cppcheck-1.75 - CWE v2.9 MAP
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

Comment only
 
 
ABCDEFG
1
idseveritymsgproposed CWE (v2.9)Statuscode updated ?MITRE suggested actions
2
arrayIndexOutOfBoundserrorArray 'array[2]' accessed at index 2, which is out of bounds.Access of Memory Location After End of Buffer - (788)OKY
3
assignBoolToPointererrorBoolean value assigned to pointer.Assignment of a Fixed Address to a Pointer - (587)OKYask cwe guys to abroad the coverage as that example is not totally covered even if the concept is the same
4
autoVariableserrorAddress of local auto-variable assigned to a function parameter.Return of Stack Variable Address - (562)OKYPropose to enlarge coverage of this CWE with cppcheck example (See ​https://github.com/danmar/cppcheck/blob/master/test/testautovariables.cpp)
5
autovarInvalidDeallocationerrorDeallocation of an auto-variable results in undefined behaviour.Free of Memory not on the Heap - (590)OKY
6
boostForeachErrorerrorBOOST_FOREACH caches the end() iterator. It's undefined behavior if you modify the container inside.Improper Control of a Resource Through its Lifetime - (664)OKY
7
bufferAccessOutOfBoundserrorBuffer is accessed out of bounds: bufferAccess of Memory Location After End of Buffer - (788)OKY
8
coutCerrMisusageerrorInvalid usage of output stream: '<< std::cout'.Indicator of Poor Code Quality - (398)YY
9
deadpointererrorDead pointer usage. Pointer 'pointer' is dead if it has been assigned '&x' at line 0.Expired Pointer Dereference - (825)OKY
10
deallocDeallocerrorDeallocating a deallocated pointer: varnameDouble Free - (415)OKY
11
deallocreterrorReturning/dereferencing 'p' after it is deallocated / releasedOperation on a Resource after Expiration or Release - (672)OKY
12
deallocuseerrorDereferencing 'varname' after it is deallocated / releasedUse After Free - (416)OKY
13
doubleFreeerrorMemory pointed to by 'varname' is freed twice.Double Free - (415)OKY
14
eraseDereferenceerrorInvalid iterator 'iter' used.Improper Control of a Resource Through its Lifetime - (664)OKY
15
insecureCmdLineArgserrorBuffer overrun possible for long command line arguments.Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)OKY
16
integerOverflowerrorSigned integer overflow for expression ''Integer Overflow or Wraparound - (190)OKY
17
invalidFunctionArgerrorInvalid func_name() argument nr 1Function Call with Incorrectly Specified Arguments - (628)OKY
18
invalidFunctionArgBoolerrorInvalid func_name() argument nr 1. A non-boolean value is required.Function Call with Incorrectly Specified Arguments - (628)OKY
19
invalidIterator1errorInvalid iterator: iteratorImproper Control of a Resource Through its Lifetime - (664)OKY
20
invalidIterator2errorAfter push_back|push_front|insert(), the iterator 'iterator' may be invalid.Improper Control of a Resource Through its Lifetime - (664)OKY
21
invalidPointererrorInvalid pointer 'pointer' after push_back().Improper Control of a Resource Through its Lifetime - (664)OKY
22
invalidScanfFormatWidtherrorWidth 5 given in format string (no. 10) is larger than destination buffer '[0]', use %-1s to prevent overflowing it.Function Call With Incorrectly Specified Argument Value - (687)OKY
23
IOWithoutPositioningerrorRead and write operations without a call to a positioning function (fseek, fsetpos or rewind) or fflush in between result in undefined behaviour.Improper Control of a Resource Through its Lifetime - (664)OKY
24
iteratorserrorSame iterator is used with different containers 'container1' and 'container2'.Improper Control of a Resource Through its Lifetime - (664)OKY
25
leakNoVarFunctionCallerrorAllocation with funcName, funcName doesn't release it.Missing Release of Resource after Effective Lifetime - (772)OKY
26
leakReturnValNotUsederrorReturn value of allocation function funcName is not used.Missing Reference to Active Allocated Resource - (771)OKY
27
mallocOnClassErrorerrorMemory for class instance allocated with malloc(), but class contains a std::string.Improper Initialization - (665)OKY
28
memleakerrorMemory leak: varnameImproper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)OKY
29
memleakOnReallocerrorCommon realloc mistake: 'varname' nulled but not freed upon failureImproper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)OKY
30
memsetClasserrorUsing 'memfunc' on class that contains a classname.Mismatched Memory Management Routines - (762)OKY
31
memsetClassReferenceerrorUsing 'memfunc' on class that contains a reference.Improper Initialization - (665)OKY
32
mismatchAllocDeallocerrorMismatching allocation and deallocation: varnameMismatched Memory Management Routines - (762)OKY
33
mismatchingContainerserrorIterators of different containers are used together.Improper Control of a Resource Through its Lifetime - (664)OKY
34
mismatchSizeerrorThe allocated size sz is not a multiple of the underlying type's size.Incorrect Calculation of Buffer Size - (131)OKY
35
negativeArraySizeerrorDeclaration of array '' with negative size is undefined behaviourReliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
36
negativeIndexerrorArray index -1 is out of bounds.Access of Memory Location Before Start of Buffer - (786)OKY
37
negativeMemoryAllocationSizeerrorMemory allocation size is negative.Incorrect Calculation of Buffer Size - (131)OKY
38
nullPointererrorPossible null pointer dereference: pointerNULL Pointer Dereference - (476)OKY
39
outOfBoundserrorindex is out of bounds: Supplied size 2 is larger than actual size 1.Access of Memory Location After End of Buffer - (788)OKY
40
pointerArithBoolerrorConverting pointer arithmetic result to bool. The bool is always true unless there is undefined behaviour.Expression is Always True - (571)OKY
41
raceAfterInterlockedDecrementerrorRace condition: non-interlocked access after InterlockedDecrement(). Use InterlockedDecrement() return value instead.Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)OKY
42
readWriteOnlyFileerrorRead operation on a file that was opened only for writing.Improper Control of a Resource Through its Lifetime - (664)OKY
43
resourceLeakerrorResource leak: varnameMissing Release of File Descriptor or Handle after Effective Lifetime - (775)OKY
44
returnAddressOfAutoVariableerrorAddress of an auto-variable returned.Return of Stack Variable Address - (562)OKY
45
returnAddressOfFunctionParametererrorAddress of function parameter 'parameter' returned.Return of Stack Variable Address - (562)OKY
46
returnLocalVariableerrorPointer to local array variable returned.Return of Stack Variable Address - (562)OKY
47
returnReferenceerrorReference to auto variable returned.Return of Stack Variable Address - (562)OKY
48
returnTempReferenceerrorReference to temporary returned.Return of Stack Variable Address - (562)OKY
49
selfInitializationerrorMember variable 'var' is initialized by itself.Improper Initialization - (665)OKY
50
shiftNegativeerrorShifting by a negative value is undefined behaviourReliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKYInclude in CWE description also the cppcheck example
51
shiftTooManyBitserrorShifting 32-bit value by 64 bits is undefined behaviourReliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
52
sprintfOverlappingDataerrorUndefined behavior: Variable 'varname' is used as parameter and destination in s[n]printf().Function Call with Incorrectly Specified Arguments - (628)OKY
53
stlBoundarieserrorDangerous iterator comparison using operator< on 'std::container'.Improper Control of a Resource Through its Lifetime - (664)OKY
54
stlcstrerrorDangerous usage of c_str(). The value returned by c_str() is invalid after this call.Improper Control of a Resource Through its Lifetime - (664)OKY
55
stlOutOfBoundserrorWhen i==foo.size(), foo[i] is out of bounds.Access of Memory Location After End of Buffer - (788)OKY
56
stringLiteralWriteerrorModifying string literal directly or indirectly is undefined behaviour.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
57
strPlusCharerrorUnusual pointer arithmetic. A value of type 'char' is added to a string literal.Improper Initialization - (665)OKY
58
uninitdataerrorMemory is allocated but not initialized: varnameUse of Uninitialized Resource - (908)OKY
59
uninitstringerrorDangerous usage of 'varname' (strncpy doesn't always null-terminate it).Use of Potentially Dangerous Function - (676)OKY
60
uninitStructMembererrorUninitialized struct member: a.bUse of Uninitialized Resource - (908)OKY
61
uninitvarerrorUninitialized variable: varnameUse of Uninitialized Resource - (908)OKY
62
unknownEvaluationOrdererrorExpression 'x = x++;' depends on order of evaluation of side effectsIncorrect Short Circuit Evaluation - (768)OKY
63
unusedScopedObjecterrorInstance of 'varname' object is destroyed immediately.Assignment to Variable without Use ('Unused Variable') - (563)OKYInclude in CWE description also cppcheck case
64
useAutoPointerArrayerrorObject pointed by an 'auto_ptr' is destroyed using operator 'delete'. You should not use 'auto_ptr' for pointers obtained with operator 'new[]'.Improper Control of a Resource Through its Lifetime - (664)OKY
65
useAutoPointerContainererrorYou can randomly lose access to pointers if you store 'auto_ptr' pointers in an STL container.Improper Control of a Resource Through its Lifetime - (664)OKY
66
useAutoPointerMallocerrorObject pointed by an 'auto_ptr' is destroyed using operator 'delete'. You should not use 'auto_ptr' for pointers obtained with function 'malloc'. This means that you should only use 'auto_ptr' for pointers obtained with operator 'new'. This excludes use C library allocation functions (for example 'malloc')Mismatched Memory Management Routines - (762)OKY
67
useClosedFileerrorUsed file that is not opened.Use of Expired File Descriptor - (910)OKY
68
va_end_missingerrorva_list 'vl' was opened but not closed by va_end().Improper Control of a Resource Through its Lifetime - (664)OKY
69
va_list_usedBeforeStartederrorva_list 'vl' used before va_start() was called.Improper Control of a Resource Through its Lifetime - (664)OKY
70
va_start_referencePassederrorUsing reference 'arg1' as parameter for va_start() results in undefined behaviour.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
71
va_start_subsequentCallserrorva_start() or va_copy() called subsequently on 'vl' without va_end() inbetween.Improper Control of a Resource Through its Lifetime - (664)OKY
72
virtualDestructorerrorClass 'Base' which is inherited by class 'Derived' does not have a virtual destructor.Improper Resource Shutdown or Release - (404)OKYAsk CWE people to cover also that case
73
virtualDestructorerrorClass 'Base' which is inherited by class 'Derived' does not have a virtual destructor. If you destroy instances of the derived class by deleting a pointer that points to the base classImproper Resource Shutdown or Release - (404)OKY
74
writeReadOnlyFileerrorWrite operation on a file that was opened only for reading.Improper Control of a Resource Through its Lifetime - (664)OKY
75
wrongPipeParameterSizeerrorBuffer 'varname' must have size of 2 integers if used as parameter of pipe().Function Call With Incorrect Argument Type - Common ...OKY
76
wrongPrintfScanfArgNumerrorprintf format string requires 3 parameters but only 2 are given.Function Call With Incorrect Number of Arguments - (685)OKY
77
zerodiverrorDivision by zero.Divide By Zero - (369)OKY
78
functionStatic
performance
The member function 'class::function' can be made a static function. Making a function static can bring a performance benefit since no 'this' instance is passed to the function. This change should not cause compiler errors but it does not necessarily make sense conceptually. Think about your design and the task of the function first - is it a function that must not access members of class instances?Indicator of Poor Code Quality - (398)YY
79
postfixOperator
performance
Prefix ++/-- operators should be preferred for non-primitive types. Pre-increment/decrement can be more efficient than post-increment/decrement. Post-increment/decrement usually involves keeping a copy of the previous value around and adds a little extra code.Indicator of Poor Code Quality - (398)OKY
80
uselessCallsSubstr
performance
Ineffective call of function 'substr' because it returns a copy of the object. Use operator= instead.Indicator of Poor Code Quality - (398)OKY
81
uselessCallsSwap
performance
The 'swap()' function has no logical effect when given itself as parameter (str.swap(str)). As it is currently the code is inefficient. Is the object or the parameter wrong here?Function Call with Incorrectly Specified Arguments - (628)OKY
82
unknownSignCharArrayIndexportabilitychar' type used as array index. Values greater that 127 will be treated depending on whether 'char' is signed or unsigned on target platform.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
83
argumentSizestyleThe array 'array' is too small, the function 'function' expects a bigger one.Indicator of Poor Code Quality - (398)OKY
84
arithOperationsOnVoidPointerstylevarname' is of type 'vartype'. When using void pointers in calculations, the behaviour is undefined.Use of sizeof() on a Pointer Type - (467)OKY
85
arrayIndexOutOfBoundsCondstyleArray 'x[10]' accessed at index 20, which is out of bounds. Otherwise condition 'y==20' is redundant.Indicator of Poor Code Quality - (398)OKY
86
arrayIndexThenCheckstyleArray index 'index' is used before limits check.Indicator of Poor Code Quality - (398)OKY
87
assertWithSideEffectstyleAssert statement calls a function which may have desired side effects: 'function'.Indicator of Poor Code Quality - (398)OKY
88
assignBoolToFloatstyleBoolean value assigned to floating point variable.Incorrect Type Conversion or Cast - (704)OKY
89
assignIfErrorstyleMismatching assignment and comparison, comparison '' is always false.Indicator of Poor Code Quality - (398)OKY
90
AssignmentAddressToIntegerstyleAssigning a pointer to an integer is not portable.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
91
assignmentInAssertstyleAssert statement modifies 'var'.Indicator of Poor Code Quality - (398)OKY
92
AssignmentIntegerToAddressstyleAssigning an integer to a pointer is not portable.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
93
CastAddressToIntegerAtReturnstyleReturning an address value in a function with integer return type is not portable.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
94
CastIntegerToAddressAtReturnstyleReturning an integer in a function with pointer return type is not portable.Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)OKY
95
catchExceptionByValuestyleException should be caught by reference.Indicator of Poor Code Quality - (398)OKY
96
charBitOpstyleWhen using 'char' variables in bit operations, sign extension can generate unexpected results.Indicator of Poor Code Quality - (398)OKY
97
charLiteralWithCharPtrComparestyleChar literal compared with pointer 'foo'. Did you intend to dereference it?Comparison of Object References Instead of Object Contents - (595)OKY
98
checkCastIntToCharAndBackstyleStoring func_name() return value in char variable and then comparing with EOF.Numeric Truncation Error - (197)OKY
99
clarifyCalculationstyleClarify calculation precedence for '+' and '?'.CWE-783: Operator Precedence Logic ErrorOKY
100
clarifyConditionstyleSuspicious condition (assignment + comparison); Clarify expression with parentheses.Indicator of Poor Code Quality - (398)OKY
Loading...