purgedConfiguration The configuration '' was not checked because its code equals another one MINOR CONSTANT_ISSUE 5min toomanyconfigs Too many #ifdef configurations - cppcheck only checks 12 configurations. Use --force to check all configurations. For more details, use --enable=information The checking of the file will be interrupted because there are too many #ifdef configurations. Checking of all #ifdef configurations can be forced by --force command line option or from GUI preferences. However that may increase the checking time. For more details, use --enable=information.

References

]]> cwe MINOR CONSTANT_ISSUE 5min AssignmentAddressToInteger Assigning a pointer to an integer is not portable Assigning a pointer to an integer (int/long/etc) is not portable across different platforms and compilers. For example in 32-bit Windows and linux they are same width, but in 64-bit Windows and linux they are of different width. In worst case you end up assigning 64-bit address to 32-bit integer. The safe way is to store addresses only in pointer types (or typedefs like uintptr_t).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min AssignmentIntegerToAddress Assigning an integer to a pointer is not portable Assigning an integer (int/long/etc) to a pointer is not portable across different platforms and compilers. For example in 32-bit Windows and linux they are same width, but in 64-bit Windows and linux they are of different width. In worst case you end up assigning 64-bit integer to 32-bit pointer. The safe way is to store addresses only in pointer types (or typedefs like uintptr_t).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min CastIntegerToAddressAtReturn Returning an integer in a function with pointer return type is not portable Returning an integer (int/long/etc) in a function with pointer return type is not portable across different platforms and compilers. For example in 32-bit Windows and Linux they are same width, but in 64-bit Windows and Linux they are of different width. In worst case you end up casting 64-bit integer down to 32-bit pointer. The safe way is to always return a pointer.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min CastAddressToIntegerAtReturn Returning an address value in a function with integer return type is not portable Returning an address value in a function with integer (int/long/etc) return type is not portable across different platforms and compilers. For example in 32-bit Windows and Linux they are same width, but in 64-bit Windows and Linux they are of different width. In worst case you end up casting 64-bit address down to 32-bit integer. The safe way is to always return an integer.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min assertWithSideEffect Assert statement calls a function which may have desired side effects: 'function' Non-pure function: 'function' is called inside assert statement. Assert statements are removed from release builds so the code inside assert statement is not executed. If the code is needed also in release builds, this is a bug.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min assignmentInAssert Assert statement modifies 'var' Variable 'var' is modified inside assert statement. Assert statements are removed from release builds so the code inside assert statement is not executed. If the code is needed also in release builds, this is a bug.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min autoVariables Address of local auto-variable assigned to a function parameter Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.

References

]]> cwe BUG CONSTANT_ISSUE 5min returnReference Reference to local variable returned Reference to local variable returned.

References

]]> cwe BUG CONSTANT_ISSUE 5min danglingReference Non-local reference variable 'x' to local variable 'y' Non-local reference variable 'x' to local variable 'y'

References

]]> cwe BUG CONSTANT_ISSUE 5min returnTempReference Reference to temporary returned Reference to temporary returned.

References

]]> cwe BUG CONSTANT_ISSUE 5min danglingTempReference Using reference to dangling temporary Using reference to dangling temporary.

References

]]> cwe BUG CONSTANT_ISSUE 5min autovarInvalidDeallocation Deallocation of an auto-variable results in undefined behaviour The deallocation of an auto-variable results in undefined behaviour. You should only free memory that has been allocated dynamically.

References

]]> cwe BUG CONSTANT_ISSUE 5min uselessAssignmentArg Assignment of function parameter has no effect outside the function Assignment of function parameter has no effect outside the function.

References

]]> cwe MINOR CONSTANT_ISSUE 5min uselessAssignmentPtrArg Assignment of function parameter has no effect outside the function. Did you forget dereferencing it? Assignment of function parameter has no effect outside the function. Did you forget dereferencing it?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min returnDanglingLifetime Returning object that will be invalid when returning Returning object that will be invalid when returning.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidLifetime Using object that is out of scope Using object that is out of scope.

References

]]> cwe BUG CONSTANT_ISSUE 5min danglingLifetime Non-local variable 'x' will use object Non-local variable 'x' will use object.

References

]]> cwe BUG CONSTANT_ISSUE 5min danglingTemporaryLifetime Using object that is a temporary Using object that is a temporary.

References

]]> cwe BUG CONSTANT_ISSUE 5min assignBoolToPointer Boolean value assigned to pointer Boolean value assigned to pointer.

References

]]> cwe BUG CONSTANT_ISSUE 5min assignBoolToFloat Boolean value assigned to floating point variable Boolean value assigned to floating point variable.

References

]]> cwe MINOR CONSTANT_ISSUE 5min comparisonOfFuncReturningBoolError Comparison of a function returning boolean value using relational (<, >, <= or >=) operator The return type of function 'func_name' is 'bool' and result is of type 'bool'. Comparing 'bool' value using relational (<, >, <= or >=) operator could cause unexpected results.

References

]]> cwe MINOR CONSTANT_ISSUE 5min comparisonOfTwoFuncsReturningBoolError Comparison of two functions returning boolean value using relational (<, >, <= or >=) operator The return type of function 'func_name1' and function 'func_name2' is 'bool' and result is of type 'bool'. Comparing 'bool' value using relational (<, >, <= or >=) operator could cause unexpected results.

References

]]> cwe MINOR CONSTANT_ISSUE 5min comparisonOfBoolWithBoolError Comparison of a variable having boolean value using relational (<, >, <= or >=) operator The variable 'var_name' is of type 'bool' and comparing 'bool' value using relational (<, >, <= or >=) operator could cause unexpected results.

References

]]> cwe MINOR CONSTANT_ISSUE 5min incrementboolean Incrementing a variable of type 'bool' with postfix operator++ is deprecated by the C++ Standard. You should assign it the value 'true' instead The operand of a postfix increment operator may be of type bool but it is deprecated by C++ Standard (Annex D-1) and the operand is always set to true. You should assign it the value 'true' instead.

References

]]> cwe MINOR CONSTANT_ISSUE 5min bitwiseOnBoolean Boolean expression 'expression' is used in bitwise operation. Did you mean '&&'? Boolean expression 'expression' is used in bitwise operation. Did you mean '&&'?

References

]]> cwe MINOR CONSTANT_ISSUE 5min compareBoolExpressionWithInt Comparison of a boolean expression with an integer other than 0 or 1 Comparison of a boolean expression with an integer other than 0 or 1.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min pointerArithBool Converting pointer arithmetic result to bool. The bool is always true unless there is undefined behaviour Converting pointer arithmetic result to bool. The boolean result is always true unless there is pointer arithmetic overflow, and overflow is undefined behaviour. Probably a dereference is forgotten.

References

]]> cwe BUG CONSTANT_ISSUE 5min comparisonOfBoolWithInvalidComparator Comparison of a boolean value using relational operator (<, >, <= or >=) , <= or >=) operator could cause unexpected results.]]> MINOR BUG CONSTANT_ISSUE 5min returnNonBoolInBooleanFunction Non-boolean value returned from function returning bool MINOR CONSTANT_ISSUE 5min arrayIndexOutOfBounds Array 'arr[16]' accessed at index 16, which is out of bounds Array 'arr[16]' accessed at index 16, which is out of bounds.

References

]]> cwe BUG CONSTANT_ISSUE 5min arrayIndexOutOfBoundsCond Array 'arr[16]' accessed at index 16, which is out of bounds Array 'arr[16]' accessed at index 16, which is out of bounds.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min pointerOutOfBounds Pointer arithmetic overflow Pointer arithmetic overflow.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min pointerOutOfBoundsCond Pointer arithmetic overflow Pointer arithmetic overflow.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min negativeIndex Negative array index Negative array index

References

]]> cwe BUG CONSTANT_ISSUE 5min arrayIndexThenCheck Array index 'i' is used before limits check Defensive programming: The variable 'i' is used as an array index before it is checked that is within limits. This can mean that the array might be accessed out of bounds. Reorder conditions such as '(a[i] && i < 10)' to '(i < 10 && a[i])'. That way the array will not be accessed if the index is out of limits.

References

]]> cwe MINOR CONSTANT_ISSUE 5min bufferAccessOutOfBounds Buffer is accessed out of bounds: buf Buffer is accessed out of bounds: buf

References

]]> cwe BUG CONSTANT_ISSUE 5min objectIndex The address of variable '' is accessed at non-zero index The address of variable '' is accessed at non-zero index.

References

]]> cwe BUG CONSTANT_ISSUE 5min argumentSize Buffer 'buffer' is too small, the function 'function' expects a bigger buffer in 2nd argument Buffer 'buffer' is too small, the function 'function' expects a bigger buffer in 2nd argument

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min negativeMemoryAllocationSize Memory allocation size is negative Memory allocation size is negative.

References

]]> cwe BUG CONSTANT_ISSUE 5min negativeArraySize Declaration of array '' with negative size is undefined behaviour Declaration of array '' with negative size is undefined behaviour

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidFunctionArg Invalid func_name() argument nr 1. The value is 0 or 1 (boolean) but the valid values are '1:4' Invalid func_name() argument nr 1. The value is 0 or 1 (boolean) but the valid values are '1:4'.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidFunctionArgBool Invalid func_name() argument nr 1. A non-boolean value is required Invalid func_name() argument nr 1. A non-boolean value is required.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidFunctionArgStr Invalid func_name() argument nr 1. A nul-terminated string is required Invalid func_name() argument nr 1. A nul-terminated string is required.

References

]]> cwe BUG CONSTANT_ISSUE 5min ignoredReturnValue Return value of function malloc() is not used Return value of function malloc() is not used.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min wrongmathcall Passing value '#' to #() leads to implementation-defined result Passing value '#' to #() leads to implementation-defined result.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unpreciseMathCall Expression '1 - erf(x)' can be replaced by 'erfc(x)' to avoid loss of precision Expression '1 - erf(x)' can be replaced by 'erfc(x)' to avoid loss of precision.

References

]]> cwe MINOR CONSTANT_ISSUE 5min memsetZeroBytes memset() called to fill 0 bytes memset() called to fill 0 bytes. The second and third arguments might be inverted. The function memset ( void * ptr, int value, size_t num ) sets the first num bytes of the block of memory pointed by ptr to the specified value.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min memsetFloat The 2nd memset() argument 'varname' is a float, its representation is implementation defined The 2nd memset() argument 'varname' is a float, its representation is implementation defined. memset() is used to set each byte of a block of memory to a specific value and the actual representation of a floating-point value is implementation defined.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min memsetValueOutOfRange The 2nd memset() argument 'varname' doesn't fit into an 'unsigned char' The 2nd memset() argument 'varname' doesn't fit into an 'unsigned char'. The 2nd parameter is passed as an 'int', but the function fills the block of memory using the 'unsigned char' conversion of this value.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min missingReturn Found an exit path from function with non-void return type that has missing return statement Found an exit path from function with non-void return type that has missing return statement

References

]]> cwe BUG CONSTANT_ISSUE 5min returnStdMoveLocal Using std::move for returning object by-value from function will affect copy elision optimization. More: https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#Rf-return-move-local MINOR BUG CONSTANT_ISSUE 5min useStandardLibrary Consider using memcpy instead of loop MINOR CONSTANT_ISSUE 5min noConstructor The class 'classname' does not declare a constructor although it has private member variables which likely require initialization The class 'classname' does not declare a constructor although it has private member variables which likely require initialization. Member variables of native types, pointers, or references are left uninitialized when the class is instantiated. That may cause bugs or undefined behavior.

References

]]> cwe MINOR CONSTANT_ISSUE 5min noExplicitConstructor Class 'classname' has a constructor with 1 argument that is not explicit Class 'classname' has a constructor with 1 argument that is not explicit. Such, so called "Converting constructors", should in general be explicit for type safety reasons as that prevents unintended implicit conversions.

References

]]> cwe MINOR CONSTANT_ISSUE 5min copyCtorPointerCopying Value of pointer 'var', which points to allocated memory, is copied in copy constructor instead of allocating new memory Value of pointer 'var', which points to allocated memory, is copied in copy constructor instead of allocating new memory.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min noCopyConstructor Class 'class' does not have a copy constructor which is recommended since it has dynamic memory/resource allocation(s) Class 'class' does not have a copy constructor which is recommended since it has dynamic memory/resource allocation(s).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min noOperatorEq Class 'class' does not have a operator= which is recommended since it has dynamic memory/resource allocation(s) Class 'class' does not have a operator= which is recommended since it has dynamic memory/resource allocation(s).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min noDestructor Class 'class' does not have a destructor which is recommended since it has dynamic memory/resource allocation(s) Class 'class' does not have a destructor which is recommended since it has dynamic memory/resource allocation(s).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uninitMemberVar Member variable 'classname::varname' is not initialized in the constructor Member variable 'classname::varname' is not initialized in the constructor. Member variables of native types, pointers, or references are left uninitialized when the class is instantiated. That may cause bugs or undefined behavior.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uninitMemberVarPrivate Member variable 'classname::varnamepriv' is not initialized in the constructor Member variable 'classname::varnamepriv' is not initialized in the constructor. Member variables of native types, pointers, or references are left uninitialized when the class is instantiated. That may cause bugs or undefined behavior.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uninitDerivedMemberVar Member variable 'classname::varname' is not initialized in the constructor. Maybe it should be initialized directly in the class classname? Member variable 'classname::varname' is not initialized in the constructor. Maybe it should be initialized directly in the class classname? Member variables of native types, pointers, or references are left uninitialized when the class is instantiated. That may cause bugs or undefined behavior.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uninitDerivedMemberVarPrivate Member variable 'classname::varnamepriv' is not initialized in the constructor. Maybe it should be initialized directly in the class classname? Member variable 'classname::varnamepriv' is not initialized in the constructor. Maybe it should be initialized directly in the class classname? Member variables of native types, pointers, or references are left uninitialized when the class is instantiated. That may cause bugs or undefined behavior.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min missingMemberCopy Member variable 'classname::varnamepriv' is not assigned in the move constructor. Should it be moved? Member variable 'classname::varnamepriv' is not assigned in the move constructor. Should it be moved?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min operatorEqVarError Member variable 'classname::' is not assigned a value in 'classname::operator=' Member variable 'classname::' is not assigned a value in 'classname::operator='.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unusedPrivateFunction Unused private function: 'classname::funcname' Unused private function: 'classname::funcname'

References

]]> cwe MINOR CONSTANT_ISSUE 5min memsetClass Using 'memfunc' on class that contains a classname Using 'memfunc' on class that contains a classname is unsafe, because constructor, destructor and copy operator calls are omitted. These are necessary for this non-POD type to ensure that a valid object is created.

References

]]> cwe BUG CONSTANT_ISSUE 5min memsetClassReference Using 'memfunc' on class that contains a reference Using 'memfunc' on class that contains a reference.

References

]]> cwe BUG CONSTANT_ISSUE 5min memsetClassFloat Using memset() on class which contains a floating point number Using memset() on class which contains a floating point number. This is not portable because memset() sets each byte of a block of memory to a specific value and the actual representation of a floating-point value is implementation defined. Note: In case of an IEEE754-1985 compatible implementation setting all bits to zero results in the value 0.0.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min mallocOnClassWarning Memory for class instance allocated with malloc(), but class provides constructors Memory for class instance allocated with malloc(), but class provides constructors. This is unsafe, since no constructor is called and class members remain uninitialized. Consider using 'new' instead.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min mallocOnClassError Memory for class instance allocated with malloc(), but class contains a std::string Memory for class instance allocated with malloc(), but class a std::string. This is unsafe, since no constructor is called and class members remain uninitialized. Consider using 'new' instead.

References

]]> cwe BUG CONSTANT_ISSUE 5min virtualDestructor Class 'Base' which is inherited by class 'Derived' does not have a virtual destructor Class 'Base' which is inherited by class 'Derived' does not have a virtual destructor. If you destroy instances of the derived class by deleting a pointer that points to the base class, only the destructor of the base class is executed. Thus, dynamic memory that is managed by the derived class could leak. This can be avoided by adding a virtual destructor to the base class.

References

]]> cwe BUG CONSTANT_ISSUE 5min thisSubtraction Suspicious pointer subtraction. Did you intend to write '->'? Suspicious pointer subtraction. Did you intend to write '->'?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min operatorEqRetRefThis 'operator=' should return reference to 'this' instance 'operator=' should return reference to 'this' instance.

References

]]> cwe MINOR CONSTANT_ISSUE 5min operatorEqMissingReturnStatement No 'return' statement in non-void function causes undefined behavior No 'return' statement in non-void function causes undefined behavior.

References

]]> cwe BUG CONSTANT_ISSUE 5min operatorEqShouldBeLeftUnimplemented 'operator=' should either return reference to 'this' instance or be declared private and left unimplemented 'operator=' should either return reference to 'this' instance or be declared private and left unimplemented.

References

]]> cwe MINOR CONSTANT_ISSUE 5min operatorEqToSelf 'operator=' should check for assignment to self to avoid problems with dynamic memory 'operator=' should check for assignment to self to ensure that each block of dynamically allocated memory is owned and managed by only one instance of the class.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min functionConst Technically the member function 'class::function' can be const The member function 'class::function' can be made a const function. Making this function 'const' should not cause compiler errors. Even though the function can be made const function technically it may not make sense conceptually. Think about your design and the task of the function first - is it a function that must not change object internal state?

References

]]> cwe MINOR CONSTANT_ISSUE 5min functionStatic Technically the member function 'class::function' can be static (but you may consider moving to unnamed namespace) The member function 'class::function' can be made a static function. Making a function static can bring a performance benefit since no 'this' instance is passed to the function. This change should not cause compiler errors but it does not necessarily make sense conceptually. Think about your design and the task of the function first - is it a function that must not access members of class instances? And maybe it is more appropriate to move this function to an unnamed namespace.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min initializerList Member variable 'class::variable' is in the wrong place in the initializer list Member variable 'class::variable' is in the wrong place in the initializer list. Members are initialized in the order they are declared, not in the order they are in the initializer list. Keeping the initializer list in the same order that the members were declared prevents order dependent initialization errors.

References

]]> cwe MINOR CONSTANT_ISSUE 5min useInitializationList Variable 'variable' is assigned in constructor body. Consider performing initialization in initialization list When an object of a class is created, the constructors of all member variables are called consecutively in the order the variables are declared, even if you don't explicitly write them to the initialization list. You could avoid assigning 'variable' a value by passing the value to the constructor in the initialization list.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min selfInitialization Member variable 'var' is initialized by itself Member variable 'var' is initialized by itself.

References

]]> cwe BUG CONSTANT_ISSUE 5min duplInheritedMember The class 'class' defines member variable with name 'variable' also defined in its parent class 'class' The class 'class' defines member variable with name 'variable' also defined in its parent class 'class'.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min copyCtorAndEqOperator The class 'class' has 'operator=' but lack of 'copy constructor' MINOR BUG CONSTANT_ISSUE 5min missingOverride The function '' overrides a function in a base class but is not marked with a 'override' specifier MINOR CONSTANT_ISSUE 5min uselessOverride The function '' overrides a function in a base class but just delegates back to the base class MINOR CONSTANT_ISSUE 5min returnByReference Function 'func()' should return member 'var' by const reference MINOR BUG CONSTANT_ISSUE 5min pureVirtualCall Call of pure virtual function 'f' in constructor MINOR BUG CONSTANT_ISSUE 5min virtualCallInConstructor Virtual function 'f' is called from constructor '' at line 1. Dynamic binding is not used MINOR CONSTANT_ISSUE 5min thisUseAfterFree Using member 'x' when 'this' might be invalid MINOR BUG CONSTANT_ISSUE 5min unsafeClassRefMember Unsafe class: The const reference member 'UnsafeClass::var' is initialized by a const reference constructor argument. You need to be careful about lifetime issues MINOR BUG CONSTANT_ISSUE 5min assignIfError Mismatching assignment and comparison, comparison '' is always false Mismatching assignment and comparison, comparison '' is always false.

References

]]> cwe MINOR CONSTANT_ISSUE 5min badBitmaskCheck Result of operator '|' is always true if one operand is non-zero. Did you intend to use '&'? Result of operator '|' is always true if one operand is non-zero. Did you intend to use '&'?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min comparisonError Expression '(X & 0x6) == 0x1' is always false The expression '(X & 0x6) == 0x1' is always false. Check carefully constants and operators used, these errors might be hard to spot sometimes. In case of complex expression it might help to split it to separate expressions.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateCondition The if condition is the same as the previous if condition The if condition is the same as the previous if condition

References

]]> cwe MINOR CONSTANT_ISSUE 5min multiCondition Expression is always false because 'else if' condition matches previous condition at line 1 Expression is always false because 'else if' condition matches previous condition at line 1.

References

]]> cwe MINOR CONSTANT_ISSUE 5min mismatchingBitAnd Mismatching bitmasks. Result is always 0 (X = Y & 0xf0; Z = X & 0x1; => Z=0) Mismatching bitmasks. Result is always 0 (X = Y & 0xf0; Z = X & 0x1; => Z=0).

References

]]> cwe MINOR CONSTANT_ISSUE 5min oppositeInnerCondition Opposite inner 'if' condition leads to a dead code block Opposite inner 'if' condition leads to a dead code block (outer condition is 'x' and inner condition is '!x').

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min identicalInnerCondition Identical inner 'if' condition is always true Identical inner 'if' condition is always true (outer condition is 'x' and inner condition is 'x').

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min identicalConditionAfterEarlyExit Identical condition 'x', second condition is always false Identical condition 'x', second condition is always false

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min incorrectLogicOperator Logical disjunction always evaluates to true: foo > 3 && foo < 4 Logical disjunction always evaluates to true: foo > 3 && foo < 4. Are these conditions necessary? Did you intend to use && instead? Are the numbers correct? Are you comparing the correct variables?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min redundantCondition Redundant condition: If x > 11 the condition x > 10 is always true Redundant condition: If x > 11 the condition x > 10 is always true.

References

]]> cwe MINOR CONSTANT_ISSUE 5min moduloAlwaysTrueFalse Comparison of modulo result is predetermined, because it is always less than 1 Comparison of modulo result is predetermined, because it is always less than 1.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min clarifyCondition Suspicious condition (assignment + comparison); Clarify expression with parentheses Suspicious condition (assignment + comparison); Clarify expression with parentheses.

References

]]> cwe MINOR CONSTANT_ISSUE 5min knownConditionTrueFalse Condition 'x' is always false Condition 'x' is always false

References

]]> cwe MINOR CONSTANT_ISSUE 5min invalidTestForOverflow Invalid test for overflow 'x + c < x'; signed integer overflow is undefined behavior. Some mainstream compilers remove such overflow tests when optimising the code and assume it's always false Invalid test for overflow 'x + c < x'; signed integer overflow is undefined behavior. Some mainstream compilers remove such overflow tests when optimising the code and assume it's always false.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min pointerAdditionResultNotNull Comparison is wrong. Result of 'ptr+1' can't be 0 unless there is pointer overflow, and pointer overflow is undefined behaviour MINOR BUG CONSTANT_ISSUE 5min duplicateConditionalAssign Duplicate expression for the condition and assignment Duplicate expression for the condition and assignment.

References

]]> cwe MINOR CONSTANT_ISSUE 5min assignmentInCondition Suspicious assignment in condition. Condition 'x=y' is always true Suspicious assignment in condition. Condition 'x=y' is always true.

References

]]> cwe MINOR CONSTANT_ISSUE 5min compareValueOutOfTypeRangeError Comparing expression of type 'unsigned char' against value 256. Condition is always true Comparing expression of type 'unsigned char' against value 256. Condition is always true.

References

]]> cwe MINOR CONSTANT_ISSUE 5min exceptThrowInDestructor Class Class is not safe, destructor throws exception The class Class is not safe because its destructor throws an exception. If Class is used and an exception is thrown that is caught in an outer scope the program will terminate.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min exceptDeallocThrow Exception thrown in invalid state, 'p' points at deallocated memory Exception thrown in invalid state, 'p' points at deallocated memory.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min exceptRethrowCopy Throwing a copy of the caught exception instead of rethrowing the original exception Rethrowing an exception with 'throw varname;' creates an unnecessary copy of 'varname'. To rethrow the caught exception without unnecessary copying or slicing, use a bare 'throw;'.

References

]]> cwe MINOR CONSTANT_ISSUE 5min catchExceptionByValue Exception should be caught by reference The exception is caught by value. It could be caught as a (const) reference which is usually recommended in C++.

References

]]> cwe MINOR CONSTANT_ISSUE 5min throwInNoexceptFunction Exception thrown in function declared not to throw exceptions Exception thrown in function declared not to throw exceptions.

References

]]> cwe BUG CONSTANT_ISSUE 5min unhandledExceptionSpecification Unhandled exception specification when calling function foo() Unhandled exception specification when calling function foo(). Either use a try/catch around the function call, or add a exception specification for funcname() also.

References

]]> cwe MINOR CONSTANT_ISSUE 5min rethrowNoCurrentException Rethrowing current exception with 'throw;', it seems there is no current exception to rethrow. If there is no current exception this calls std::terminate(). More: https://isocpp.org/wiki/faq/exceptions#throw-without-an-object Rethrowing current exception with 'throw;', it seems there is no current exception to rethrow. If there is no current exception this calls std::terminate(). More: https://isocpp.org/wiki/faq/exceptions#throw-without-an-object

References

]]> cwe BUG CONSTANT_ISSUE 5min coutCerrMisusage Invalid usage of output stream: '<< std::cout' Invalid usage of output stream: '<< std::cout'.

References

]]> cwe BUG CONSTANT_ISSUE 5min fflushOnInputStream fflush() called on input stream 'stdin' may result in undefined behaviour on non-linux systems fflush() called on input stream 'stdin' may result in undefined behaviour on non-linux systems.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min IOWithoutPositioning Read and write operations without a call to a positioning function (fseek, fsetpos or rewind) or fflush in between result in undefined behaviour Read and write operations without a call to a positioning function (fseek, fsetpos or rewind) or fflush in between result in undefined behaviour.

References

]]> cwe BUG CONSTANT_ISSUE 5min readWriteOnlyFile Read operation on a file that was opened only for writing Read operation on a file that was opened only for writing.

References

]]> cwe BUG CONSTANT_ISSUE 5min writeReadOnlyFile Write operation on a file that was opened only for reading Write operation on a file that was opened only for reading.

References

]]> cwe BUG CONSTANT_ISSUE 5min useClosedFile Used file that is not opened Used file that is not opened.

References

]]> cwe BUG CONSTANT_ISSUE 5min seekOnAppendedFile Repositioning operation performed on a file opened in append mode has no effect Repositioning operation performed on a file opened in append mode has no effect.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min incompatibleFileOpen The file 'tmp' is opened for read and write access at the same time on different streams The file 'tmp' is opened for read and write access at the same time on different streams

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidscanf scanf() without field width limits can crash with huge input data scanf() without field width limits can crash with huge input data. Add a field width specifier to fix this problem. Sample program that can crash: #include int main() { char c[5]; scanf("%s", c); return 0; } Typing in 5 or more characters may make the program crash. The correct usage here is 'scanf("%4s", c);', as the maximum field width does not include the terminating null byte. Source: http://linux.die.net/man/3/scanf Source: http://www.opensource.appl e.com/source/xnu/xnu-1456.1.26/libkern/stdio/scanf.c

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min wrongPrintfScanfArgNum printf format string requires 3 parameters but only 2 are given printf format string requires 3 parameters but only 2 are given.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidScanfArgType_s %s in format string (no. 1) requires a 'char *' but the argument type is Unknown %s in format string (no. 1) requires a 'char *' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidScanfArgType_int %d in format string (no. 1) requires 'int *' but the argument type is Unknown %d in format string (no. 1) requires 'int *' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidScanfArgType_float %f in format string (no. 1) requires 'float *' but the argument type is Unknown %f in format string (no. 1) requires 'float *' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_s %s in format string (no. 1) requires 'char *' but the argument type is Unknown %s in format string (no. 1) requires 'char *' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_n %n in format string (no. 1) requires 'int *' but the argument type is Unknown %n in format string (no. 1) requires 'int *' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_p %p in format string (no. 1) requires an address but the argument type is Unknown %p in format string (no. 1) requires an address but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_uint %u in format string (no. 1) requires 'unsigned int' but the argument type is Unknown %u in format string (no. 1) requires 'unsigned int' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_sint %i in format string (no. 1) requires 'int' but the argument type is Unknown %i in format string (no. 1) requires 'int' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidPrintfArgType_float %f in format string (no. 1) requires 'double' but the argument type is Unknown %f in format string (no. 1) requires 'double' but the argument type is Unknown.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidLengthModifierError 'I' in format string (no. 1) is a length modifier and cannot be used without a conversion specifier 'I' in format string (no. 1) is a length modifier and cannot be used without a conversion specifier.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min invalidScanfFormatWidth Width 5 given in format string (no. 10) is larger than destination buffer '[0]', use %-1s to prevent overflowing it Width 5 given in format string (no. 10) is larger than destination buffer '[0]', use %-1s to prevent overflowing it.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidScanfFormatWidth_smaller Width -1 given in format string (no. 99) is smaller than destination buffer '[0]' MINOR BUG CONSTANT_ISSUE 5min wrongPrintfScanfParameterPositionError printf: referencing parameter 2 while 1 arguments given printf: referencing parameter 2 while 1 arguments given

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min deallocret Returning/dereferencing 'p' after it is deallocated / released Returning/dereferencing 'p' after it is deallocated / released

References

]]> cwe BUG CONSTANT_ISSUE 5min doubleFree Memory pointed to by 'varname' is freed twice Memory pointed to by 'varname' is freed twice.

References

]]> cwe BUG CONSTANT_ISSUE 5min leakNoVarFunctionCall Allocation with funcName, funcName doesn't release it Allocation with funcName, funcName doesn't release it.

References

]]> cwe BUG CONSTANT_ISSUE 5min leakReturnValNotUsed Return value of allocation function 'funcName' is not stored Return value of allocation function 'funcName' is not stored.

References

]]> cwe BUG CONSTANT_ISSUE 5min leakUnsafeArgAlloc Unsafe allocation. If funcName() throws, memory could be leaked. Use make_shared<int>() instead Unsafe allocation. If funcName() throws, memory could be leaked. Use make_shared() instead.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min publicAllocationError Possible leak in public function. The pointer 'varname' is not deallocated before it is allocated Possible leak in public function. The pointer 'varname' is not deallocated before it is allocated.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unsafeClassCanLeak Class 'class' is unsafe, 'class::varname' can leak by wrong usage The class 'class' is unsafe, wrong usage can cause memory/resource leaks for 'class::varname'. This can for instance be fixed by adding proper cleanup in the destructor.

References

]]> cwe MINOR CONSTANT_ISSUE 5min memleak Memory leak: varname Memory leak: varname

References

]]> cwe BUG CONSTANT_ISSUE 5min resourceLeak Resource leak: varname Resource leak: varname

References

]]> cwe BUG CONSTANT_ISSUE 5min deallocuse Dereferencing 'varname' after it is deallocated / released Dereferencing 'varname' after it is deallocated / released

References

]]> cwe BUG CONSTANT_ISSUE 5min mismatchAllocDealloc Mismatching allocation and deallocation: varname Mismatching allocation and deallocation: varname

References

]]> cwe BUG CONSTANT_ISSUE 5min memleakOnRealloc Common realloc mistake: 'varname' nulled but not freed upon failure Common realloc mistake: 'varname' nulled but not freed upon failure

References

]]> cwe BUG CONSTANT_ISSUE 5min nullPointer Null pointer dereference Null pointer dereference

References

]]> cwe BUG CONSTANT_ISSUE 5min nullPointerDefaultArg Possible null pointer dereference if the default parameter value is used: pointer Possible null pointer dereference if the default parameter value is used: pointer

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min nullPointerRedundantCheck Either the condition is redundant or there is possible null pointer dereference: pointer Either the condition is redundant or there is possible null pointer dereference: pointer.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min nullPointerOutOfMemory Null pointer dereference Null pointer dereference

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min nullPointerOutOfResources Null pointer dereference Null pointer dereference

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min nullPointerArithmetic Pointer arithmetic with NULL pointer Pointer arithmetic with NULL pointer.

References

]]> cwe BUG CONSTANT_ISSUE 5min nullPointerArithmeticRedundantCheck Either the condition is redundant or there is pointer arithmetic with NULL pointer Either the condition is redundant or there is pointer arithmetic with NULL pointer.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min zerodiv Division by zero Division by zero.

References

]]> cwe BUG CONSTANT_ISSUE 5min zerodivcond Either the condition is redundant or there is division by zero Either the condition is redundant or there is division by zero.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unusedScopedObject Instance of 'varname' object is destroyed immediately Instance of 'varname' object is destroyed immediately.

References

]]> cwe MINOR CONSTANT_ISSUE 5min invalidPointerCast Casting between float * and double * which have an incompatible binary data representation Casting between float * and double * which have an incompatible binary data representation.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min shiftNegativeLHS Shifting a negative value is technically undefined behaviour Shifting a negative value is technically undefined behaviour

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min shiftNegative Shifting by a negative value is undefined behaviour Shifting by a negative value is undefined behaviour

References

]]> cwe BUG CONSTANT_ISSUE 5min raceAfterInterlockedDecrement Race condition: non-interlocked access after InterlockedDecrement(). Use InterlockedDecrement() return value instead Race condition: non-interlocked access after InterlockedDecrement(). Use InterlockedDecrement() return value instead.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidFree Mismatching address is freed. The address you get from malloc() must be freed without offset BUG CONSTANT_ISSUE 5min overlappingWriteUnion Overlapping read/write of union is undefined behavior BUG CONSTANT_ISSUE 5min overlappingWriteFunction Overlapping read/write in funcname() is undefined behavior BUG CONSTANT_ISSUE 5min redundantCopyLocalConst Use const reference for 'varname' to avoid unnecessary data copying The const variable 'varname' is assigned a copy of the data. You can avoid the unnecessary data copying by converting 'varname' to const reference.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min redundantCopy Buffer 'var' is being written before its old content has been used Buffer 'var' is being written before its old content has been used.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min comparisonFunctionIsAlwaysTrueOrFalse Comparison of two identical variables with isless(varName,varName) always evaluates to false The function isless is designed to compare two variables. Calling this function with one variable (varName) for both parameters leads to a statement which is always false.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min checkCastIntToCharAndBack Storing func_name() return value in char variable and then comparing with EOF When saving func_name() return value in char variable there is loss of precision. When func_name() returns EOF this value is truncated. Comparing the char variable with EOF can have unexpected results. For instance a loop "while (EOF != (c = func_name());" loops forever on some compilers/platforms and on other compilers/platforms it will stop when the file contains a matching character.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min cstyleCast C-style pointer casting C-style pointer casting detected. C++ offers four different kinds of casts as replacements: static_cast, const_cast, dynamic_cast and reinterpret_cast. A C-style cast could evaluate to any of those automatically, thus it is considered safer if the programmer explicitly states which kind of cast is expected.

References

]]> cwe MINOR CONSTANT_ISSUE 5min suspiciousFloatingPointCast Floating-point cast causes loss of precision If this cast is not intentional, remove it to avoid loss of precision

References

]]> cwe MINOR CONSTANT_ISSUE 5min passedByValue Function parameter '' should be passed by const reference Parameter '' is passed by value. It could be passed as a const reference which is usually faster and recommended in C++.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min constParameter Parameter 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constVariable Variable 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constParameterReference Parameter 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constVariableReference Variable 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constParameterPointer Parameter 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constVariablePointer Variable 'x' can be declared with const MINOR CONSTANT_ISSUE 5min constParameterCallback Parameter 'x' can be declared with const, however it seems that 'f' is a callback function MINOR CONSTANT_ISSUE 5min constStatement Redundant code: Found a statement that begins with type constant Redundant code: Found a statement that begins with type constant.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min signedCharArrayIndex Signed 'char' type used as array index Signed 'char' type used as array index. If the value can be greater than 127 there will be a buffer underflow because of sign extension.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unknownSignCharArrayIndex 'char' type used as array index 'char' type used as array index. Values greater than 127 will be treated depending on whether 'char' is signed or unsigned on target platform.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min charBitOp When using 'char' variables in bit operations, sign extension can generate unexpected results When using 'char' variables in bit operations, sign extension can generate unexpected results. For example: char c = 0x80; int i = 0 | c; if (i & 0x8000) printf("not expected"); The "not expected" will be printed on the screen.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min variableScope The scope of the variable 'varname' can be reduced The scope of the variable 'varname' can be reduced. Warning: Be careful when fixing this message, especially when there are inner loops. Here is an example where cppcheck will write that the scope for 'i' can be reduced: void f(int x) { int i = 0; if (x) { // it's safe to move 'int i = 0;' here for (int n = 0; n < 10; ++n) { // it is possible but not safe to move 'int i = 0;' here do_something(&i); } } } When you see this message it is always safe to reduce the variable scope 1 level.

References

]]> cwe MINOR CONSTANT_ISSUE 5min redundantAssignInSwitch Variable 'var' is reassigned a value before the old one has been used. 'break;' missing? Variable 'var' is reassigned a value before the old one has been used. 'break;' missing?

References

]]> cwe MINOR CONSTANT_ISSUE 5min suspiciousCase Found suspicious case label in switch(). Operator '||' probably doesn't work as intended Using an operator like '||' in a case label is suspicious. Did you intend to use a bitwise operator, multiple case labels or if/else instead?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min selfAssignment Redundant assignment of 'varname' to itself Redundant assignment of 'varname' to itself.

References

]]> cwe MINOR CONSTANT_ISSUE 5min clarifyCalculation Clarify calculation precedence for '+' and '?' Suspicious calculation. Please use parentheses to clarify the code. The code ''a+b?c:d'' should be written as either ''(a+b)?c:d'' or ''a+(b?c:d)''.

References

]]> cwe MINOR CONSTANT_ISSUE 5min clarifyStatement In expression like '*A++' the result of '*' is unused. Did you intend to write '(*A)++;'? A statement like '*A++;' might not do what you intended. Postfix 'operator++' is executed before 'operator*'. Thus, the dereference is meaningless. Did you intend to write '(*A)++;'?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min duplicateBranch Found duplicate branches for 'if' and 'else' Finding the same code in an 'if' and related 'else' branch is suspicious and might indicate a cut and paste or logic error. Please examine this code carefully to determine if it is correct.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateAssignExpression Same expression used in consecutive assignments of 'x' and 'x' Finding variables 'x' and 'x' that are assigned the same expression is suspicious and might indicate a cut and paste or logic error. Please examine this code carefully to determine if it is correct.

References

]]> cwe MINOR CONSTANT_ISSUE 5min oppositeExpression Opposite expression on both sides of '&&' Finding the opposite expression on both sides of an operator is suspicious and might indicate a cut and paste or logic error. Please examine this code carefully to determine if it is correct.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateExpression Same expression on both sides of '&&' Finding the same expression on both sides of an operator is suspicious and might indicate a cut and paste or logic error. Please examine this code carefully to determine if it is correct.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateValueTernary Same value in both branches of ternary operator Finding the same value in both branches of ternary operator is suspicious as the same code is executed regardless of the condition.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateExpressionTernary Same expression in both branches of ternary operator Finding the same expression in both branches of ternary operator is suspicious as the same code is executed regardless of the condition.

References

]]> cwe MINOR CONSTANT_ISSUE 5min duplicateBreak Consecutive return, break, continue, goto or throw statements are unnecessary Consecutive return, break, continue, goto or throw statements are unnecessary. The second statement can never be executed, and so should be removed.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unreachableCode Statements following return, break, continue, goto or throw will never be executed Statements following return, break, continue, goto or throw will never be executed.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unsignedLessThanZero Checking if unsigned expression 'varname' is less than zero The unsigned expression 'varname' will never be negative so it is either pointless or an error to check if it is.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unsignedPositive Unsigned expression 'varname' can't be negative so it is unnecessary to test it Unsigned expression 'varname' can't be negative so it is unnecessary to test it.

References

]]> cwe MINOR CONSTANT_ISSUE 5min pointerLessThanZero A pointer can not be negative so it is either pointless or an error to check if it is A pointer can not be negative so it is either pointless or an error to check if it is.

References

]]> cwe MINOR CONSTANT_ISSUE 5min pointerPositive A pointer can not be negative so it is either pointless or an error to check if it is not A pointer can not be negative so it is either pointless or an error to check if it is not.

References

]]> cwe MINOR CONSTANT_ISSUE 5min suspiciousSemicolon Suspicious use of ; at the end of '' statement Suspicious use of ; at the end of '' statement.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min incompleteArrayFill Array 'buffer' is filled incompletely. Did you forget to multiply the size given to 'memset()' with 'sizeof(*buffer)'? The array 'buffer' is filled incompletely. The function 'memset()' needs the size given in bytes, but an element of the given array is larger than one byte. Did you forget to multiply the size with 'sizeof(*buffer)'?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min varFuncNullUB Passing NULL after the last typed argument to a variadic function leads to undefined behaviour Passing NULL after the last typed argument to a variadic function leads to undefined behaviour. The C99 standard, in section 7.15.1.1, states that if the type used by va_arg() is not compatible with the type of the actual next argument (as promoted according to the default argument promotions), the behavior is undefined. The value of the NULL macro is an implementation-defined null pointer constant (7.17), which can be any integer constant expression with the value 0, or such an expression casted to (void*) (6.3.2.3). This includes values like 0, 0L, or even 0LL. In practice on common architectures, this will cause real crashes if sizeof(int) != sizeof(void*), and NULL is defined to 0 or any other null pointer constant that promotes to int. To reproduce you might be able to use this little code example on 64bit platforms. If the output includes "ERROR", the sentinel had only 4 out of 8 bytes initialized to zero and was not detected as the final argument to stop argument processing via va_arg(). Changing the 0 to (void*)0 or 0L will make the "ERROR" output go away. #include #include void f(char *s, ...) { va_list ap; va_start(ap,s); for (;;) { char *p = va_arg(ap,char*); printf("%018p, %s\n", p, (long)p & 255 ? p : ""); if(!p) break; } va_end(ap); } void g() { char *s2 = "x"; char *s3 = "ERROR"; // changing 0 to 0L for the 7th argument (which is intended to act as sentinel) makes the error go away on x86_64 f("first", s2, s2, s2, s2, s2, 0, s3, (char*)0); } void h() { int i; volatile unsigned char a[1000]; for (i = 0; i

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min nanInArithmeticExpression Using NaN/Inf in a computation Using NaN/Inf in a computation. Although nothing bad really happens, it is suspicious.

References

]]> cwe MINOR CONSTANT_ISSUE 5min commaSeparatedReturn Comma is used in return statement. The comma can easily be misread as a ';' Comma is used in return statement. When comma is used in a return statement it can easily be misread as a semicolon. For example in the code below the value of 'b' is returned if the condition is true, but it is easy to think that 'a+1' is returned: if (x) return a + 1, b++; However it can be useful to use comma in macros. Cppcheck does not warn when such a macro is then used in a return statement, it is less likely such code is misunderstood.

References

]]> cwe MINOR CONSTANT_ISSUE 5min redundantPointerOp Redundant pointer operation on 'varname' - it's already a pointer Redundant pointer operation on 'varname' - it's already a pointer.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unusedLabel Label '' is not used Label '' is not used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unusedLabelConfiguration Label '' is not used. There is #if in function body so the label might be used in code that is removed by the preprocessor Label '' is not used. There is #if in function body so the label might be used in code that is removed by the preprocessor.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unusedLabelSwitch Label '' is not used. Should this be a 'case' of the enclosing switch()? Label '' is not used. Should this be a 'case' of the enclosing switch()?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unusedLabelSwitchConfiguration Label '' is not used. There is #if in function body so the label might be used in code that is removed by the preprocessor. Should this be a 'case' of the enclosing switch()? Label '' is not used. There is #if in function body so the label might be used in code that is removed by the preprocessor. Should this be a 'case' of the enclosing switch()?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min unknownEvaluationOrder Expression 'x = x++;' depends on order of evaluation of side effects Expression 'x = x++;' depends on order of evaluation of side effects

References

]]> cwe BUG CONSTANT_ISSUE 5min accessMoved Access of moved variable 'v' Access of moved variable 'v'.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min accessForwarded Access of forwarded variable 'v' Access of forwarded variable 'v'.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min funcArgNamesDifferent Function 'function' argument 2 names different: declaration 'A' definition 'B' Function 'function' argument 2 names different: declaration 'A' definition 'B'.

References

]]> cwe MINOR CONSTANT_ISSUE 5min redundantBitwiseOperationInSwitch Redundant bitwise operation on 'varname' in 'switch' statement. 'break;' missing? MINOR CONSTANT_ISSUE 5min shadowVariable Local variable 'variable' shadows outer variable Local variable 'variable' shadows outer variable

References

]]> cwe MINOR CONSTANT_ISSUE 5min shadowFunction Local variable 'function' shadows outer function Local variable 'function' shadows outer function

References

]]> cwe MINOR CONSTANT_ISSUE 5min shadowArgument Local variable 'argument' shadows outer argument Local variable 'argument' shadows outer argument

References

]]> cwe MINOR CONSTANT_ISSUE 5min knownArgument Argument 'x-x' to function 'func' is always 0. It does not matter what value 'x' has MINOR CONSTANT_ISSUE 5min knownArgumentHiddenVariableExpression Argument 'x*0' to function 'func' is always 0. Constant literal calculation disable/hide variable expression 'x' MINOR CONSTANT_ISSUE 5min knownPointerToBool Pointer expression 'p' converted to bool is always true MINOR CONSTANT_ISSUE 5min comparePointers Comparing pointers that point to different objects Comparing pointers that point to different objects

References

]]> cwe BUG CONSTANT_ISSUE 5min redundantAssignment Variable 'var' is reassigned a value before the old one has been used Variable 'var' is reassigned a value before the old one has been used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min redundantInitialization Redundant initialization for 'var'. The initialized value is overwritten before it is read Redundant initialization for 'var'. The initialized value is overwritten before it is read.

References

]]> cwe MINOR CONSTANT_ISSUE 5min funcArgOrderDifferent Function 'function' argument order different: declaration '' definition '' Function 'function' argument order different: declaration '' definition ''

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min moduloofone Modulo of one is always equal to zero MINOR CONSTANT_ISSUE 5min containerOutOfBounds Out of bounds access in expression 'container[x]' Out of bounds access in expression 'container[x]'

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidIterator1 Invalid iterator: iterator Invalid iterator: iterator

References

]]> cwe BUG CONSTANT_ISSUE 5min iterators1 Same iterator is used with different containers 'container1' and 'container2' Same iterator is used with different containers 'container1' and 'container2'.

References

]]> cwe BUG CONSTANT_ISSUE 5min iterators2 Same iterator is used with different containers 'container0' and 'container1' Same iterator is used with different containers 'container0' and 'container1'.

References

]]> cwe BUG CONSTANT_ISSUE 5min iterators3 Same iterator is used with containers 'container' that are temporaries or defined in different scopes Same iterator is used with containers 'container' that are temporaries or defined in different scopes.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidContainerLoop Calling 'erase' while iterating the container is invalid Calling 'erase' while iterating the container is invalid.

References

]]> cwe BUG CONSTANT_ISSUE 5min invalidContainer Using object that may be invalid Using object that may be invalid.

References

]]> cwe BUG CONSTANT_ISSUE 5min mismatchingContainerIterator Iterator 'it' referring to container 'v2' is used with container 'v1' Iterator 'it' referring to container 'v2' is used with container 'v1'.

References

]]> cwe BUG CONSTANT_ISSUE 5min mismatchingContainers Iterators of different containers 'v1' and 'v2' are used together Iterators of different containers 'v1' and 'v2' are used together.

References

]]> cwe BUG CONSTANT_ISSUE 5min mismatchingContainerExpression Iterators to containers from different expressions 'v1' and 'v2' are used together Iterators to containers from different expressions 'v1' and 'v2' are used together.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sameIteratorExpression Same iterators expression are used for algorithm Same iterators expression are used for algorithm.

References

]]> cwe MINOR CONSTANT_ISSUE 5min eraseDereference Invalid iterator 'iter' used The iterator 'iter' is invalid before being assigned. Dereferencing or comparing it with another iterator is invalid operation.

References

]]> cwe BUG CONSTANT_ISSUE 5min stlOutOfBounds When i==foo.size(), foo[i] is out of bounds When i==foo.size(), foo[i] is out of bounds.

References

]]> cwe BUG CONSTANT_ISSUE 5min negativeContainerIndex Array index -1 is out of bounds Array index -1 is out of bounds.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlBoundaries Dangerous comparison using operator< on iterator Iterator compared with operator<. This is dangerous since the order of items in the container is not guaranteed. One should use operator!= instead to compare iterators.

References

]]> cwe BUG CONSTANT_ISSUE 5min stlIfFind Suspicious condition. The result of find() is an iterator, but it is not properly checked Suspicious condition. The result of find() is an iterator, but it is not properly checked.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlIfStrFind Inefficient usage of string::find() in condition; string::starts_with() could be faster Either inefficient or wrong usage of string::find(). string::starts_with() will be faster if string::find's result is compared with 0, because it will not scan the whole string. If your intention is to check that there are no findings in the string, you should compare with std::string::npos.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlFindInsert Searching before insertion is not necessary Searching before insertion is not necessary.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlcstr Dangerous usage of c_str(). The value returned by c_str() is invalid after this call Dangerous usage of c_str(). The c_str() return value is only valid until its string is deleted.

References

]]> cwe BUG CONSTANT_ISSUE 5min stlcstrReturn Returning the result of c_str() in a function that returns std::string is slow and redundant The conversion from const char* as returned by c_str() to std::string creates an unnecessary string copy. Solve that by directly returning the string.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlcstrParam Passing the result of c_str() to a function that takes std::string as argument no. 0 is slow and redundant The conversion from const char* as returned by c_str() to std::string creates an unnecessary string copy or length calculation. Solve that by directly passing the string.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stlcstrthrow Dangerous usage of c_str(). The value returned by c_str() is invalid after throwing exception BUG CONSTANT_ISSUE 5min stlSize Possible inefficient checking for 'list' emptiness Checking for 'list' emptiness might be inefficient. Using list.empty() instead of list.size() can be faster. list.size() can take linear time but list.empty() is guaranteed to take constant time.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min StlMissingComparison Missing bounds check for extra iterator increment in loop The iterator incrementing is suspicious - it is incremented at line and then at line . The loop might unintentionally skip an element in the container. There is no comparison between these increments to prevent that the iterator is incremented beyond the end.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min redundantIfRemove Redundant checking of STL container element existence before removing it Redundant checking of STL container element existence before removing it. It is safe to call the remove method on a non-existing element.

References

]]> cwe MINOR CONSTANT_ISSUE 5min uselessCallsCompare It is inefficient to call 'str.find(str)' as it always returns 0 'std::string::find()' returns zero when given itself as parameter (str.find(str)). As it is currently the code is inefficient. It is possible either the string searched ('str') or searched for ('str') is wrong.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uselessCallsSwap It is inefficient to swap a object with itself by calling 'str.swap(str)' The 'swap()' function has no logical effect when given itself as parameter (str.swap(str)). As it is currently the code is inefficient. Is the object or the parameter wrong here?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uselessCallsSubstr Ineffective call of function 'substr' because it returns a copy of the object. Use operator= instead Ineffective call of function 'substr' because it returns a copy of the object. Use operator= instead.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uselessCallsEmpty Ineffective call of function 'empty()'. Did you intend to call 'clear()' instead? Ineffective call of function 'empty()'. Did you intend to call 'clear()' instead?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min uselessCallsRemove Return value of std::remove() ignored. Elements remain in container The return value of std::remove() is ignored. This function returns an iterator to the end of the range containing those elements that should be kept. Elements past new end remain valid but with unspecified values. Use the erase method of the container to delete them.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min derefInvalidIterator Possible dereference of an invalid iterator: i Possible dereference of an invalid iterator: i. Make sure to check that the iterator is valid before dereferencing it - not after.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min eraseIteratorOutOfBounds Calling function 'erase()' on the iterator 'iter' which is out of bounds Calling function 'erase()' on the iterator 'iter' which is out of bounds.

References

]]> cwe BUG CONSTANT_ISSUE 5min eraseIteratorOutOfBoundsCond Either the condition 'x' is redundant or function 'erase()' is called on the iterator 'iter' which is out of bounds Either the condition 'x' is redundant or function 'erase()' is called on the iterator 'iter' which is out of bounds.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min useStlAlgorithm Consider using algorithm instead of a raw loop Consider using algorithm instead of a raw loop.

References

]]> cwe MINOR CONSTANT_ISSUE 5min knownEmptyContainer Iterating over container 'var' that is always empty Iterating over container 'var' that is always empty.

References

]]> cwe MINOR CONSTANT_ISSUE 5min globalLockGuard Lock guard is defined globally. Lock guards are intended to be local. A global lock guard could lead to a deadlock since it won't unlock until the end of the program Lock guard is defined globally. Lock guards are intended to be local. A global lock guard could lead to a deadlock since it won't unlock until the end of the program.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min localMutex The lock is ineffective because the mutex is locked at the same scope as the mutex itself The lock is ineffective because the mutex is locked at the same scope as the mutex itself.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofwithsilentarraypointer Using 'sizeof' on array given as function argument returns size of a pointer Using 'sizeof' for array given as function argument returns the size of a pointer. It does not return the size of the whole array in bytes as might be expected. For example, this code: int f(char a[100]) { return sizeof(a); } returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 100 (the size of the array in bytes).

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min pointerSize Size of pointer 'varname' used instead of size of its data Size of pointer 'varname' used instead of size of its data. This is likely to lead to a buffer overflow. You probably intend to write 'sizeof(*varname)'.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofDivisionMemfunc Division by result of sizeof(). memset() expects a size in bytes, did you intend to multiply instead? Division by result of sizeof(). memset() expects a size in bytes, did you intend to multiply instead?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofwithnumericparameter Suspicious usage of 'sizeof' with a numeric constant as parameter It is unusual to use a constant value with sizeof. For example, 'sizeof(10)' returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 10. 'sizeof('A')' and 'sizeof(char)' can return different results.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofsizeof Calling 'sizeof' on 'sizeof' Calling sizeof for 'sizeof looks like a suspicious code and most likely there should be just one 'sizeof'. The current code is equivalent to 'sizeof(size_t)'

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofCalculation Found calculation inside sizeof() Found calculation inside sizeof().

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofFunctionCall Found function call inside sizeof() Found function call inside sizeof().

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min multiplySizeof Multiplying sizeof() with sizeof() indicates a logic error Multiplying sizeof() with sizeof() indicates a logic error.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min divideSizeof Division of result of sizeof() on pointer type Division of result of sizeof() on pointer type. sizeof() returns the size of the pointer, not the size of the memory area it points to.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofVoid Behaviour of 'sizeof(void)' is not covered by the ISO C standard Behaviour of 'sizeof(void)' is not covered by the ISO C standard. A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min sizeofDereferencedVoidPointer '*varname' is of type 'void', the behaviour of 'sizeof(void)' is not covered by the ISO C standard '*varname' is of type 'void', the behaviour of 'sizeof(void)' is not covered by the ISO C standard. A value for 'sizeof(void)' is defined only as part of a GNU C extension, which defines 'sizeof(void)' to be 1.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min arithOperationsOnVoidPointer 'varname' is of type 'vartype'. When using void pointers in calculations, the behaviour is undefined 'varname' is of type 'vartype'. When using void pointers in calculations, the behaviour is undefined. Arithmetic operations on 'void *' is a GNU C extension, which defines the 'sizeof(void)' to be 1.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stringLiteralWrite Modifying string literal directly or indirectly is undefined behaviour Modifying string literal directly or indirectly is undefined behaviour.

References

]]> cwe BUG CONSTANT_ISSUE 5min sprintfOverlappingData Undefined behavior: Variable 'varname' is used as parameter and destination in s[n]printf() The variable 'varname' is used both as a parameter and as destination in s[n]printf(). The origin and destination buffers overlap. Quote from glibc (C-library) documentation (http://www.gnu.org/software/libc /manual/html_mono/libc.html#Formatted-Output-Functions): "If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined."

References

]]> cwe BUG CONSTANT_ISSUE 5min strPlusChar Unusual pointer arithmetic. A value of type 'char' is added to a string literal Unusual pointer arithmetic. A value of type 'char' is added to a string literal.

References

]]> cwe BUG CONSTANT_ISSUE 5min incorrectStringCompare String literal "Hello World" doesn't match length argument for substr() String literal "Hello World" doesn't match length argument for substr().

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min literalWithCharPtrCompare String literal compared with variable 'foo'. Did you intend to use strcmp() instead? String literal compared with variable 'foo'. Did you intend to use strcmp() instead?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min charLiteralWithCharPtrCompare Char literal compared with pointer 'foo'. Did you intend to dereference it? Char literal compared with pointer 'foo'. Did you intend to dereference it?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min incorrectStringBooleanError Conversion of string literal "Hello World" to bool always evaluates to true Conversion of string literal "Hello World" to bool always evaluates to true.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min incorrectCharBooleanError Conversion of char literal 'x' to bool always evaluates to true Conversion of char literal 'x' to bool always evaluates to true.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min staticStringCompare Unnecessary comparison of static strings The compared strings, 'str1' and 'str2', are always unequal. Therefore the comparison is unnecessary and looks suspicious.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min stringCompare Comparison of identical string variables The compared strings, 'varname1' and 'varname2', are identical. This could be a logic bug.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min overlappingStrcmp The expression 'strcmp(x,"def") != 0' is suspicious. It overlaps 'strcmp(x,"abc") == 0' MINOR BUG CONSTANT_ISSUE 5min shiftTooManyBits Shifting 32-bit value by 40 bits is undefined behaviour Shifting 32-bit value by 40 bits is undefined behaviour

References

]]> cwe BUG CONSTANT_ISSUE 5min shiftTooManyBitsSigned Shifting signed 32-bit value by 31 bits is undefined behaviour Shifting signed 32-bit value by 31 bits is undefined behaviour

References

]]> cwe BUG CONSTANT_ISSUE 5min integerOverflow Signed integer overflow for expression '' Signed integer overflow for expression ''.

References

]]> cwe BUG CONSTANT_ISSUE 5min signConversion Expression 'var' can have a negative value. That is converted to an unsigned value and used in an unsigned calculation Expression 'var' can have a negative value. That is converted to an unsigned value and used in an unsigned calculation.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min truncLongCastAssignment int result is assigned to long variable. If the variable is long to avoid loss of information, then you have loss of information int result is assigned to long variable. If the variable is long to avoid loss of information, then there is loss of information. To avoid loss of information you must cast a calculation operand to long, for example 'l = a * b;' => 'l = (long)a * b;'.

References

]]> cwe MINOR CONSTANT_ISSUE 5min truncLongCastReturn int result is returned as long value. If the return value is long to avoid loss of information, then you have loss of information int result is returned as long value. If the return value is long to avoid loss of information, then there is loss of information. To avoid loss of information you must cast a calculation operand to long, for example 'return a*b;' => 'return (long)a*b'.

References

]]> cwe MINOR CONSTANT_ISSUE 5min floatConversionOverflow Undefined behaviour: float (1e+100) to integer conversion overflow Undefined behaviour: float (1e+100) to integer conversion overflow.

References

]]> cwe BUG CONSTANT_ISSUE 5min uninitdata Memory is allocated but not initialized: varname Memory is allocated but not initialized: varname

References

]]> cwe BUG CONSTANT_ISSUE 5min uninitStructMember Uninitialized struct member: a.b Uninitialized struct member: a.b

References

]]> cwe BUG CONSTANT_ISSUE 5min unusedVariable Unused variable: varname Unused variable: varname

References

]]> cwe MINOR CONSTANT_ISSUE 5min unusedAllocatedMemory Variable 'varname' is allocated memory that is never used Variable 'varname' is allocated memory that is never used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unreadVariable Variable 'varname' is assigned a value that is never used Variable 'varname' is assigned a value that is never used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unassignedVariable Variable 'varname' is not assigned a value Variable 'varname' is not assigned a value.

References

]]> cwe MINOR CONSTANT_ISSUE 5min unusedStructMember struct member 'structname::variable' is never used struct member 'structname::variable' is never used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min postfixOperator Prefer prefix ++/-- operators for non-primitive types Prefix ++/-- operators should be preferred for non-primitive types. Pre-increment/decrement can be more efficient than post- increment/decrement. Post-increment/decrement usually involves keeping a copy of the previous value around and adds a little extra code.

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min va_start_wrongParameter 'arg1' given to va_start() is not last named argument of the function. Did you intend to pass 'arg2'? 'arg1' given to va_start() is not last named argument of the function. Did you intend to pass 'arg2'?

References

]]> cwe MINOR BUG CONSTANT_ISSUE 5min va_start_referencePassed Using reference 'arg1' as parameter for va_start() results in undefined behaviour Using reference 'arg1' as parameter for va_start() results in undefined behaviour.

References

]]> cwe BUG CONSTANT_ISSUE 5min va_end_missing va_list 'vl' was opened but not closed by va_end() va_list 'vl' was opened but not closed by va_end().

References

]]> cwe BUG CONSTANT_ISSUE 5min va_list_usedBeforeStarted va_list 'vl' used before va_start() was called va_list 'vl' used before va_start() was called.

References

]]> cwe BUG CONSTANT_ISSUE 5min va_start_subsequentCalls va_start() or va_copy() called subsequently on 'vl' without va_end() in between va_start() or va_copy() called subsequently on 'vl' without va_end() in between.

References

]]> cwe BUG CONSTANT_ISSUE 5min unusedFunction The function 'funcName' is never used The function 'funcName' is never used.

References

]]> cwe MINOR CONSTANT_ISSUE 5min missingInclude Include file: "" not found MINOR CONSTANT_ISSUE 5min missingIncludeSystem Include file: <> not found. Please note: Cppcheck does not need standard library headers to get proper results not found. Please note: Cppcheck does not need standard library headers to get proper results.]]> MINOR CONSTANT_ISSUE 5min preprocessorErrorDirective #error message BUG CONSTANT_ISSUE 5min invalidConstFunctionType It is unspecified behavior to const qualify a function type MINOR BUG CONSTANT_ISSUE 5min class_X_Y The code ' ' is not handled. You can use -I or --include to add handling of this code MINOR CONSTANT_ISSUE 5min macroWithSemicolon Ensure that '' is defined either using -I, --include or -D MINOR CONSTANT_ISSUE 5min nonStandardCharLiteral Non-standard character literal. MINOR BUG CONSTANT_ISSUE 5min