatting

* Fix crash
2018-12-02 14:31:31 +01:00
Daniel Marjamäki ccbaad32f9 Fix merge conflicts 2018-12-01 19:14:43 +01:00
Paul Fultz II b841b818d2 Fix 8872: Crash in LifetimeStore when there is no scope for variable
This fixes crash in:

```cpp
struct edit_line_paste_over {
    void operator()(agi::Context *c) override {
        paste_lines(c, true, [&](AssDialogue *new_line) -> AssDialogue * {
            AssDialogue *ret = paste_over(c->parent, pasteOverOptions, new_line, static_cast<AssDialogue*>(&*pos));
            return ret;
          });
    }
};
```
2018-12-01 19:11:26 +01:00
Paul Fultz II 67dd822910 Fix FP in lifetime anlaysis: Dont decay std array
This will fix FP with:

```cpp
std::array<char, 1> f() {
    std::array<char, 1> x;
    return x;
}
```
2018-12-01 19:09:19 +01:00
Paul Fultz II 229c45e7f8 Fix issue 8865: FP with dangling lifetime
This fixes:

```cpp
void f(uint32_t event, unsigned long op, const xen_ulong_t *args)
{
    struct __packed {
        uint32_t op;
        uint32_t args[6];
    } d;
    uint32_t *a = d.args;
}
```
2018-12-01 19:07:46 +01:00