Commit Graph

627 Commits

Author SHA1 Message Date
orbitcowboy e869452240 #10244: Fixed false negative: bufferAccessOutOfBounds 2021-04-13 16:40:38 +02:00
Oliver Stöneberg 6397e29f84
cleaned up includes based on include-what-you-use (#3141) 2021-04-03 21:30:50 +02:00
orbitcowboy e23a967215 #4750 Added a regression test 2021-03-28 09:29:46 +02:00
orbitcowboy 185a5e1ee6 #7682 Added regression test 2021-03-26 10:54:08 +01:00
orbitcowboy 6fd916a90f #3763 Added regression test 2021-03-26 10:01:44 +01:00
Daniel Marjamäki 42437277dc Update Copyright year 2021-03-21 20:58:32 +01:00
PKEuS 141d2ac215 Refactorization: Improved internal implementation of severity and certainty levels
Backported from LCppC.
2021-02-24 22:00:06 +01:00
PKEuS 4b01d5bdc6 Re-enabled a bunch of disabled unit tests, some as TODO tests
Merged from LCppC.
2021-02-20 13:02:14 +01:00
PKEuS cf1937294a Refactorization: Removed unnecessary \n and spaces in strings
Merged from LCppC.
2021-02-20 12:58:42 +01:00
Paul Fultz II fc4238829f
Fix issue 10092: false positive: (warning) The address of local variable 'data' might be accessed at non-zero index. (#3041) 2021-01-12 10:24:28 +01:00
Paul Fultz II e004731f1c
Fix issue 8650: ValueFlow: Track if pointer is created by '&' operator (#3011) 2021-01-05 16:56:38 +01:00
Ken-Patrick Lehrmann 8c2c81dbcd
Fix some false positive in loop forward analysis (#2669)
* Fix some false positive in loop forward analysis

In cases like:
```
bool b();
void f()
{
    int val[50];
    int i, sum=0;
    for (i = 1; b() && i < 50; i++)
        sum += val[i];
    for (; i < 50; i++)
        sum -= val[i];
}
```
The forward analysis assumed the second loop was entered, and we ended
up with false positive in it:
 `Array 'val[50]' accessed at index 50, which is out of bounds`

* Fix style
2020-06-05 18:06:03 +02:00
Daniel Marjamäki 08ddd84780 Update copyright year 2020-05-10 11:16:32 +02:00
Daniel Marjamäki 3e0218299b Revert "Update copyright year"
This reverts commit 6eec6c4bd5.
2020-05-10 11:13:05 +02:00
Daniel Marjamäki 6eec6c4bd5 Update copyright year 2020-05-10 11:11:34 +02:00
Oliver Stöneberg 2c1e36e63e
cleaned up includes based on include-what-you-use (#2600)
* cleaned up includes based on include-what-you-use

* check.h: trying to work around Visual Studio 2012 bug

* fixed Visual Studio compilation
2020-04-13 13:44:48 +02:00
orbitcowboy f05c504440 Running astyle [ci skip] 2020-03-03 20:38:30 +01:00
Dmitry-Me b61feff125 Improve test coverage for detecting invalid pointers 2020-03-02 19:01:27 +03:00
Paul Fultz II 3b20684aca
Fix issue 9360: False positive: arrayIndexOutOfBounds when function is called with different array sizes (#2541) 2020-02-17 10:31:08 +01:00
Paul Fultz II e1a97c524d Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index. (#2470)
* Fix issue 9554: False positive: The address of local variable 'x' is accessed at non-zero index.

* Format

* Remove unnecesary condition check
2020-01-04 11:39:52 +01:00
Daniel Marjamäki 9ffb657c1a Fixed #8597 (False positive - Array index is used before limits check.) 2019-12-20 09:46:01 +01:00
Paul Fultz II 78b4485670 Regression for issue 8653: valueFlowAfterCondition: compound conditional (#2416) 2019-12-02 11:35:51 +01:00
Sebastian c3c3d6770c
Fix #9478: Valueflow: printf does not change value (#2388)
Format-string arguments are now marked to have `in` direction, except
for `scan`-functions (like `scanf`) where these arguments are explicitly
marked to have `out` direction.
2019-11-24 01:40:31 +01:00
Daniel Marjamäki fcc5fad3ed Fixed #9113 (false positive: (error) Buffer is accessed out of bounds) 2019-11-10 16:42:48 +01:00
Rikard Falkeborn 73a569be97 TestBufferOverRun: Handle string literals (#2287) 2019-10-21 07:11:22 +02:00
Rikard Falkeborn 5c061c1c12 Set correct type and size of string and char literals (#2275)
* Set correct type and size of string and char literals

Use that string and char literal tokens store the prefix. This makes
it possible to distinghuish between different type of string literals
(i.e., utf8 encoded strings, utf16, wide strings, etc) which have
different type.

When the tokens holding the string and character values have the correct
type, it is possible to improve Token::getStrSize() to give the correct
result for all string types. Previously, it would return the number of
characters in the string, i.e., it would give the wrong size unless
the type of the string was char*.

Since strings now can have different size (in number of bytes) and
length (in number of elements), add a new helper function that returns
the number of characters. Checkers have been updated to use the correct
functions.

Having the size makes it possible to find more problems with prefixed
strings, and to reduce false positives, for example in the buffer
overflow checker.

Also, improve the stringLiteralWrite error message to also print the
prefix of the string (if there is one).

* Add comment and update string length
2019-10-20 07:11:57 +02:00
Rikard Falkeborn 443fcd2ac4 TestBufferOverrun: Enable passing tests (#2246)
There are a number of tests and asserts in testbufferoverrun that pass.
Enable them to add test coverage.
2019-10-07 09:17:12 +02:00
Paul Fultz II 6b6553e320 Dont warn for arrays that are containers (#2240) 2019-10-05 16:14:30 +02:00
orbitcowboy 4b41f19c87 insecureCmdLineArgs: Added more test cases to ensure 'const'-qualifiers are handled correctly. 2019-08-15 08:45:31 +02:00
Daniel Marjamäki 602911cfca Activate a TODO test case 2019-07-29 08:06:57 +02:00
Scott Furry a195477470 Correct Zero/Null as pointer constant (#1938)
Building with enhanced clang warnings indicated a large number of
instances with the warning:

`warning: zero as null pointer constant`

Recommended practice in C++11 is to use `nullptr` as value for
a NULL or empty pointer value. All instances where this warning
was encountered were corrected in this commit.

Where warning was encountered in dependency code (i.e. external library)
no chnages were made. Patching will be offered upstream.
2019-06-30 21:39:22 +02:00
Paul Fultz II f75c15af56 Fix issue 6821: New check: access heap/stack data using address of variable
This fixes errors with:

```cpp
int f() {
    int i;
    return (&i)[1];
}
```

It uses the lifetime analysis to detect the issues.
2019-05-31 12:24:31 +02:00
Daniel Marjamäki 6da42a3d63 Fixed #9112 (false positive: (error) Array index out of bounds; buffer 'x' is accessed at offset n.) 2019-05-01 13:00:14 +02:00
Daniel Marjamäki de4f57ec0f Buffer overflow: Add CTU checking for pointer arithmetic overflows 2019-04-03 06:43:56 +02:00
Daniel Marjamäki c5807459f9 CheckBufferOverrun: Add check for pointer arithmetics 2019-03-31 09:00:52 +02:00
Daniel Marjamäki 4107671549 TestBufferOverrun: Uncommented and moved CTU tests 2019-03-30 15:10:00 +01:00
Daniel Marjamäki b5a285319c Fixed #9073 (Segmentation fault in Token::isUnaryOp() with ode) 2019-03-29 19:37:23 +01:00
Daniel Marjamäki d6b806c592 CheckBufferOverrun: Better CTU checking when variable address is passed 2019-03-23 15:57:17 +01:00
Daniel Marjamäki 9653760547 CheckBufferOverrun: Improved CTU analysis for array 2019-03-23 11:20:35 +01:00
Daniel Marjamäki 15fc9a622d CheckBufferOverrun: Add CTU analysis 2019-03-23 08:36:10 +01:00
Daniel Marjamäki 031362ae01 CheckBufferOverrun: Fix false positive 2019-03-19 21:07:08 +01:00
Daniel Marjamäki a0e58f0039 Revert "Revert "CheckBufferOverrun: Handle multidimensional arrays""
This reverts commit 9d1755f449.
2019-03-19 13:16:22 +01:00
Daniel Marjamäki 9d1755f449 Revert "CheckBufferOverrun: Handle multidimensional arrays"
This reverts commit e98a4a6f14.
2019-03-19 13:13:29 +01:00
Daniel Marjamäki e98a4a6f14 CheckBufferOverrun: Handle multidimensional arrays 2019-03-19 09:29:32 +01:00
Daniel Marjamäki 03f8535c71 Better multiline warning when there is buffer overflow 2019-03-17 20:12:02 +01:00
Daniel Marjamäki 3c85d8a8ac ValueFlow: Better info for buffer size values 2019-03-17 19:02:36 +01:00
Daniel Marjamäki 0771929518 Buffer overflow: Handling of dynamically allocated buffer 2019-03-17 13:40:56 +01:00
Daniel Marjamäki 92f4113b59 Array index: Checking array index out of bounds for dynamic buffers 2019-03-17 13:09:15 +01:00
Daniel Marjamäki ebef16b8a3 Travis: Try to remove temporary fix 2019-03-16 18:29:02 +01:00
Daniel Marjamäki e9d29e826f Travis: Temporarily comment out failing test 2019-03-16 09:48:32 +01:00
Daniel Marjamäki fb2198fd6b Travis: Try to fix test 2019-03-16 09:28:00 +01:00
Daniel Marjamäki f40a80c349 Use 'normal' checking instead of 'simplified' 2019-03-16 07:19:48 +01:00
Daniel Marjamäki 81a1d744c6 CheckBufferOverrun: fix FP for array definition of static class member 2019-03-13 06:39:09 +01:00
Daniel Marjamäki 67e8b99c2c CheckBufferOverrun: Readd a check for strncpy/memcpy/etc 2019-03-12 21:15:26 +01:00
Daniel Marjamäki 0c08f6db6c CheckBufferOverrun: Use AST to lookup array 2019-03-12 06:46:38 +01:00
Daniel Marjamäki ea23033a65 Array index out of bounds: Fix false positive 2019-03-11 20:33:08 +01:00
Daniel Marjamäki bd048085bd Add CheckBufferOverrun::arrayIndexThenCheck 2019-03-11 19:20:06 +01:00
Daniel Marjamäki 729f57d8f1 Start a major rewrite of CheckBufferOverrun. For now only the 'array index' and 'buffer overflow' checks are rewritten.
There are important TODOs still; for instance adding CTU support using our CTU infrastructure, add handling of pointers (maybe I'll use FwdAnalysis for this), add handling of multidimensional arrays, etc..
2019-03-11 12:34:33 +01:00
amai2012 eb9edbc177 #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. 2019-03-08 11:07:33 +01:00
Daniel Marjamäki c32d015337 Fixed false positives from terminateStrncpy 2019-03-06 18:50:50 +01:00
Daniel Marjamäki bd7790fd8c Update copyright year 2019-02-09 07:24:06 +01:00
Paul Fultz II 4b37f276c2 ValueFlow: Set arrays to true when converting to a boolean
This sets it by checking the parent. It doesn't handle function parameters yet.
2019-01-21 20:05:35 +01:00
Daniel Marjamäki 8dd641b8be Use OVERRIDE in test 2019-01-12 15:45:25 +01:00
Daniel Marjamäki bc34f0239d Disable the subfunction value flow analysis. It does not work well and needs to be rewritten. There are false positives. 2018-12-18 14:36:49 +01:00
orbitcowboy 0858488825
insecureCmdLineArgs: Fixed FN in case strdup() copies argv[]. (#1438)
* insecureCmdLineArgs: Fixed FN in case strdup() copies argv[].

* Formatted the code. There are no functional changes intended.

* Changes due to review comments from Daniel.
2018-10-19 11:04:15 +02:00
orbitcowboy a6e8270474
insecureCmdLineArgs: Fixed false negatives in case arguments are const. (#1419)
* insecureCmdLineArgs: Fixed false negatives in case arguments are const.

* Formatted the code, there are functional changes.

* Simplified matching as suggested by Daniel.
2018-10-15 10:05:43 +02:00
Daniel Marjamäki 20121b34d8 Fixed #7718 (False positive: out of bounds of already resized std::string) 2018-10-09 06:53:26 +02:00
Daniel Marjamäki f388c77042 Fixed #8721 (Regression: False positive array index out of bounds) 2018-08-31 18:25:43 +02:00
Daniel Marjamäki 27aae8d032 Fixed #8644 (crash (CheckBufferOverrun::checkGlobalAndLocalVariable): local function) 2018-08-30 10:04:07 +02:00
Simon Martin acb0b9f07e Ticket #8679: Add support for C++11 thread_local and GCC's (among others) __thread extension. (#1351) 2018-08-26 19:46:36 +02:00
rebnridgway 42a65c5160 Fix crash bug #8579 (#1238)
* Added declaration for deletePrevious function

* Added definition for deletePrevious function

* Fixed crash from deleteThis invalidating pointers

The crash was caused by deleteThis() invalidating the pointer to a constant variable usage.  This happened when a usage followed an assignment.  This fixes bug #8579.

* Added tokensFront to match tokensBack

This means deletePrevious can set the list's front if necessary.

* Initialised tokensFront in appropriate places

* Switched to using default Token constructor

* Switched to using Token default constructor

* Switched to using default constructor for Token

* Added missing argument to Token constructor

* Changed to use default constructor for Tokens

* Switched to using default constructor for Tokens

* Switched to using default constructor for Token

* Added new test for deleting front Token

Also made sure to use the correct constructor for Token in other tests.

* Syntax error

* Replaced tokensFront and tokensBack with a struct

This decreases the size of the Token class for performance purposes.

* Replaced tokensFront and tokensBack with a struct

* Added tokensFrontBack to destructor

* Reworked to use TokensBackFront struct

Also ran astyle.

* Reworked to use TokenList's TokensFrontBack member

* Reworked to use TokensFrontBack struct

* Reworked to use TokensFrontBack struct

* Reworked to work with TokensFrontBack struct

* Removed unnecessary scope operator

* Added missing parentheses

* Fixed syntax error

* Removed unnecessary constructor

* Default constructor now 0-initialises everything

This is safer for not using a temporary TokensFrontBack object, and doesn't use delegating constructors which aren't supported yet.

* Fixed unsafe null check

* Added missing explicit keyword

* Fixing stylistic nits

Removed default constructor as it has been superseded by the single-argument constructor with a default argument value.
Renamed listEnds to tokensFrontBack.
Fixed if statement that was supposed to be adding safety but would actually cause a crash if tokensFrontBack was null.

* Fixing stylistic nits

Removed default constructor and replaced it with a single-argument constructor with a default value.

* Fixing stylistic nits

Renamed _listEnds to _tokensFrontBack.

* Fixing stylistic nits

Renamed _listEnds to _tokensFrontBack.
2018-05-25 07:15:05 +02:00
IOBYTE ce50df8047 Fix override warnings. (#1234) 2018-05-15 16:37:40 +02:00
Daniel Marjamäki 8c2a5c9813 astyle formatting
[ci skip]
2018-05-06 09:50:53 +02:00
Paul Fultz II 0561877182 Fix false positive with negative array index in issue 8536 (#1202)
* Fix FP with negative array index in valueflow

* Remove values when valueflow fails

* Add valueflow test
2018-05-06 08:35:29 +02:00
PKEuS bbfcccf078 Refactorization: Replace several push_back-sequences by initializer lists 2018-04-09 09:41:24 +02:00
Daniel Marjamäki 7e4dba6a7e Updated copyright year 2018-03-31 20:59:09 +02:00
IOBYTE 5bc039b7da Fix #6367 and #8439 (improve sizeof value flow support) (#1132) 2018-03-23 08:28:12 +01:00
Daniel Marjamäki bc40f5041d Fixed #6356 (Improve checking: pointer arithmetic "ab.a + 100" overrun) 2018-01-27 15:39:39 +01:00
Daniel Marjamäki c4caee6b18 Updated copyright year 2018-01-14 15:37:52 +01:00
Daniel Marjamäki 7d2450e445 Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc) 2017-12-31 14:58:26 +01:00
Ayaz Salikhov 28aa939d69 iwyu - include what you use 2017-05-27 04:33:47 +02:00
Daniel Marjamäki 040d2f0012 Use simplecpp lexer in test cases 2017-05-18 21:52:31 +02:00
Daniel Marjamäki 7fd04cd8d0 Updated Token::expressionString(), write '->' instead of '.' 2017-04-30 14:22:18 +02:00
Simon Martin b526fd7c49 Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). 2017-04-21 23:36:10 +02:00
PKEuS b97779591e Fixed unit test in testbufferoverrun.cpp 2017-04-11 23:00:33 +02:00
PKEuS 680828788b Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests 2017-03-27 11:30:07 +02:00
PKEuS 171e1b8244 Fixed false negatives in CheckBufferOverrun::arrayIndexThenCheck() 2017-03-27 11:07:49 +02:00
Daniel Marjamäki f0d91fb74b Fixed #7869 (False positive: Array index out of bounds) 2016-12-20 22:01:19 +01:00
Daniel Marjamäki f5ad7482a8 CheckBufferOverrun: Skip warnings about array index out of bounds in unions. Theoretically, the array is at least as large as the biggest union member. 2016-12-18 22:10:30 +01:00
Daniel Marjamäki 461e5cc5c9 CheckBufferOverrun: Moved check from simplified to normal. This fixes a FP in asterisk. 2016-12-18 11:14:05 +01:00
Daniel Marjamäki a61f4e9c94 Fixed #7831 (false-positive: terminateStrncpy) 2016-11-24 07:04:58 +01:00
Daniel Marjamäki 5b377ea2e4 Fixed #7821 (segmentation fault, invalid last token) 2016-11-20 14:15:51 +01:00
PKEuS 3f4fe8f578 Refactorized CheckBufferOverrun:
- Removed redundant code
- Apply non-simplified checking in test suite
2016-07-27 17:28:43 +02:00
PKEuS 44a19b527e Use ValueFlow and SymbolDatabase to detect buffer overflows with new and malloc, improving support for enums (#7576) 2016-07-08 20:53:08 +02:00
PKEuS 644a216394 Fixed two false positives related to char arrays initialized by a literal:
- Run check for writing to string literals on non-simplified token list (#7283)
- Run buffer overrun checking for string literals on non-simplified token list (https://sourceforge.net/p/cppcheck/discussion/general/thread/2c33dfc5/)
2016-07-07 19:38:15 +02:00
umanamente 0f11007c19 Fixed #7083 (false positive: typedef and initialization with strings) 2016-06-21 22:42:46 +02:00
PKEuS 8c0eab3eb3 Optimization: Improved performance of CheckBufferOverrun::checkScope() when dealing with a large number of arrays (#5975)
-> checking time decreases from 1010s to 50s on the code snippet in #5975
-> Dropped a garbage code unit test
2016-05-25 14:42:00 +02:00
Daniel Marjamäki 659cd96b03 Fixed #7209 (False positive: Array index used before limits check reported in sizeof) 2016-01-24 14:06:02 +01:00
Lauri Nurmi 996c9244d8 Update copyright year to 2007-2016. 2016-01-01 15:34:45 +02:00
Daniel Marjamäki 9c3f25603e CheckBufferOverrun: Remove old checking of strings and use new ValueFlow-based checking instead (#6973) 2015-11-30 16:36:52 +01:00