CERT C++ IDs mapped to Klocwork and Klocwork community checkers
The following table lists the Klocwork and Klocwork community C/C++ checkers that map to the secure coding standard defined by the computer emergency response team (CERT).
| Rule | Klocwork Checker Code and Description |
|---|---|
| ARR37-C |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| ARR39-C |
CERT.ARR.PTR.ARITH Pointer is used in arithmetic expression |
| CON02-CPP |
CONC.DL Deadlock |
| CON33-C |
CERT.CONC.LIB_FUNC_USE Avoid race conditions when using library functions |
| CON37-C |
MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h |
| CON40-C |
CERT.CONC.ATOMIC_TWICE_EXPR Do not refer to an atomic variable twice in an expression |
| CON41-C |
CERT.CONC.ATOMIC_COMP_FAIL_IN_LOOP Wrap functions that can spuriously fail up in a loop |
| CON50-CPP |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| CON54-CPP |
CERT.CONC.WAKE_IN_LOOP Wrap functions that can spuriously wake up in a loop |
| CON55-CPP |
CERT.CONC.UNSAFE_COND_VAR Preserve thread safety and liveness when using condition variables |
| CTR01-CPP |
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| CTR50-CPP |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CTR51-CPP |
ITER.CONTAINER.MODIFIED Use of invalid iterator |
| DCL01-CPP |
MISRA.VAR.HIDDEN Identifier declared in an inner scope hides identifier in outer scope |
| DCL07-CPP |
MISRA.VAR.MIN.VIS Name visibility is too wide |
| DCL10-CPP |
MISRA.BIN_OP.OVERLOAD Comma, || or && operator overloaded MISRA.UN_OP.OVERLOAD Unary & operator is overloaded |
| DCL12-CPP |
MISRA.SPEC.ILL Explicit instantiation of a template makes the code ill-formed |
| DCL19-CPP |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| DCL50-CPP |
MISRA.FUNC.VARARG Function with variable number of arguments |
| DCL51-CPP |
MISRA.DEFINE.WRONGNAME Usage of a name from the standard library for naming a macro MISRA.DEFINE.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a macro MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| DCL52-CPP |
CERT.DCL.REF_TYPE.CONST_OR_VOLATILE Never qualify a reference type with const or volatile |
| DCL53-CPP |
CERT.DCL.AMBIGUOUS_DECL Do not write syntactically ambiguous declarations |
| DCL54-CPP |
CERT.DCL.SAME_SCOPE_ALLOC_DEALLOC Overload allocation and deallocation functions as a pair in the same scope |
| DCL57-CPP |
MISRA.DTOR.THROW Throw in destructor |
| DCL58-CPP |
CERT.DCL.STD_NS_MODIFIED Do not modify the standard namespaces |
| DCL59-CPP |
MISRA.NAMESPACE.UNMD Unnamed namespace in header file |
| ENV02-CPP |
MISRA.STDLIB.ABORT Use of 'abort', 'exit', 'getenv' or 'system' from library stdlib.h SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| ENV30-C |
CXX.STDLIB.ILLEGAL_WRITE The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type |
| ENV33-C |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution |
| ENV34-C |
CXX.STDLIB.ILLEGAL_REUSE The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to the same function |
| ERR01-CPP |
MISRA.STDLIB.ERRNO Use of error indicator 'errno' |
| ERR08-CPP |
MISRA.THROW.PTR Exception object is a pointer |
| ERR09-CPP |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.THROW.PTR Exception object is a pointer |
| ERR10-CPP |
NPD.FUNC.MUST Result of function that may return NULL will be dereferenced SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| ERR50-CPP |
CERT.ERR.ABRUPT_TERM Do not abruptly terminate the program MISRA.TERMINATE terminate() function is called explicitly |
| ERR51-CPP |
MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block |
| ERR52-CPP |
MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| ERR53-CPP |
MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members |
| ERR54-CPP |
MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block |
| ERR57-CPP |
CL.MLK Memory Leak - in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak RH.LEAK Resource leak |
| ERR61-CPP |
MISRA.CATCH.BY_VALUE Exception object of class type is caught by value |
| ERR62-CPP |
CERT.ERR.CONV.STR_TO_NUM Detect errors when converting a string to a number |
| EXP00-CPP |
MISRA.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions |
| EXP01-CPP |
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| EXP05-CPP |
BSTR.CAST.C C style type cast to BSTR MISRA.C_CAST C-style cast to non-void type |
| EXP06-CPP |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP08-CPP |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| EXP09-CPP |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| EXP10-CPP |
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP11-CPP |
PORTING.BITFIELDS Usage of bitfields within a structure PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| EXP12-CPP |
MISRA.FUNC.UNUSEDRET Return value of a non-void function is not used SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| EXP15-CPP |
MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type |
| EXP34-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| EXP39-C |
CXX.CAST.OBJ_PTR_TO_OBJ_PTR Cast between a pointer to object type and a pointer to a different object type |
| EXP42-C |
CERT.MEMCMP.PADDED_DATA Do not compare padding data |
| EXP50-CPP |
MISRA.EXPR.PARENS MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions MISRA.EXPR.PARENS.REDUNDANT Limited dependence required for operator precedence rules in expressions MISRA.INCR_DECR.OTHER Increment or decrement operator is mixed with other operators in expression PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects |
| EXP51-CPP |
CERT.EXPR.DELETE_ARR.BASE_PTR Do not delete an array through a pointer of the incorrect type |
| EXP52-CPP |
MISRA.SIZEOF.SIDE_EFFECT Operand of sizeof has side effects |
| EXP53-CPP |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP54-CPP |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| EXP55-CPP |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| EXP56-CPP |
MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type PORTING.CAST.PTR Cast between types that are not both pointers or not pointers PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size PORTING.CAST.SIZE Expression is cast to a type of potentially different size |
| EXP57-CPP |
CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE Do not delete a pointer to an incomplete type |
| FIO00-CPP |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| FIO01-CPP |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO02-CPP |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO04-CPP |
MISRA.FUNC.UNUSEDRET Return value of a non-void function is not used SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| FIO17-CPP |
MISRA.INCL.UNSAFE Unsafe header inclusion MISRA.STDLIB.STDIO Use of input/output library stdio.h in production code |
| FIO30-C |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| FIO34-C |
CWARN.CMPCHR.EOF A 'char' expression compared with EOF constant |
| FIO42-C |
RH.LEAK Resource leak |
| FIO45-C |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| FIO46-C |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| FIO47-C |
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call |
| FIO51-CPP |
RH.LEAK Resource leak |
| FLP30-C |
MISRA.FOR.COUNTER.FLT For loop counter has a floating point type |
| FLP34-C |
MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CONV.FLOAT Implicit floating-point conversion |
| FLP37-C |
CERT.MEMCMP.FLOAT_MEMBER Do not compare when member is floating point |
| INT02-CPP |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision |
| INT04-CPP |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds INCORRECT.ALLOC_SIZE Incorrect Allocation Size NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| INT05-CPP |
SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| INT06-CPP |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| INT07-CPP |
MISRA.CHAR.NOT_CHARACTER 'char' is used for non-character value MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness |
| INT11-CPP |
PORTING.CAST.PTR Cast between types that are not both pointers or not pointers |
| INT12-CPP |
MISRA.BITFIELD.TYPE Type of bit-field is not signed/unsigned integer |
| INT13-CPP |
MISRA.BITS.NOT_UNSIGNED Operand of bitwise operation is not unsigned integer MISRA.BITS.NOT_UNSIGNED.PREP Operand of bitwise operation is not unsigned integer |
| INT32-C |
CWARN.NOEFFECT.OUTOFRANGE Value outside of range NUM.OVERFLOW Possible Overflow |
| INT34-C |
MISRA.SHIFT.RANGE.2012 Right operand of shift operation is out of range - greater or equal to the essential type size of left operand, or is negative |
| MEM00-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM01-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM05-CPP |
MISRA.FUNC.RECUR Recursive function SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation |
| MEM09-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use |
| MEM50-CPP |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| MEM51-CPP |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.FMM Freeing Mismatched Memory - in destructor CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use |
| MEM52-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| MEM55-CPP |
CERT.MEM.OVERRIDE.DELETE Honor replacement dynamic storage management requirements for 'delete' CERT.MEM.OVERRIDE.NEW Honor replacement dynamic storage management requirements for 'new' |
| MSC01-CPP |
CWARN.EMPTY.LABEL Empty label statement LA_UNUSED Label unused MISRA.IF.NO_ELSE A chain of if/else-if statements is not terminated with else or is terminated with an empty else clause MISRA.SWITCH.NODEFAULT No default clause at the end of a switch statement |
| MSC02-CPP |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect MISRA.FUNC.ADDR Address of a function is used without & operator |
| MSC03-CPP |
EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon |
| MSC04-CPP |
MISRA.TOKEN.BADCOM Inappropriate character sequence in a comment |
| MSC07-CPP |
LA_UNUSED Label unused UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC08-CPP |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| MSC12-CPP |
CWARN.NOEFFECT.SELF_ASSIGN A variable is assigned to self CWARN.NOEFFECT.UCMP.GE Comparison of unsigned value against 0 is always true CWARN.NOEFFECT.UCMP.GE.MACRO Comparison of unsigned value against 0 within a macro is always true CWARN.NOEFFECT.UCMP.LT Comparison of unsigned value against 0 is always false CWARN.NOEFFECT.UCMP.LT.MACRO Comparison of unsigned value against 0 within a macro is always false CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 0 EFFECT Statement has no effect MISRA.STMT.NO_EFFECT The statement has no side effects, and does not change control flow UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code |
| MSC13-CPP |
LV_UNUSED.GEN Local variable unused VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| MSC18-CPP |
MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| MSC20-CPP |
MISRA.SWITCH.LABEL A switch label belongs to nested compound statement inside switch body MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| MSC21-CPP |
MISRA.FOR.COND.EQ ++ or -- operations are not used to change loop counter, but condition tests loop counter for equality |
| MSC30-C |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| MSC32-C |
CERT.MSC.SEED_RANDOM Properly seed pseudorandom number generators |
| MSC33-C |
CERT.MSC.ASCTIME Do not pass invalid data to the asctime() function |
| MSC37-C |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| MSC39-C |
VA.LIST.INDETERMINATE Attempt to call va_arg() on a va_list that has an indeterminate value |
| MSC41-C |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| MSC50-CPP |
CERT.MSC.STD_RAND_CALL Do not use std::rand() for generating pseudorandom numbers |
| MSC52-CPP |
FUNCRET.GEN Non-void function does not return value FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value |
| MSC53-CPP |
CERT.MSC.NORETURN_FUNC_RETURNS Do not return from a function declared [[noreturn]] |
| MSC54-CPP |
CERT.MSC.SIG_HANDLER.POF A signal handler must be a plain old function |
| OOP52-CPP |
CL.MLK.VIRTUAL Memory Leak - possible in destructor CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor |
| OOP53-CPP |
CERT.OOP.CTOR.INIT_ORDER Write constructor member initializers in the canonical order |
| OOP54-CPP |
CL.SELF-ASSIGN Use of free memory (double free) - in operator= |
| OOP55-CPP |
CERT.OOP.PTR_MEMBER.NO_MEMBER Do not use pointer-to-member operators to access nonexistent members |
| OOP57-CPP |
CERT.OOP.CSTD_FUNC_USE Prefer special member functions and overloaded operators to C Standard Library functions |
| OOP58-CPP |
CERT.OOP.COPY_MUTATES Copy operations must not mutate the source object |
| POS35-C |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| POS36-C |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS37-C |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| POS39-C |
BYTEORDER.HTON.SEND Missed conversion from host to network byte order BYTEORDER.HTON.WRITE Missed conversion from host to network byte order BYTEORDER.NTOH.READ Missed conversion from network to host byte order BYTEORDER.NTOH.RECV Missed conversion from network to host byte order |
| POS47-C |
CERT.POS.THREAD.ASYNC_CANCEL Do not use threads that can be canceled asynchronously |
| POS51-C |
CONC.DL Deadlock CONC.NO_UNLOCK Missing unlock for variable |
| POS52-C |
CONC.SLEEP Function may block in critical section |
| POS54-C |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| PRE00-CPP |
MISRA.DEFINE.FUNC Function-like macro definition MISRA.USE.EXPANSION Macro expansion |
| PRE01-CPP |
MISRA.DEFINE.NOPARS Macro parameter with no parentheses |
| PRE04-CPP |
MISRA.STDLIB.WRONGNAME Reused name of standard library macro, object or function MISRA.STDLIB.WRONGNAME.UNDERSCORE Usage of a reserved name for naming a language entity MISRA.UNDEF.WRONGNAME Undefinition of a name from the standard library MISRA.UNDEF.WRONGNAME.UNDERSCORE Undefinition of a reserved name |
| PRE06-CPP |
MISRA.INCGUARD Include guard is not provided |
| PRE07-CPP |
MISRA.CHAR.TRIGRAPH Trigraph usage |
| PRE09-CPP |
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions |
| STR02-CPP |
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.INJECTION Command Injection |
| STR03-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String |
| STR04-CPP |
MISRA.CHAR.NOT_CHARACTER 'char' is used for non-character value |
| STR06-CPP |
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions |
| STR07-CPP |
MISRA.CHAR.OPERAND Expression of type 'char' or 'wchar_t' is used as non-character operand |
| STR34-C |
CXX.CAST.SIGNED_CHAR_TO_INTEGER Cast char to unsigned char before converting to larger integer sizes |
| STR37-C |
AUTOSAR.STDLIB.CCTYPE.UCHAR Arguments to character-handling functions defined in <cctype> shall be representable as an unsigned char |
| STR38-C |
CXX.DIFF.WIDTH.STR_AND_FUNC Implicit cast between narrow and wide character string while calling function |
| STR50-CPP |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input |
| STR51-CPP |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |