Cppcheck v2.9 released, a static analysis tool for C/C++ code
Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behavior and dangerous coding constructs. The goal is to detect only real errors in the code (i.e. have very few false positives).
Unique code analysis that detects various kinds of bugs in your code.
Both command line interface and graphical user interface are available.
Cppcheck has a strong focus on detecting undefined behaviour.
- Dead pointers
- Division by zero
- Integer Overflows
- Invalid bit shift operands
- Invalid conversions
- Invalid usage of STL
- Memory management
- Null pointer dereferences
- Out of bounds checking
- Uninitialized variables
- Writing const data
The most common types of security vulnerabilities in 2017 (CVE count) was:
|Category||Amount||Detected by Cppcheck|
|Buffer Errors||2530||A few|
|Improper Access Control||1366||A few (unintended backdoors)|
|Information Leak||1426||A few (unintended backdoors)|
|Permissions, Privileges, and Access Control||1196||A few (unintended backdoors)|
CVEs that was found using Cppcheck:
- CVE-2017-1000249: file : stack-based buffer overflow
This was found by Thomas Jarosch using Cppcheck. The cause is a mistake in a condition.
- CVE-2013-6462: 23-year-old stack overflow in X.org that was found with Cppcheck.
This has been described in a few articles (link).
- CVE-2012-1147: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
- restored check for negative allocation (new) and negative VLA sizes from cppcheck 1.87 (LCppC backport)
- replaced hardcoded check for pipe() buffer size by library configuration option (LCppC backport)
- on Windows the callstack is now being written to the output specific via “–exception-handling”
- make it possible to disable the various exception handling parts via the CMake options “NO_UNIX_SIGNAL_HANDLING”, “NO_UNIX_BACKTRACE_SUPPORT” and “NO_WINDOWS_SEH”
- detect more redundant calls of std::string::c_str(), std::string::substr(), and unnecessary copies of containers
- Add a
matchfunction to addon similiar to
Token::Matchused internally by cppcheck:
|for either-or tokens(ie
struct|classto match either
!!to negate a token
- It supports the
- It supports
<*>to match links
@can be added to bind the token to a name
**can be used to match until a token
- Add math functions which can be used in library function definition. This enables evaluation of more math functions in ValueFlow
- Further improve lifetime analysis with
- Propagate condition values from outer function calls
- Add debug intrinsics
debug_valuetypeto show more detail including source backtraces
GUI: Additional options to configure the Autosar, Cert C and Misra C++ coding standards
Command line: A –premium option that is used to provide premium options