Cppcheck 1.90 released, a static analysis tool for C/C++ code
Cppcheck is a static analysis tool for C/C++ code. It provides a unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to detect only real errors in the code (i.e. have very few false positives).
Unique code analysis that detects various kinds of bugs in your code.
Both command line interface and graphical user interface are available.
Cppcheck has a strong focus on detecting undefined behaviour.
- Dead pointers
- Division by zero
- Integer Overflows
- Invalid bit shift operands
- Invalid conversions
- Invalid usage of STL
- Memory management
- Null pointer dereferences
- Out of bounds checking
- Uninitialized variables
- Writing const data
The most common types of security vulnerabilities in 2017 (CVE count) was:
|Category||Amount||Detected by Cppcheck|
|Buffer Errors||2530||A few|
|Improper Access Control||1366||A few (unintended backdoors)|
|Information Leak||1426||A few (unintended backdoors)|
|Permissions, Privileges, and Access Control||1196||A few (unintended backdoors)|
CVEs that was found using Cppcheck:
- CVE-2017-1000249: file : stack based buffer overflow
This was found by Thomas Jarosch using Cppcheck. The cause is a mistake in a condition.
- CVE-2013-6462: 23-year-old stack overflow in X.org that was found with Cppcheck.
This has been described in a few articles (link).
- CVE-2012-1147: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
- The default warning message format was changed. The new format is similar to GCC. If you want to get warnings in the old format, add –template=cppcheck1 to the command line.
- From now on, use FILESDIR instead of CFGDIR to specify the path for Cppcheck data files. The readme.txt describes the available flags.
- improved value flow analysis for pointer aliases
- improved checking for uninitialized variables/structs
- better checking of smart pointers
- better checking of global variables
- Added Cppcheck annotations cppcheck_low(VALUE) and cppcheck_high(VALUE)
- shadow variables; warn when argument is shadowed
- warn if local reference variable can be const
- Added API01-C: Avoid laying out strings in memory directly before sensitive data
- Added MSC24-C: Do not use deprecated or obsolescent functions
- Added STR11-C: Do not specify the bound of a character array initialized with a string literal
- Added rule 17.2
- Added rule 18.4
- Added rule 18.7
- Minor tweaks