CERT C and C++ IDs mapped to Klocwork and Klocwork community C and C++ checkers
| In this topic: |
The following tables list the Klocwork and Klocwork community C/C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT).
CERT C IDs mapped to Klocwork and Klocwork community checkers
| Rule | Klocwork Checker Code and Description |
|---|---|
| ARR00-C |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| ARR01-C |
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer |
| ARR30-C |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| ARR38-C |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds |
| CON05-C |
CONC.SLEEP Function may block in critical section |
| CON35-C |
CONC.DL Deadlock |
| DCL01-C |
MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope |
| DCL07-C |
MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.FUNC.NOPROT.DEF Function has a definition but no prototype MISRA.FUNC.PROT_FORM.KR.2012 Function types shall be in prototype form |
| DCL10-C |
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call |
| DCL11-C |
MISRA.FUNC.VARARG Function with variable number of arguments SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call |
| DCL13-C |
MISRA.PPARAM.NEEDS.CONST Pointer parameter is not used to modify the addressed object but is not declared as a pointer to const |
| DCL18-C |
MISRA.TOKEN.OCTAL.ESCAPE Usage of octal escape sequences MISRA.TOKEN.OCTAL.INT Usage of octal integer constants |
| DCL20-C |
MISRA.FUNC.NO_PARAMS Function without parameters is missing void parameter type |
| DCL23-C |
MISRA.IDENT.DISTINCT.C99.2012 Identifiers declared in the same scope or name space are not distinct |
| DCL30-C |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| DCL31-C |
CWARN.IMPLICITINT Anachronistic 'implicit int' FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value MISRA.DECL.NO_TYPE Declaration without a type MISRA.FUNC.NOPROT.CALL Function is called but has no prototype RETVOID.IMPLICIT Implicitly int function returns void value |
| DCL36-C |
MISRA.FUNC.STATIC.REDECL Function or object redeclaration does not include 'static' modifier |
| DCL37-C |
MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity |
| DCL39-C |
PORTING.STORAGE.STRUCT Byte position of elements in a structure could depend on alignment and packing attributes. PORTING.STRUCT.BOOL Struct/class has a bool member |
| ENV01-C |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds |
| ENV33-C |
MISRA.STDLIB.ABORT Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| ERR34-C |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h |
| EXP00-C |
MISRA.EXPR.PARENS.2012 The precedence of operators within expressions should be made explicit. |
| EXP02-C |
MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects |
| EXP08-C |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds |
| EXP12-C |
MISRA.FUNC.UNUSEDRET.2012 The return value of a non-void function shall be used. SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| EXP15-C |
SEMICOL Suspiciously placed semicolon |
| EXP16-C |
CWARN.FUNCADDR Function address is used instead of a call to this function CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 0 |
| EXP19-C |
MISRA.IF.NO_COMPOUND The body of if/else statement is not a compound statement MISRA.STMT.NO_COMPOUND The body of switch, while, do/while or for statement is not a compound statement |
| EXP30-C |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP32-C |
CERT.EXPR.VOLATILE.ADDR Do not access a volatile object through a nonvolatile pointer CERT.EXPR.VOLATILE.ADDR.PARAM Do not pass a volatile object to a function through a nonvolatile pointer CERT.EXPR.VOLATILE.PTRPTR Do not assign a reference to a non-volatile pointer to a volatile pointer-to-pointer |
| EXP33-C |
UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP34-C |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| EXP36-C |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| EXP37-C |
MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match |
| EXP44-C |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP45-C |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition MISRA.ASSIGN.COND Assignment operator is used in a condition |
| EXP46-C |
MISRA.LOGIC.OPERATOR.NOT_BOOL Operand of non-logical operator is effectively boolean |
| FIO01-C |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO02-C |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO22-C |
RH.LEAK Resource leak |
| FIO30-C |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| FIO34-C |
CWARN.CMPCHR.EOF A 'char' expression compared with EOF constant |
| FIO42-C |
RH.LEAK Resource leak |
| FIO45-C |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO46-C |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| FIO47-C |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| FLP30-C |
MISRA.FOR.COND.FLT Floating point object is used in the condition section of a 'for' loop MISRA.FOR.COUNTER.FLT For loop counter has a floating point type |
| INT02-C |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision |
| INT04-C |
SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| INT07-C |
PORTING.SIGNED.CHAR 'char' used without explicitly specifying signedness |
| INT09-C |
MISRA.ENUM.IMPLICIT.VAL.NON_UNIQUE.2012 Implicit enumerator value is not unique |
| INT12-C |
MISRA.BITFIELD.TYPE Type of bit-field is not signed/unsigned integer |
| INT13-C |
MISRA.BITS.NOT_UNSIGNED Operand of bitwise operation is not unsigned integer MISRA.BITS.NOT_UNSIGNED.PREP Operand of bitwise operation is not unsigned integer |
| INT30-C |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow |
| INT31-C |
PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call |
| INT33-C |
DBZ.CONST Division by a zero constant occurs DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor DBZ.GENERAL Division by zero might occur DBZ.ITERATOR Division by zero might occur in a loop iterator |
| INT36-C |
MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type |
| MEM00-C |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FREE.INCONSISTENT Inconsistent Freeing of Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM05-C |
MISRA.FUNC.RECUR Recursive function |
| MEM12-C |
MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak |
| MEM30-C |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM31-C |
MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak |
| MEM34-C |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory |
| MEM35-C |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| MSC01-C |
CWARN.EMPTY.LABEL Empty label statement INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop LA_UNUSED Label unused MISRA.IF.NO_ELSE A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause MISRA.SWITCH.NODEFAULT No default clause at the end of a switch statement MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 Every switch statement shall have a default label. |
| MSC07-C |
INVARIANT_CONDITION.UNREACH Invariant expression in a condition LA_UNUSED Label unused UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code |
| MSC12-C |
CWARN.NOEFFECT.SELF_ASSIGN A variable is assigned to self CWARN.NOEFFECT.UCMP.GE Comparison of unsigned value against 0 is always true CWARN.NOEFFECT.UCMP.GE.MACRO Comparison of unsigned value against 0 within a macro is always true CWARN.NOEFFECT.UCMP.LT Comparison of unsigned value against 0 is always false CWARN.NOEFFECT.UCMP.LT.MACRO Comparison of unsigned value against 0 within a macro is always false CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 0 EFFECT Statement has no effect INVARIANT_CONDITION.UNREACH Invariant expression in a condition LA_UNUSED Label unused MISRA.STMT.NO_EFFECT The statement has no side effects, and does not change control flow UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC13-C |
LV_UNUSED.GEN Local variable unused VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC17-C |
MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| MSC37-C |
FUNCRET.GEN Non-void function does not return value MISRA.RETURN.NOT_LAST Return is not the last statement in a function |
| POS02-C |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS35-C |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| POS36-C |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| POS37-C |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS39-C |
BYTEORDER.HTON.SEND Missed conversion from host to network byte order BYTEORDER.HTON.WRITE Missed conversion from host to network byte order BYTEORDER.NTOH.READ Missed conversion from network to host byte order BYTEORDER.NTOH.RECV Missed conversion from network to host byte order |
| POS47-C |
CERT.POS.THREAD.ASYNC_CANCEL Do not use threads that can be canceled asynchronously |
| POS51-C |
CONC.DL Deadlock |
| POS52-C |
CONC.SLEEP Function may block in critical section |
| POS54-C |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| PRE00-C |
MISRA.DEFINE.FUNC Function-like macro definition |
| PRE01-C |
MISRA.DEFINE.NOPARS Macro parameter with no parentheses |
| PRE02-C |
MISRA.DEFINE.BADEXP Inappropriate macro expansion |
| PRE05-C |
MISRA.DEFINE.SHARP.ORDER.2012 Unspecified order of evaluation of multiple '#' or '##' |
| PRE06-C |
MISRA.INCGUARD Include guard is not provided |
| PRE10-C |
MISRA.DEFINE.BADEXP Inappropriate macro expansion |
| STR02-C |
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.INJECTION Command Injection |
| STR03-C |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String |
| STR05-C |
MISRA.STRING_LITERAL.NON_CONST.2012 A string literal shall not be assigned to an object unless the object's type is pointer to const-qualified char |
| STR30-C |
CERT.STR.ARG.CONST_TO_NONCONST Do not pass a const char pointer to a non-const char pointer argument CERT.STR.ASSIGN.CONST_TO_NONCONST Do not assign a const char pointer to a non-const char pointer |
| STR31-C |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| STR32-C |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String |
| WIN00-C |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| WIN30-C |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
CERT C++ IDs mapped to Klocwork and Klocwork community checkers
| Rule | Klocwork Checker Code and Description |
|---|---|
| CON02-CPP |
CONC.DL Deadlock |
| CON50-CPP |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| CON54-CPP |
CERT.CONC.WAKE_IN_LOOP Wrap functions that can spuriously wake up in a loop |
| CON55-CPP |
CERT.CONC.UNSAFE_COND_VAR Preserve thread safety and liveness when using condition variables |
| CTR01-CPP |
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| CTR50-CPP |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| DCL01-CPP |
MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope |
| DCL07-CPP |
MISRA.VAR.MIN.VIS Name visibility is too wide |
| DCL10-CPP |
MISRA.BIN_OP.OVERLOAD Comma, || or && operator overloaded MISRA.UN_OP.OVERLOAD Unary & operator is overloaded |
| DCL12-CPP |
MISRA.SPEC.ILL Explicit instantiation of a template makes the code ill-formed |
| DCL19-CPP |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| DCL50-CPP |
MISRA.FUNC.VARARG Function with variable number of arguments |
| DCL52-CPP |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE Never qualify a reference type with const or volatile |
| DCL53-CPP |
CERT.DCL.AMBIGUOUS_DECL Do not write syntactically ambiguous declarations |
| DCL54-CPP |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC Overload allocation and deallocation functions as a pair in the same scope |
| DCL58-CPP |
CERT.DCL.STD_NS_MODIFIED Do not modify the standard namespaces |
| ENV02-CPP |
MISRA.STDLIB.ABORT Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| ERR01-CPP |
MISRA.STDLIB.ERRNO Use of error indicator 'errno' |
| ERR08-CPP |
MISRA.THROW.PTR Exception object is a pointer |
| ERR09-CPP |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.THROW.PTR Exception object is a pointer |
| ERR10-CPP |
NPD.FUNC.MUST Result of function that may return NULL will be dereferenced SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| ERR50-CPP |
CERT.ERR.ABRUPT_TERM Do not abruptly terminate the program MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| ERR52-CPP |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| ERR53-CPP |
MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members |
| ERR54-CPP |
MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block |
| ERR62-CPP |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number |
| EXP00-CPP |
MISRA.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions |
| EXP01-CPP |
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| EXP05-CPP |
BSTR.CAST.C C style type cast to BSTR MISRA.C_CAST C-style cast to non-void type |
| EXP06-CPP |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP08-CPP |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| EXP09-CPP |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| EXP10-CPP |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP11-CPP |
PORTING.BITFIELDS Usage of bitfields within a structure PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| EXP12-CPP |
MISRA.FUNC.UNUSEDRET Return value of a non-void function is not used SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| EXP15-CPP |
MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type |
| EXP34-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| EXP50-CPP |
MISRA.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP51-CPP |
CERT.EXPR.DELETE_ARR.BASE_PTR Do not delete an array through a pointer of the incorrect type |
| EXP52-CPP |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP53-CPP |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP54-CPP |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP55-CPP |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| EXP56-CPP |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| EXP57-CPP |
CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE Do not delete a pointer to an incomplete type |
| EXP60-CPP |
CERT.EXPR.PASS_NON_STD_LAYOUT Do not pass a nonstandard-layout type object across execution boundaries |
| FIO00-CPP |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| FIO01-CPP |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO02-CPP |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO04-CPP |
MISRA.FUNC.UNUSEDRET Return value of a non-void function is not used SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| FIO17-CPP |
MISRA.INCL.UNSAFE Unsafe header inclusion MISRA.STDLIB.STDIO Use of input/output library stdio.h in production code |
| FIO51-CPP |
RH.LEAK Resource leak |
| INT02-CPP |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision |
| INT04-CPP |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds INCORRECT.ALLOC_SIZE Incorrect Allocation Size NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| INT05-CPP |
SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| INT06-CPP |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| INT07-CPP |
MISRA.CHAR.NOT_CHARACTER 'char' is used for non-character value MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness |
| INT11-CPP |
PORTING.CAST.PTR Cast between types that are not both pointers or not pointers |
| INT12-CPP |
MISRA.BITFIELD.TYPE Type of bit-field is not signed/unsigned integer |
| INT13-CPP |
MISRA.BITS.NOT_UNSIGNED Operand of bitwise operation is not unsigned integer MISRA.BITS.NOT_UNSIGNED.PREP Operand of bitwise operation is not unsigned integer |
| MEM00-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM01-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM05-CPP |
MISRA.FUNC.RECUR Recursive function SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation |
| MEM09-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use |
| MEM50-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM51-CPP |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.FMM Freeing Mismatched Memory - in destructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| MEM52-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| MEM55-CPP |
CERT.MEM.OVERRIDE.DELETE Honor replacement dynamic storage management requirements for 'delete' CERT.MEM.OVERRIDE.NEW Honor replacement dynamic storage management requirements for 'new' |
| MSC01-CPP |
CWARN.EMPTY.LABEL Empty label statement LA_UNUSED Label unused MISRA.IF.NO_ELSE A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause MISRA.SWITCH.NODEFAULT No default clause at the end of a switch statement |
| MSC02-CPP |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect MISRA.FUNC.ADDR Address of a function is used without & operator |
| MSC03-CPP |
EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon |
| MSC04-CPP |
MISRA.TOKEN.BADCOM Inappropriate character sequence in a comment |
| MSC07-CPP |
LA_UNUSED Label unused UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC08-CPP |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| MSC12-CPP |
CWARN.NOEFFECT.SELF_ASSIGN A variable is assigned to self CWARN.NOEFFECT.UCMP.GE Comparison of unsigned value against 0 is always true CWARN.NOEFFECT.UCMP.GE.MACRO Comparison of unsigned value against 0 within a macro is always true CWARN.NOEFFECT.UCMP.LT Comparison of unsigned value against 0 is always false CWARN.NOEFFECT.UCMP.LT.MACRO Comparison of unsigned value against 0 within a macro is always false CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 0 EFFECT Statement has no effect MISRA.STMT.NO_EFFECT The statement has no side effects, and does not change control flow UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code |
| MSC13-CPP |
LV_UNUSED.GEN Local variable unused VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC18-CPP |
MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| MSC20-CPP |
MISRA.SWITCH.LABEL A switch label belongs to nested compound statement inside switch body MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| MSC21-CPP |
MISRA.FOR.COND.EQ ++ or -- operations are not used to change loop counter, but condition tests loop counter for equality |
| MSC50-CPP |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| MSC53-CPP |
CERT.MSC.NORETURN_FUNC_RETURNS Do not return from a function declared [[noreturn]] |
| MSC54-CPP |
CERT.MSC.SIG_HANDLER.POF A signal handler must be a plain old function |
| OOP52-CPP |
CL.MLK.VIRTUAL Memory Leak - possible in destructor CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor |
| OOP53-CPP |
CERT.OOP.CTOR.INIT_ORDER Write constructor member initializers in the canonical order |
| OOP54-CPP |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| OOP55-CPP |
CERT.OOP.PTR_MEMBER.NO_MEMBER Do not use pointer-to-member operators to access nonexistent members |
| OOP57-CPP |
CERT.OOP.CSTD_FUNC_USE Prefer special member functions and overloaded operators to C Standard Library functions |
| OOP58-CPP |
CERT.OOP.COPY_MUTATES Copy operations must not mutate the source object |
| PRE00-CPP |
MISRA.DEFINE.FUNC Function-like macro definition MISRA.USE.EXPANSION Macro expansion |
| PRE01-CPP |
MISRA.DEFINE.NOPARS Macro parameter with no parentheses |
| PRE04-CPP |
MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| PRE06-CPP |
MISRA.INCGUARD Include guard is not provided |
| PRE07-CPP |
MISRA.CHAR.TRIGRAPH Trigraph usage |
| PRE09-CPP |
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions |
| STR02-CPP |
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.INJECTION Command Injection |
| STR03-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String |
| STR04-CPP |
MISRA.CHAR.NOT_CHARACTER 'char' is used for non-character value |
| STR06-CPP |
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions |
| STR07-CPP |
MISRA.CHAR.OPERAND Expression of type 'char' or 'wchar_t' is used as non-character operand |
| STR50-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String |
| STR51-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |