Classification of PVS-Studio warnings according to the Common Weakness Enumeration (CWE)
The Common Weakness Enumeration (CWE) is a category system for software weaknesses and vulnerabilities. It is sustained by a community project with the goals of understanding flaws in software and creating automated tools that can be used to identify, fix, and prevent those flaws.
CCR (Coverage Claims Representation) for PVS-Studio is available here.
C/C++ warnings
Error Code |
Error Description |
Mapping |
---|---|---|
Identical sub-expressions to the left and to the right of 'foo' operator. |
||
The '?:' operator may not work as expected. The '?:' operator has a lower priority than the 'foo' operator. |
||
Nonsensical comparison: pointer < 0. |
||
Semicolon ';' is probably missing after the 'return' keyword. |
||
The 'alloca' function is used inside the loop. This can quickly overflow stack. |
||
Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid. |
||
Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid. |
||
The 'new type(n)' pattern was detected. Probably meant: 'new type[n]'. |
||
Exceptions raised inside noexcept functions must be wrapped in a try..catch block. |
||
The 'Foo' function receives class-type variable as Nth actual argument. This is unexpected behavior. |
||
The sizeof() operator returns pointer size instead of array size. |
||
Call of the 'Foo' function will lead to buffer overflow. |
CWE-119, CWE-125, CWE-193, CWE-467, CWE-682, CWE-787, CWE-806 |
|
Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. |
||
Potential logical error. Size of a pointer is divided by another value. |
||
The 'delete' operator is applied to non-pointer. |
||
Non-null function pointer is compared to null. Consider inspecting the expression. |
||
Potential logical error. The 'if (A) {...} else if (A) {...}' pattern was detected. |
||
The 'malloc' function allocates suspicious amount of memory calculated by 'strlen(expr)'. Perhaps the correct expression is strlen(expr) + 1. |
||
The 'x' variable is assigned values twice successively. Perhaps this is a mistake. |
||
Comma operator ',' in array index expression. |
||
Expressions that use comma operator ',' are dangerous. Make sure the expression is correct. |
||
Possible null pointer dereference. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
Code contains collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ... |
||
The 'strcmp' function returns 0 if corresponding strings are equal. Consider inspecting the condition for mistakes. |
||
The 'zero' value is assigned to pointer. Probably meant: *ptr = zero. |
||
Pointer is compared with 'zero' value. Probably meant: *ptr != zero. |
||
Suspicious semicolon ';' after 'if/for/while' operator. |
||
Return value of 'Foo' function is required to be used. |
||
The sizeof() operator is multiplied by sizeof(). Consider inspecting the expression. |
||
Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'. |
||
It is possible that a wrong variable is incremented inside the 'for' operator. Consider inspecting 'X'. |
||
It is possible that a wrong variable is compared inside the 'for' operator. Consider inspecting 'X'. |
||
The 'X' variable is used for this loop and outer loops. |
||
Constant value is represented by an octal form. |
||
Potential incorrect use of item 'X'. Consider inspecting the expression. |
||
Iterators are passed as arguments to 'Foo' function. Consider inspecting the expression. |
||
Member 'x' should point to string terminated by two 0 characters. |
||
String is printed into itself. Consider inspecting the expression. |
||
Suspicious type cast: 'Type1' to ' Type2'. Consider inspecting the expression. |
||
It is suspicious that value 'X' is assigned to the variable 'Y' of HRESULT type. |
||
It is suspicious that the value 'X' of HRESULT type is compared with 'Y'. |
||
Conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead. |
||
The 'Foo(Foo)' class member is initialized with itself. |
||
Expression is always true/false. |
||
TYPE X[][] is not equivalent to TYPE **X. Consider inspecting type casting. |
||
The 'first' argument of 'Foo' function is equal to the 'second' argument. |
||
Suspicious precise comparison. Consider using a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon. |
||
Unreachable code under a 'case' label. |
||
A bool type variable is incremented. Perhaps another variable should be incremented instead. |
||
Incorrect use of smart pointer. |
||
Expression of the 'A - B > 0' kind will work as 'A != B'. |
||
Values of different enum types are compared. |
||
Possible array overrun. |
||
Function returns pointer/reference to temporary local object. |
||
Suspicious assignment inside the conditional expression of 'if/while/for' statement. |
||
Part of conditional expression is always true/false. |
||
Consider assigning value to 'foo' variable instead of declaring it anew. |
||
Bool type value is compared with value of N. Consider inspecting the expression. |
||
An 'else' branch may apply to the previous 'if' statement. |
||
The '&' or '|' operator is applied to bool type value. Check for missing parentheses or use the '&&' or '||' operator. |
||
Empty exception handler. Silent suppression of exceptions can hide errors in source code during testing. |
||
Integer constant is converted to pointer. Check for an error or bad coding style. |
||
Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. |
||
It is suspicious that the argument of sizeof() operator is the expression. |
||
Truncation of constant value. |
||
Variable is assigned to itself. |
||
Recurring check. This condition was already verified in previous line. |
||
Object created using 'new' operator is immediately cast to another type. Consider inspecting the expression. |
||
Use of uninitialized variable 'Foo'. The variable was used to initialize itself. |
||
Pointer is used both as an array and as a pointer to single object. |
||
Function receives suspicious argument. |
||
Incorrect format. Consider checking the Nth actual argument of the 'Foo' function. |
||
Label is present inside switch(). Check for typos and consider using the 'default:' operator instead. |
||
Suspicious bitwise operation was detected. Consider inspecting it. |
||
The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument. |
||
Suspicious explicit type casting. Consider inspecting the expression. |
||
Conditional expressions of 'if' statements located next to each other are identical. |
||
Consider reviewing the source code that uses the container. |
||
The '?:' operator, regardless of its conditional expression, always returns the same value. |
||
Same value is present on both sides of the operator. The expression is incorrect or can be simplified. |
||
Attempt to release memory that stores the 'Foo' local variable. |
||
The 'Foo' function is called twice to deallocate the same resource. |
||
Expression of the 'A =+ B' kind is used. Possibly meant: 'A += B'. Consider inspecting the expression. |
||
Expression of the 'A =- B' kind is used. Possibly meant: 'A -= B'. Consider inspecting the expression. |
||
Possible excessive expression or typo. Consider inspecting the expression. |
||
Non-void function must return value. |
||
Expression 'A = B == C' is calculated as 'A = (B == C)'. Consider inspecting the expression. |
||
Pointer to array is out of array bounds. |
||
Pointer was used before its check for nullptr. Check lines: N1, N2. |
||
Object was created but is not used. Check for missing 'throw' keyword. |
||
Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data. |
||
Memory manipulation function is used to work with a class object containing a virtual table pointer. The result of such an operation may be unexpected. |
||
The virtual destructor is not present, although the 'Foo' class contains virtual functions. |
||
The 'Foo' pointer is always not equal to NULL. Consider inspecting the condition. |
||
Suspicious implicit type casting. |
||
The '<' operator should probably be replaced with '<<'. Consider inspecting this expression. |
||
Object was created but not used. If you wish to call constructor, use 'this->Foo::Foo(....)'. |
||
Number of iterations in loop equals size of a pointer. Consider inspecting the expression. |
||
Unsigned value is compared to the NN number. Consider inspecting the expression. |
||
Ownerless expression 'Foo'. |
||
Recurring sequence of explicit type casts. |
||
Possible division or mod by zero. |
||
Undefined behavior. Check the shift operator. |
||
Memory allocation and deallocation methods are incompatible. |
||
Unconditional 'break/continue/return/goto' within a loop. |
||
Suspicious pointer arithmetic with 'malloc/new'. |
||
Use of 'Foo' uninitialized variable. |
||
Suspicious explicit conversion from 'float *' type to 'double *' type. |
||
Use of 'Foo' named constant with 0 value in bitwise operation. |
||
Argument of the '|' bitwise operation always contains non-zero value. Consider inspecting the condition. |
||
Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str); |
||
Array is used as pointer to single object. |
||
Expression of sizeof(T)*N kind is summed up with pointer to T type. Consider inspecting the expression. |
||
Loop may execute incorrectly or may not execute at all. Consider inspecting the 'for' operator. |
||
First 'case' operator may be missing. Consider inspecting the 'switch' statement. |
||
Temporary object is created and then destroyed. Consider inspecting the '?:' operator. |
||
Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>. |
||
Initial and final values of the iterator are the same. Consider inspecting the 'for' operator. |
||
It's possible that ',' should be replaced by ';'. Consider checking for typos. |
||
Argument of sizeof() is a macro, which expands to a number. Consider inspecting the expression. |
||
It is possible that a line was commented out improperly, thus altering the program's operation logic. |
||
Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. Consider inspecting the expression. |
||
The 'malloc' function is used to allocate memory for an array of objects that are classes containing constructors/destructors. |
||
Defining absolute path to file or directory is considered a poor coding style. Consider inspecting the 'Foo' function call. |
||
Argument is of the 'T' type. Consider inspecting the NN argument of the 'Foo' function. |
||
The '!=' operator should probably be used here. Consider inspecting the expression. |
||
Priority of '+' operation is higher than priority of '<<' operation. Consider using parentheses in the expression. |
||
Length should be probably multiplied by sizeof(wchar_t). Consider inspecting the expression. |
||
Expression was implicitly cast from integer type to real type. Consider using an explicit type cast to avoid overflow or loss of a fractional part. |
||
Use of two opposite conditions. The second condition is always false. |
||
Terminal null is present inside a string. Use of '\0xNN' characters. Probably meant: '\xNN'. |
||
One of closing ')' parentheses is probably positioned incorrectly. Consider inspecting the expression for function call. |
||
Code's operational logic does not correspond with its formatting. |
||
Buffer size is not a multiple of element size. |
||
Function result is saved inside the 'byte' type variable. Significant bits may be lost. This may break the program's logic. |
||
Suspicious pointer arithmetic. Value of 'char' type is added to a string pointer. |
||
Suspicious function declaration. Consider creating a 'T' type object. |
||
Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold. |
||
The 'else' keyword may be missing. Consider inspecting the program's logic. |
||
Value of 'A' type is assigned to a pointer of 'B' type. |
||
Priority of '&&' operation is higher than priority of '||' operation. |
||
Two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless. |
||
Type casting is used 2 times in a row. The '+' operation is executed. Probably meant: (T1)((T2)a + b). |
||
Suspicious operation of 'sizeof(X)/sizeof(T)' kind, where 'X' is of the 'class' type. |
||
Operation is executed 3 or more times in a row. |
||
Suspicious string consisting of two parts is used for initialization. Comma may be missing. |
||
Condition of a loop is always true/false. |
||
Strings were concatenated but not used. Consider inspecting the expression. |
||
Variables are initialized through the call to the same function. It's probably an error or un-optimized code. |
||
Function always returns the same value of NN. Consider inspecting the function. |
||
Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly. |
||
Program contains an unused label and function call: 'CC:AA()'. Probably meant: 'CC::AA()'. |
||
Different containers are used to set up initial and final values of iterator. Consider inspecting the loop expression. |
||
Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression. |
||
Pointer is dereferenced on the initialization list before its check for null inside the body of a constructor function. |
||
Value may not correspond with the length of a string passed with YY argument. Consider inspecting the NNth argument of the 'Foo' function. |
||
The 'throw' operator does not have any arguments and is not located within the 'catch' block. |
||
Possible meaningless check for null, as memory was allocated using 'new' operator. Memory allocation will lead to an exception. |
||
Uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class. |
||
The 'swap' function may interchange a variable with itself. |
||
More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. |
||
Expression contains a suspicious mix of integer and real types. |
||
Incorrect comparison of BOOL type variable with TRUE. |
||
Object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function. |
||
The 'X' variable was not initialized. This variable is passed by reference to the 'Foo' function in which its value will be used. |
||
The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression. |
||
The language standard does not define order in which 'Foo' functions are called during evaluation of arguments. |
||
The 'i' variable should probably be incremented instead of the 'n' variable. Consider inspecting the loop expression. |
||
Value of variable is not modified. It is possible that '1' should be present instead of '0'. Consider inspecting the expression. |
||
The expression contains a comma. Consider inspecting the return statement. |
||
Pattern A || (A && ...) was detected. The expression is excessive or contains a logical error. |
||
Size of array calculated by sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]). |
||
Destructor of 'Foo' class is not declared as virtual. A smart pointer may not destroy an object correctly. |
||
Inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, use a string ending with a null terminator in the first place. |
||
It is possible that 'i < X.size()' should be used instead of 'X.size()'. Consider inspecting conditional expression of the loop. |
||
The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant. |
||
Range intersections are possible within conditional expressions. |
||
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. |
||
Number of elements in the allocated array equals the size of a pointer in bytes. |
||
Functions of strcmp() kind can return any values, not only -1, 0, or 1. |
||
It is possible that 'foo = bar == baz ? .... : ....' should be used here instead of 'foo = bar = baz ? .... : ....'. Consider inspecting the expression. |
||
It is suspicious that variable is initialized through itself. Consider inspecting the 'T foo = foo = x;' expression. |
||
Possible realloc() leak: when realloc() fails to allocate memory, original pointer is lost. Consider assigning realloc() to a temporary pointer. |
||
Classes should always be derived from std::exception (and alike) as 'public'. |
||
The expression is always false on newer compilers. Avoid using 'this == 0' comparison. |
||
It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. |
||
Suspicious division: sizeof(X) / Value. Size of every element in X array is not equal to divisor. |
||
Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior. |
||
Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'. |
||
Compiler may optimize out this loop or make it infinite. Use volatile variable(s) or synchronization primitives to avoid this. |
||
Pointer was used in the logical expression before its check for nullptr in the same logical expression. |
||
Variable is not passed into foreach loop by reference, but its value is changed inside of the loop. |
||
The 'while' operator has empty body. This pattern is suspicious. |
||
Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT). |
||
It is suspicious to cast object of base class V to derived class U. |
||
The 'SuspendThread' function is usually used when developing a debugger. See documentation for details. |
||
The VARIANT_BOOL type is used incorrectly. The true value (VARIANT_TRUE) is defined as -1. |
||
Abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Function returns a pointer to the internal string buffer of a local object, which will be destroyed. |
||
Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'. |
||
Dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type. |
||
Attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function. |
||
Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'. |
||
Excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'. |
||
Not all members of a class are initialized inside the constructor. |
||
The variable of char type is compared with pointer to string. |
||
Unary minus operator does not modify a bool type value. |
||
It is possible that macro expansion resulted in incorrect evaluation order. |
||
The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array. |
||
It is possible that ',' comma is missing at the end of the string. |
||
Temporary anonymous object is used. |
||
EOF should not be compared with a value of the 'char' type. Consider using the 'int' type. |
||
Use of the throw (a, b); pattern. It is possible that type name was omitted: throw MyException(a, b);. |
||
Function receives an address of a 'char' type variable instead of pointer to a buffer. |
||
The memory areas must not overlap. Use 'memmove' function. |
||
Temporary object is immediately destroyed after being created. Consider naming the object. |
||
A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string. |
||
Suspicious expression inside parentheses. A function name may be missing. |
||
Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function. |
||
Destructor of the object will be invoked a second time after leaving the object's scope. |
||
Creating an object with placement new requires a buffer of large size. |
||
The '&=' operation always sets a value of 'Foo' variable to zero. |
||
Copying from potentially tainted data source. Buffer overflow is possible. |
||
It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'. |
||
Reference was invalidated because of destruction of the temporary object returned by the function. |
||
Violated order of exception handlers. Exception caught by handler for base class. |
||
Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class. |
||
Possible incorrect order of arguments passed to function. |
||
Compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error. |
||
An item with the same key has already been added. |
||
Variable is of enum type. It is suspicious that it is used as a variable of a Boolean-type. |
||
The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used. |
||
Possible use of left shift operator instead of comparison operator. |
||
Calling the 'delete' operator for a void pointer will cause undefined behavior. |
||
Function exited without releasing the pointer/handle. A memory/resource leak is possible. |
||
Pointer was used after the memory was released. |
||
It is suspicious that the BSTR data type is compared using a relational operator. |
||
Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations. |
||
Dangerous widening type conversion from an array of derived-class objects to a base-class pointer. |
||
Two similar code fragments. Perhaps, it is a typo and 'X' variable should be used instead of 'Y'. |
||
Unreachable code was detected. It is possible that an error is present. |
||
Value of a variable is checked after it is used. Possible error in program's logic. Check lines: N1, N2. |
||
It is pointless to compute the distance between the elements of different arrays. |
||
Possible dereference of invalid iterator 'X'. |
||
The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits. |
||
Constant expression in switch statement. |
||
Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B]. |
||
Review captured variable in lambda expression. |
||
Iterators for the container, used in the range-based for loop, become invalid upon a function call. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. |
||
It is suspicious that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else. |
||
The assignment operator should be protected from the case of 'this == &src'. |
||
A 'break' statement is probably missing in a 'switch' statement. |
||
The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos. |
||
The size of the dynamic array can be less than the number of elements in the initializer. |
||
Variable is assigned but not used by the end of the function. |
||
Class that contains pointers, constructor and destructor is copied by the automatically generated operator= or copy constructor. |
||
Pointer was used unsafely after its check for nullptr. |
||
The resource was acquired using 'X' function but was released using incompatible 'Y' function. |
||
Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur. |
||
Value from the uninitialized optional is used. It may be an error. |
||
No more than one iteration of the loop will be performed. Consider inspecting the 'for' operator. |
||
Check the array initialization. Only the first element is initialized explicitly. |
||
Unchecked tainted data is used in expression. |
||
Function execution could be deferred. Consider specifying execution policy explicitly. |
||
The expression is always false. Overflow check is incorrect. |
||
Suspicious subexpression in a sequence of similar comparisons. |
||
Structures with members of real type are compared byte-wise. |
||
Suspicious simultaneous use of bitwise and logical operators. |
||
The value is out of range of enum values. This causes unspecified or undefined behavior. |
||
Variable of the 'string_view' type references a temporary object, which will be removed after evaluation of an expression. |
||
Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked. |
||
Compound assignment expression is used inside condition. |
||
Function exited without performing epilogue actions. It is possible that there is an error. |
||
The variable is assigned the same value on several loop iterations. |
||
Exception was thrown by pointer. Consider throwing it by value instead. |
||
A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception. |
||
Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading. |
||
New variable with default value is created instead of 'std::unique_lock' that locks on the mutex. |
||
The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. |
||
Pointer to an object of the class is cast to unrelated class. |
||
Possible overflow. Consider casting operands, not the result. |
||
Numeric Truncation Error. Return value of function is written to N-bit variable. |
||
Pointer is cast to a more strictly aligned pointer type. |
||
Do not use real-type variables as loop counters. |
||
Potentially unsafe double-checked locking. |
||
Two or more case-branches perform the same actions. |
||
It is suspicious that a char or string literal is added to a pointer. |
||
Class member is initialized with dangling reference. |
||
This file is marked with copyleft license, which requires you to open the derived source code. |
||
Loop break conditions do not depend on the number of iterations. |
||
The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block. |
||
Unsafe usage of the 'bool' and integer types together in the operation '&='. |
||
Lifetime of the lambda is greater than lifetime of the local variable captured by reference. |
||
Variable 'foo' was assigned the same value. |
||
Uninitialized class member is used when initializing the base class. |
||
It is possible that an assigned variable should be checked in the next condition. Consider checking for typos. |
||
The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function. |
||
Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time. |
||
Nonsensical comparison of two different functions' addresses. |
||
Class defines a custom new or delete operator. The opposite operator must also be defined. |
||
The modulo by 1 operation is meaningless. The result will always be zero. |
||
The left operand of integer division is less than the right one. The result will always be zero. |
||
Expression can be simplified: check similar operands. |
||
The 'SysFreeString' function should be called only for objects of the 'BSTR' type. |
||
Throwing from exception constructor may lead to unexpected behavior. |
||
Signed value is converted to an unsigned one with subsequent expansion to a larger type in ternary operator. |
||
Buffer needs to be securely cleared on all execution paths. |
||
Check the following code block after the 'if' statement. Consider checking for typos. |
||
Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor. |
||
Constructor contains potentially uninitialized members. |
||
Call of 'std::is_constant_evaluated' function always returns the same value. |
||
Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior. |
||
Signed integer overflow in arithmetic expression. This leads to undefined behavior. |
||
The expression is always true/false. The value is out of range of enum values. |
||
Negative value is implicitly converted to unsigned integer type in arithmetic expression. |
||
Call of the 'Foo' function will lead to buffer underflow. |
||
Upper bound of case range is less than its lower bound. This case may be unreachable. |
||
No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues. |
||
Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake-up. |
||
The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'. |
||
The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior. |
||
Usage of potentially invalid handle. The value should be non-negative. |
||
The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion. |
||
Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior. |
||
Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection. |
||
Changing the default argument of a virtual function parameter in a derived class may result in unexpected behavior. |
||
The values of padding bytes are unspecified. Comparing objects with padding using 'memcmp' may lead to unexpected result. |
||
Priority of the 'M' operator is higher than that of the 'N' operator. Possible missing parentheses. |
||
Qt. Class inherited from 'QObject' should contain at least one constructor that takes a pointer to 'QObject'. |
||
Function is deprecated. Consider switching to an equivalent newer function. |
||
Constructor of a class inherited from 'QObject' does not use a pointer to a parent object. |
||
The index was used without check after it was checked in previous lines. |
||
Comparing expressions with different signedness can lead to unexpected results. |
||
Suspicious use of 'dynamic_cast' when working with COM interfaces. Consider using the 'QueryInterface' member function. |
||
Consider using the extended version of the 'foo' function here. |
||
Consider using the 'Ptr' version of the 'foo' function here. |
||
Explicit conversion from 'float/double' type to signed integer type. |
||
Explicit conversion from 'float/double' type to unsigned integer type. |
||
This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. |
||
Cyclomatic complexity: NN. Consider refactoring the 'Foo' function. |
||
Consider inspecting the correctness of handling the N argument in the 'Foo' function. |
||
Consider inspecting the function call. The function was annotated as dangerous. |
||
Using assertions may cause the abnormal program termination in undesirable contexts. |
||
MISRA. The function with the 'abort/exit/getenv/system' name should not be used. |
||
MISRA. The function with the 'qsort/bsearch' name should not be used. |
||
MISRA. Memory allocation and deallocation functions should not be used. |
||
MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used. |
||
MISRA. Unbounded functions performing string operations should not be used. |
||
MISRA. The standard signal handling functions should not be used. |
||
MISRA. The standard input/output functions should not be used. |
||
OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword. |
||
OWASP. An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. |
||
OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly. |
||
OWASP. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. |
||
OWASP. Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable. |
||
OWASP. Classes should always be derived from std::exception (and alike) as 'public'. |
||
OWASP. Unchecked tainted data is used in expression. |
||
OWASP. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. |
||
OWASP. Possible overflow. Consider casting operands, not the result. |
||
OWASP. Potentially unsafe double-checked locking. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
C# warnings
Error Code |
Error Description |
Mapping |
---|---|---|
There are identical sub-expressions to the left and to the right of the 'foo' operator. |
||
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
The object was created but it is not being used. The 'throw' keyword could be missing. |
||
Odd semicolon ';' after 'if/for/while' operator. |
||
The 'x' variable is assigned values twice successively. Perhaps this is a mistake. |
||
It's odd that this method always returns one and the same value of NN. |
||
The return value of function 'Foo' is required to be utilized. |
||
Two opposite conditions were encountered. The second condition is always false. |
||
The '?:' operator, regardless of its conditional expression, always returns one and the same value. |
||
It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'. |
||
It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'. |
||
The variable 'X' is being used for this loop and for the outer loop. |
||
Consider inspecting the application's logic. It's possible that 'else' keyword is missing. |
||
It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword. |
||
An unconditional 'break/continue/return/goto' within a loop. |
||
There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. |
||
Expression is always true/false. |
||
Consider inspecting this expression. The expression is excessive or contains a misprint. |
||
An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon. |
||
Incorrect format. Consider checking the N format items of the 'Foo' function. |
||
The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant. |
||
The variable was utilized in the logical expression before it was verified against null in the same logical expression. |
||
Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. |
||
Recurring check. This condition was already verified in previous line. |
||
Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this. |
||
It is possible that this 'else' branch must apply to the previous 'if' statement. |
||
Consider inspecting the expression. Probably the '!=' should be used here. |
||
Consider inspecting the expression. Probably the '+=' should be used here. |
||
Consider inspecting the expression. Probably the '-=' should be used here. |
||
The argument was passed to method several times. It is possible that another argument should be passed instead. |
||
Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style. |
||
The expression contains a suspicious mix of integer and real types. |
||
The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. |
||
Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object. |
||
The code's operational logic does not correspond with its formatting. |
||
An excessive type cast or check. The object is already of the same type. |
||
The original exception object was swallowed. Stack of original exception could be lost. |
||
Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. |
||
Suspicious assignment inside the condition expression of 'if/while/for' operator. |
||
Consider reviewing the correctness of 'X' item's usage. |
||
Function receives an odd argument. |
||
An item with the same key has already been added. |
||
A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'. |
||
A part of conditional expression is always true/false if it is evaluated. |
||
Division or mod division by zero. |
||
Possible incorrect order of arguments passed to method. |
||
It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. |
||
It's possible that the line was commented out improperly, thus altering the program's operation logics. |
||
Uninitialized variables are used when initializing the 'A' variable. |
||
Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead. |
||
The 'ThreadStatic' attribute is applied to a non-static 'A' field and will be ignored. |
||
Possible null dereference. |
||
The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing. |
||
Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. |
||
Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads. |
||
Unsafe locking on an object. |
||
Range intersections are possible within conditional expressions. |
||
The operator evaluates both operands. Perhaps a short-circuit operator should be used instead. |
||
The object was used before it was verified against null. Check lines: N1, N2. |
||
The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. |
||
Not all the members of type are serialized inside 'GetObjectData' method. |
||
NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime. |
||
The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible. |
||
Possibly index is out of bound. |
||
It is not recommended to return null or throw exceptions from 'ToString()' method. |
||
Possible infinite recursion. |
||
An abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator. |
||
IDisposable object is not disposed before method returns. |
||
It is not recommended to throw exceptions from 'Equals(object obj)' method. |
||
Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all. |
||
Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations. |
||
Uppercase (lowercase) string is compared with a different lowercase (uppercase) string. |
||
Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part. |
||
The object was used after it was verified against null. Check lines: N1, N2. |
||
Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. |
||
The field (property) is used before it is initialized in constructor. |
||
The expression is checked for compatibility with the type 'A', but is casted to the 'B' type. |
||
A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'. |
||
Postfix increment/decrement is senseless because this variable is overwritten. |
||
Shift by N bits is greater than the size of type. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
Constant expression in switch statement. |
||
The variable is assigned but is not used by the end of the function. |
||
Unreachable code detected. It is possible that an error is present. |
||
Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed. |
||
Possible null dereference. A method can return default null value. |
||
Non-atomic modification of volatile variable. |
||
Casting potential 'null' value to a value type can lead to NullReferenceException. |
||
Dereferencing the result of 'as' operator can lead to NullReferenceException. |
||
Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2. |
||
Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2. |
||
Dereferencing the result of null-conditional access operator can lead to NullReferenceException. |
||
The 'a % b' expression always evaluates to 0. |
||
The expression is incorrect or it can be simplified. |
||
The argument of the method is not expected to be null. |
||
Suspicious division. Absolute value of the left operand is less than the right operand. |
||
Suspicious division. Absolute values of both operands are equal. |
||
Modified value of the operand is not used after the increment/decrement operation. |
||
Argument of incorrect type is passed to the 'Enum.HasFlag' method. |
||
Comparing value type variables with 'ReferenceEquals' is incorrect because compared values will be boxed. |
||
An exception handling block does not contain any code. |
||
Exception classes should be publicly accessible. |
||
The expression of the 'char' type is passed as an argument of the 'A' type whereas similar overload with the string parameter exists. |
||
Calling the 'SingleOrDefault' method may lead to 'InvalidOperationException'. |
||
Parameter of 'CancellationToken' type is not used inside function's body. |
||
Awaiting on expression with potential null value can lead to throwing of 'NullReferenceException'. |
||
Both operands of the '??' operator are identical. |
||
Potentially negative value is used as the size of an array. |
||
The 'if/if-else/for/while/foreach' statement and code block after it are not related. Inspect the program's logic. |
||
Suspicious subexpression in a sequence of similar comparisons. |
||
Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread. |
||
The '&=' or '|=' operator is redundant because the right operand is always true/false. |
||
Logical literal belongs to second operator with a higher priority. It is possible literal was intended to belong to '??' operator instead. |
||
Calling method or accessing property of potentially disposed object may result in exception. |
||
Calling element access method for potentially empty collection may result in exception. |
||
The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument. |
||
The result of '&' operator is '0' because one of the operands is '0'. |
||
The result of '&' operator is always '0'. |
||
Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement. |
||
The argument's value is greater than the size of the collection. Passing the value into the 'Foo' method will result in an exception. |
||
An argument containing a file path could be mixed up with another argument. The other function parameter expects a file path instead. |
||
The arguments violate the bounds of collection. Passing these values into the method will result in an exception. |
||
Concurrent modification of a variable may lead to errors. |
||
Type member is used in the 'GetHashCode' method but is missing from the 'Equals' method. |
||
Data processing results are potentially used before asynchronous output reading is complete. Consider calling 'WaitForExit' overload with no arguments before using the data. |
||
Calling 'OfType' for collection will return an empty collection. It is not possible to cast collection elements to the type parameter. |
||
Collection initializer implicitly calls 'Add' method. Using it on member with default value of null will result in null dereference exception. |
||
The compared value inside the 'Object.Equals' override is converted to a different type that does not contain the override. |
||
The variable is assigned the same value that it already holds. |
||
The index from end operator is used with the value that is less than or equal to zero. Collection index will be out of bounds. |
||
Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
Unreachable code detected. The 'case' value is out of the range of the match expression. |
||
The expression is always false due to implicit type conversion. Overflow check is incorrect. |
||
Unity Engine. Boxing inside a frequently called method may decrease performance. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. The original exception object was swallowed. Stack of original exception could be lost. |
||
OWASP. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. |
||
OWASP. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. |
||
OWASP. An exception handling block does not contain any code. |
||
OWASP. Exception classes should be publicly accessible. |
||
OWASP. Possible SQL injection. Potentially tainted data is used to create SQL command. |
||
OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path. |
||
OWASP. Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script. |
||
OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization. |
||
OWASP. Do not use old versions of SSL/TLS protocols as it may cause security issues. |
||
OWASP. Use of outdated cryptographic algorithm is not recommended. |
||
OWASP. Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data. |
||
OWASP. Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data. |
||
OWASP. Possible command injection. Potentially tainted data is used to create OS command. |
||
OWASP. Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time. |
||
OWASP. Possible server-side request forgery. Potentially tainted data is used in the URL. |
||
OWASP. Possible log injection. Potentially tainted data is written into logs. |
||
OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter. |
||
OWASP. Error message contains potentially sensitive data that may be exposed. |
||
OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression. |
||
OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL. |
||
OWASP. Use of potentially tainted data in configuration may lead to security issues. |
||
OWASP. Referenced package contains vulnerability. |
||
OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern. |
||
OWASP. Possible NoSQL injection. Potentially tainted data is used to create query. |
||
OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file. |
Java warnings
Error Code |
Error Description |
Mapping |
---|---|---|
OWASP. An exception handling block does not contain any code. |
||
OWASP. Exception classes should be publicly accessible. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. Unsafe double-checked locking. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
||
OWASP. The original exception object was swallowed. Cause of original exception could be lost. |
||
OWASP. Potentially predictable seed is used in pseudo-random number generator. |
||
OWASP. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
There are identical sub-expressions to the left and to the right of the 'foo' operator. |
||
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
The object was created but it is not being used. The 'throw' keyword could be missing. |
||
Expression is always true/false. |
||
Potential null dereference. |
||
Function receives an odd argument. |
||
The return value of function 'Foo' is required to be utilized. |
||
The expression contains a suspicious mix of integer and real types. |
||
The '?:' operator, regardless of its conditional expression, always returns one and the same value. |
||
Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended. |
||
It's odd that this method always returns one and the same value of NN. |
||
Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here. |
||
Constant expression in switch statement. |
||
Unreachable code detected. It is possible that an error is present. |
||
Division or mod division by zero. |
||
The value is assigned to the 'x' variable but is not used. |
||
The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. |
||
Possibly index is out of bound. |
||
Possible incorrect order of arguments passed to method. |
||
The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. |
||
The variable 'X' is being used for this loop and for the outer loop. |
||
An item with the same key has already been added. |
||
Shift by N bits is inconsistent with the size of type. |
||
The value from the uninitialized optional is used. |
||
An unconditional 'break/continue/return/goto' within a loop. |
||
Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead. |
||
There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. |
||
The code's operational logic does not correspond with its formatting. |
||
Suspicious assignment inside the conditional expression of 'if/while/do...while' statement. |
||
The expression is checked for compatibility with type 'A', but is cast to type 'B'. |
||
Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. |
||
Postfix increment/decrement is senseless because this variable is overwritten. |
||
Incorrect format. Consider checking the N format items of the 'Foo' function. |
||
It is possible that this 'else' branch must apply to the previous 'if' statement. |
||
This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. |
||
Class initialization cycle is present. |
||
Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions. |
||
Classes should not be compared by their name. |
||
Consider inspecting this expression. The expression is excessive or contains a misprint. |
||
Comparing objects of incompatible types. |
||
Odd use of special character in regular expression. Possibly, it was intended to be escaped. |
||
The reference was used before it was verified against null. |
||
The used constant value is represented by an octal form. |
||
Possible infinite recursion. |
||
Odd semicolon ';' after 'if/for/while' operator. |
||
Suspicious invocation of Thread.run(). |
||
Two or more case-branches perform the same actions. |
||
Unsafe synchronization on an object. |
||
Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. |
||
It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods. |
||
Non-atomic modification of volatile variable. |
||
The signature of method 'X' does not conform to serialization requirements. |
||
A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead. |
||
Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2. |
||
Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition. |
||
Unsafe double-checked locking. |
||
An abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Suspicious code formatting. 'else' keyword is probably missing. |
||
It's possible that the line was commented out improperly, thus altering the program's operation logics. |
||
Field 'A' is being used before it was initialized. |
||
Automatic unboxing of a variable may cause NullPointerException. |
||
The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. |
||
Thread.sleep() inside synchronized block/method may cause decreased performance. |
||
An odd precise comparison. Consider using a comparison with defined precision: Math.abs(A - B) < Epsilon or Math.abs(A - B) > Epsilon. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method. |
||
compareTo()-like methods can return not only the values -1, 0 and 1, but any values. |
||
Inconsistent synchronization of a field. Consider synchronizing the field on all usages. |
||
Ignored InterruptedException could lead to delayed thread shutdown. |
||
Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator. |
||
Casting expression to 'X' type before implicitly casting it to other type may be excessive or incorrect. |
||
The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant. |
||
Do not use real-type variables in 'for' loop counters. |
||
Potentially predictable seed is used in pseudo-random number generator. |
||
Potentially negative value is used as the size of an array. |
||
Suspicious division. Absolute value of the left operand is less than the value of the right operand. |
||
The 'A' class containing Closeable members does not release the resources that the field is holding. |
||
Not all Closeable members are released inside the 'close' method. |
||
Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
The original exception object was swallowed. Cause of original exception could be lost. |
||
The result of '&' operator is always '0'. |
||
The result of the '&' operator is '0' because one of the operands is '0'. |
||
Modified value of the operand is not used after the increment/decrement operation. |
||
Converting an integer literal to the type with a smaller value range will result in overflow. |