CWE IDs mapped to Klocwork C and C++ checkers
This mapping is based on the latest version of CWE.
| CWE ID | Klocwork Issue Code and Description |
|---|---|
| 20 |
MISRA.STDLIB.ATOI Use of 'atof', 'atoi' or 'atol' from library stdlib.h SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| 22 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| 23 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| 73 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| 77 |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 78 |
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 88 |
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 114 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| 119 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| 120 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| 121 |
ABV.STACK Buffer Overflow - Local Array Index Out of Bounds |
| 122 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds |
| 129 |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 131 |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| 134 |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| 135 |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error |
| 170 |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| 176 |
ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed |
| 190 |
ABV.TAINTED Buffer Overflow from Unvalidated Input NUM.OVERFLOW Possible Overflow SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 192 |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| 193 |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| 195 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds |
| 197 |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CVALUE.IMPL.CAST The value of an expression implicitly converted to a different type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call |
| 242 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.PIPE.VAR Potential pipe hijacking SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| 247 |
SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
| 250 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| 251 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds |
| 252 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 253 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 272 |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function |
| 273 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| 284 |
SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions |
| 290 |
SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| 326 |
SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
| 327 |
RCA Risky cryptographic algorithm used SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| 362 |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| 366 |
CONC.DL Deadlock |
| 367 |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| 377 |
SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile |
| 390 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 391 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 394 |
RETVOID.GEN Non-void function returns void value RETVOID.IMPLICIT Implicitly int function returns void value VOIDRET Void function returns value |
| 401 |
FREE.INCONSISTENT Inconsistent Freeing of Memory MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak |
| 403 |
RH.LEAK Resource leak |
| 404 |
CONC.DL Deadlock FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory RH.LEAK Resource leak SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling |
| 415 |
MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| 416 |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| 421 |
SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking |
| 457 |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| 464 |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions |
| 466 |
PORTING.CAST.PTR Cast between types that are not both pointers or not pointers |
| 467 |
INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| 468 |
CWARN.ALIGNMENT Incorrect pointer scaling is used MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| 476 |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RN.INDEX Suspicious use of index before negative check RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| 478 |
LA_UNUSED Label unused |
| 479 |
MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function |
| 480 |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 0 EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon |
| 482 |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect |
| 488 |
CONC.DL Deadlock |
| 497 |
SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path |
| 561 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition LA_UNUSED Label unused UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| 562 |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| 563 |
LV_UNUSED.GEN Local variable unused |
| 570 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| 571 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| 587 |
PORTING.CAST.PTR Cast between types that are not both pointers or not pointers |
| 590 |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory |
| 606 |
SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| 628 |
MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match |
| 665 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array |
| 676 |
SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions |
| 681 |
PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call |
| 682 |
MISRA.FUNC.VARARG Function with variable number of arguments MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness |
| 684 |
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions |
| 686 |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call |
| 704 |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference |
| 732 |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| 754 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 762 |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| 764 |
CONC.DL Deadlock |
| 768 |
MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects |
| 770 |
RH.LEAK Resource leak |
| 772 |
CONC.DL Deadlock |
| 787 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds |
| 788 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 805 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input INCORRECT.ALLOC_SIZE Incorrect Allocation Size SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 822 |
SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer |
| 835 |
INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop |
| 1037 |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
Support Summary:
- 88 rules