Daniel Marjamäki
f40a80c349
Use 'normal' checking instead of 'simplified'
2019-03-16 07:19:48 +01:00
Daniel Marjamäki
81a1d744c6
CheckBufferOverrun: fix FP for array definition of static class member
2019-03-13 06:39:09 +01:00
Daniel Marjamäki
67e8b99c2c
CheckBufferOverrun: Readd a check for strncpy/memcpy/etc
2019-03-12 21:15:26 +01:00
Daniel Marjamäki
0c08f6db6c
CheckBufferOverrun: Use AST to lookup array
2019-03-12 06:46:38 +01:00
Daniel Marjamäki
ea23033a65
Array index out of bounds: Fix false positive
2019-03-11 20:33:08 +01:00
Daniel Marjamäki
bd048085bd
Add CheckBufferOverrun::arrayIndexThenCheck
2019-03-11 19:20:06 +01:00
Daniel Marjamäki
729f57d8f1
Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
...
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
amai2012
eb9edbc177
#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
2019-03-08 11:07:33 +01:00
Daniel Marjamäki
c32d015337
Fixed false positives from terminateStrncpy
2019-03-06 18:50:50 +01:00
Daniel Marjamäki
bd7790fd8c
Update copyright year
2019-02-09 07:24:06 +01:00
Paul Fultz II
4b37f276c2
ValueFlow: Set arrays to true when converting to a boolean
...
This sets it by checking the parent. It doesn't handle function parameters yet.
2019-01-21 20:05:35 +01:00
Daniel Marjamäki
8dd641b8be
Use OVERRIDE in test
2019-01-12 15:45:25 +01:00
Daniel Marjamäki
bc34f0239d
Disable the subfunction value flow analysis. It does not work well and needs to be rewritten. There are false positives.
2018-12-18 14:36:49 +01:00
orbitcowboy
0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. ( #1438 )
...
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].
* Formatted the code. There are no functional changes intended.
* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy
a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. ( #1419 )
...
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.
* Formatted the code, there are functional changes.
* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki
20121b34d8
Fixed #7718 (False positive: out of bounds of already resized std::string)
2018-10-09 06:53:26 +02:00
Daniel Marjamäki
f388c77042
Fixed #8721 (Regression: False positive array index out of bounds)
2018-08-31 18:25:43 +02:00
Daniel Marjamäki
27aae8d032
Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function)
2018-08-30 10:04:07 +02:00
Simon Martin
acb0b9f07e
Ticket #8679 : Add support for C++11 thread_local and GCC's (among others) __thread extension. ( #1351 )
2018-08-26 19:46:36 +02:00
rebnridgway
42a65c5160
Fix crash bug #8579 ( #1238 )
...
* Added declaration for deletePrevious function
* Added definition for deletePrevious function
* Fixed crash from deleteThis invalidating pointers
The crash was caused by deleteThis() invalidating the pointer to a constant variable usage. This happened when a usage followed an assignment. This fixes bug #8579 .
* Added tokensFront to match tokensBack
This means deletePrevious can set the list's front if necessary.
* Initialised tokensFront in appropriate places
* Switched to using default Token constructor
* Switched to using Token default constructor
* Switched to using default constructor for Token
* Added missing argument to Token constructor
* Changed to use default constructor for Tokens
* Switched to using default constructor for Tokens
* Switched to using default constructor for Token
* Added new test for deleting front Token
Also made sure to use the correct constructor for Token in other tests.
* Syntax error
* Replaced tokensFront and tokensBack with a struct
This decreases the size of the Token class for performance purposes.
* Replaced tokensFront and tokensBack with a struct
* Added tokensFrontBack to destructor
* Reworked to use TokensBackFront struct
Also ran astyle.
* Reworked to use TokenList's TokensFrontBack member
* Reworked to use TokensFrontBack struct
* Reworked to use TokensFrontBack struct
* Reworked to work with TokensFrontBack struct
* Removed unnecessary scope operator
* Added missing parentheses
* Fixed syntax error
* Removed unnecessary constructor
* Default constructor now 0-initialises everything
This is safer for not using a temporary TokensFrontBack object, and doesn't use delegating constructors which aren't supported yet.
* Fixed unsafe null check
* Added missing explicit keyword
* Fixing stylistic nits
Removed default constructor as it has been superseded by the single-argument constructor with a default argument value.
Renamed listEnds to tokensFrontBack.
Fixed if statement that was supposed to be adding safety but would actually cause a crash if tokensFrontBack was null.
* Fixing stylistic nits
Removed default constructor and replaced it with a single-argument constructor with a default value.
* Fixing stylistic nits
Renamed _listEnds to _tokensFrontBack.
* Fixing stylistic nits
Renamed _listEnds to _tokensFrontBack.
2018-05-25 07:15:05 +02:00
IOBYTE
ce50df8047
Fix override warnings. ( #1234 )
2018-05-15 16:37:40 +02:00
Daniel Marjamäki
8c2a5c9813
astyle formatting
...
[ci skip]
2018-05-06 09:50:53 +02:00
Paul Fultz II
0561877182
Fix false positive with negative array index in issue 8536 ( #1202 )
...
* Fix FP with negative array index in valueflow
* Remove values when valueflow fails
* Add valueflow test
2018-05-06 08:35:29 +02:00
PKEuS
bbfcccf078
Refactorization: Replace several push_back-sequences by initializer lists
2018-04-09 09:41:24 +02:00
Daniel Marjamäki
7e4dba6a7e
Updated copyright year
2018-03-31 20:59:09 +02:00
IOBYTE
5bc039b7da
Fix #6367 and #8439 (improve sizeof value flow support) ( #1132 )
2018-03-23 08:28:12 +01:00
Daniel Marjamäki
bc40f5041d
Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun)
2018-01-27 15:39:39 +01:00
Daniel Marjamäki
c4caee6b18
Updated copyright year
2018-01-14 15:37:52 +01:00
Daniel Marjamäki
7d2450e445
Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)
2017-12-31 14:58:26 +01:00
Ayaz Salikhov
28aa939d69
iwyu - include what you use
2017-05-27 04:33:47 +02:00
Daniel Marjamäki
040d2f0012
Use simplecpp lexer in test cases
2017-05-18 21:52:31 +02:00
Daniel Marjamäki
7fd04cd8d0
Updated Token::expressionString(), write '->' instead of '.'
2017-04-30 14:22:18 +02:00
Simon Martin
b526fd7c49
Ticket #7964 : Don't crash on valid code using function pointers named strcpy or strcat in main().
2017-04-21 23:36:10 +02:00
PKEuS
b97779591e
Fixed unit test in testbufferoverrun.cpp
2017-04-11 23:00:33 +02:00
PKEuS
680828788b
Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests
2017-03-27 11:30:07 +02:00
PKEuS
171e1b8244
Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck()
2017-03-27 11:07:49 +02:00
Daniel Marjamäki
f0d91fb74b
Fixed #7869 (False positive: Array index out of bounds)
2016-12-20 22:01:19 +01:00
Daniel Marjamäki
f5ad7482a8
CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member.
2016-12-18 22:10:30 +01:00
Daniel Marjamäki
461e5cc5c9
CheckBufferOverrun: Moved check from simplified to normal. This fixes a FP in asterisk.
2016-12-18 11:14:05 +01:00
Daniel Marjamäki
a61f4e9c94
Fixed #7831 (false-positive: terminateStrncpy)
2016-11-24 07:04:58 +01:00
Daniel Marjamäki
5b377ea2e4
Fixed #7821 (segmentation fault, invalid last token)
2016-11-20 14:15:51 +01:00
PKEuS
3f4fe8f578
Refactorized CheckBufferOverrun:
...
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS
44a19b527e
Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums ( #7576 )
2016-07-08 20:53:08 +02:00
PKEuS
644a216394
Fixed two false positives related to char arrays initialized by a literal:
...
- Run check for writing to string literals on non-simplified token list (#7283 )
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/ )
2016-07-07 19:38:15 +02:00
umanamente
0f11007c19
Fixed #7083 (false positive: typedef and initialization with strings)
2016-06-21 22:42:46 +02:00
PKEuS
8c0eab3eb3
Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays ( #5975 )
...
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
Daniel Marjamäki
659cd96b03
Fixed #7209 (False positive: Array index used before limits check reported in sizeof)
2016-01-24 14:06:02 +01:00
Lauri Nurmi
996c9244d8
Update copyright year to 2007-2016.
2016-01-01 15:34:45 +02:00
Daniel Marjamäki
9c3f25603e
CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead ( #6973 )
2015-11-30 16:36:52 +01:00
Daniel Marjamäki
0f9d90d2be
Changed Copyrights. Removed my name.
2015-11-18 20:04:50 +01:00
Daniel Marjamäki
5074c11b53
CheckBufferOverrun: Fixed FP when accessing string that contains '\0'. Refactoring address-of.
2015-11-09 10:30:39 +01:00
Daniel Marjamäki
ef5be435c7
Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast)
2015-11-08 17:21:32 +01:00
Daniel Marjamäki
7d6e1974eb
Fixed #7104 (False positive arrayIndexOutOfBounds)
2015-11-08 09:30:23 +01:00
Daniel Marjamäki
9c7271a5e9
CheckBufferOverrun: The simplifyKnownVariables() has been reduced, use ValueFlow instead
2015-11-07 18:12:01 +01:00
PKEuS
0a34b206e8
Refactorization: Reduced code duplication in test suite
2015-10-08 11:35:51 +02:00
PKEuS
3a5cef8a7e
Refactorization: Improved usage of Settings instances in test suite
2015-10-07 18:40:03 +02:00
Alexander Mai
8d2c4453ad
Small optimizations for C code in Tokenizer. Add some regression tests for recently fixed results
2015-08-29 19:00:09 +02:00
Alexander Mai
66e4faa621
Add regression test for true negative argumentSize
2015-08-29 11:14:13 +02:00
PKEuS
128a926d9d
Collected some more garbage code tests in testgarbage.cpp; Avoid std::string creation in testgarbage.cpp
2015-08-16 19:12:12 +02:00
Martin Ettl
42a406ac5f
testbufferoverrun: Removed duplicate test case.
2015-07-30 22:42:45 +02:00
Daniel Marjamäki
6790d91fbb
Improve error messages for conditional values. make valueFlowSwitchVariable values conditional that depend on the case. Partial fix for #6884 .
2015-07-29 19:54:57 +02:00
Daniel Marjamäki
c5bbea2994
Fixed #6816 (FP: buffer overflow, checkminsizes of array with string value)
2015-07-27 16:39:41 +02:00
PKEuS
176b3925b3
Removed "verify" code in testrunner. Fixing its messages reduces the accuracy of the test suite.
2015-07-25 14:18:41 +02:00
Daniel Marjamäki
fef251ac76
negative array size: fixed noise when array is not vla
2015-07-04 09:42:42 +02:00
Daniel Marjamäki
0ca410a4d7
Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)
2015-06-07 14:01:20 +02:00
Daniel Marjamäki
baa1ae079d
New check: negative size in array declaration. Ticket #1760
2015-05-03 15:00:47 +02:00
Dmitry-Me
d735918a8a
Constructor parameter type need not be a number
2015-03-25 14:56:45 +03:00
PKEuS
bc5132e0ac
Refactorization: Moved declaration of errout, ... to testsuite.h, uniformized style
2015-03-11 22:54:43 +01:00
Daniel Marjamäki
cc0f61376a
more cleanup of std.cfg testing in TestBufferOverrun
2015-02-14 18:55:54 +01:00
Daniel Marjamäki
e510902d58
TestBufferOverrun cleanup some more std.cfg testing
2015-02-14 17:30:08 +01:00
Daniel Marjamäki
360ec9d853
updated TestBufferOverrun test case. Since checker doesn't use library dont load std.cfg.
2015-02-14 16:44:08 +01:00
Daniel Marjamäki
0c0d62171e
removed duplicate testcase. See testcase for #836
2015-02-14 16:41:51 +01:00
Daniel Marjamäki
a57d5d7eda
moved testcases
2015-02-14 16:37:48 +01:00
Daniel Marjamäki
e01b30345e
move testcases in TestBufferOverrun
2015-02-14 16:29:05 +01:00
Daniel Marjamäki
166db40af2
Fix TestBufferOverrun test case, it was wrongly written.
2015-02-14 15:51:13 +01:00
Daniel Marjamäki
c43d537726
renamed TestBufferOverrun test method to same name as CheckBufferOverrun method that is tested
2015-02-14 15:49:17 +01:00
Daniel Marjamäki
2b7c7134e1
TestBufferOverrun: move memset test
2015-02-14 15:46:00 +01:00
Daniel Marjamäki
e0d90c00be
TestBufferOverrun: Cleanup testcases for memory functions
2015-02-13 16:16:59 +01:00
Daniel Marjamäki
2d21eb07ba
Cleaned up snprintf hardcoding in CheckBufferOverrun
2015-02-13 06:44:38 +01:00
Daniel Marjamäki
a6cfd15bde
refactoring TestBufferOverrun
2015-02-12 17:36:22 +01:00
Daniel Marjamäki
9aad4fa8ca
CheckBufferOverrun: Remove hardcoding for sprintf and rely on cfg configuration instead
2015-02-12 17:29:36 +01:00
Daniel Marjamäki
d9deabe2ce
TestBufferOverrun: clean up
2015-02-10 17:29:36 +01:00
Daniel Marjamäki
53718047f1
refactoring TestBufferOverrun
2015-02-10 06:49:48 +01:00
Daniel Marjamäki
9aa0420472
TestBufferOverrun: Moved out cfg tests. Created minsize-mul testing in TestBufferOverrun
2015-02-10 06:44:19 +01:00
Daniel Marjamäki
ce1d0099cf
TestBufferOverrun: Moved out cfg tests. Created minsize-argvalue testing in TestBufferOverrun
2015-02-10 06:35:41 +01:00
Daniel Marjamäki
631536980c
TestBufferOverrun: split up strncpy testing, keep checker testing in TestBufferOverrun and move cfg tests to cfg test
2015-02-09 16:20:28 +01:00
PKEuS
f78744ac30
Fixed AST generation if expression starts with ternary operator
2015-02-01 14:02:19 +01:00
PKEuS
21cb0cfd60
Take simplifyIfNotNull and simplifyIfNot out of simplifyTokenList1 (first step for #6072 )
2015-01-31 20:12:02 +01:00
Daniel Marjamäki
73113c67e7
Fixed #6480 (False positive unreachableCode - member function exit called instead of ::exit())
2015-01-31 16:55:55 +01:00
Daniel Marjamäki
57ec1aea91
Library: Don't rely on ast in isNotLibraryFunction since it's used in tokenizer
2015-01-31 10:24:10 +01:00
PKEuS
98e33a189f
Enhanced CheckBufferOverrun:
...
- Fixed bug in library: manual and existing libraries use "size", but library.cpp reads "sizeof" as podtype attribute
- Fixed a couple of bugs in handling unknown size in checkbufferoverrun.cpp, get size from library if available.
2015-01-30 20:27:48 +01:00
PKEuS
3274a00b82
Moved some more tests to testgarbage.cpp
2015-01-21 10:04:46 +01:00
Daniel Marjamäki
6a8293a8b7
Library: More strict matching of functions
2015-01-08 19:31:41 +01:00
Daniel Marjamäki
ff11ba9847
Updated copyright year to 2015
2015-01-03 12:14:58 +01:00
Daniel Marjamäki
6194a4eefd
Fixed #6357 (Improve check: pointer arithmetic 'p+x' overrun, conditional x)
2014-12-26 09:12:00 +01:00
Daniel Marjamäki
7ab12cea63
Improved pointer arithmetic message
2014-12-25 14:31:46 +01:00
Daniel Marjamäki
bc594d52c8
Fixed #6349 (Pointer arithmetic: clarify message)
2014-12-25 10:05:55 +01:00
Daniel Marjamäki
7cfa54f0e0
Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter)
2014-12-24 14:03:52 +01:00
Daniel Marjamäki
1b2a23b3fe
Fixed #6350 (Tokenizer::simplifyCast: set Token::isCasted when cast is removed)
2014-12-23 16:16:14 +01:00
Daniel Marjamäki
10ae551fef
CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended.
2014-12-22 10:56:17 +01:00