cppcheck / Discussion / Development: cppcheck does not detect simple bugs

Version: 1.90

Platform: Ubuntu 18.04

Test Code:

#include <stdio.h>


int main()

{
       int x;

       int y[100];

       short z;

       scanf("%d",&x); 

       x *= 100;   // potential integer overflow

       z = x;           // int > short. obvious typecasting error

       y[x] = 1;     //potential out of bound

       y[z] = 1;             //potential out of bound 

        printf("%d %d",x,z);

       return 0;

}

Result:
No bugs were reported by cppcheck even with --enable=all and/or --inconclusive.

Question:
Is there any way I could increase the aggressiveness of cppcheck so that it would detect these bugs?

Thanks!

Daniel Marjamäki - 2020-01-15

Cppcheck-1.90 does not speculate about user input like that. If it doesn't have any idea what the value is then it doesn't assume anything.

In the next Cppcheck release I want to add a new analysis mode that will be "sound" - it will detect all bugs. With that analysis the bugs in your code could be detected. However I will only add checks for "Division by zero" and "uninitialized variables" in the first release. I think "overflows" will be added next.. I don't promise anything but I'd think that will be added in the middle of 2020.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2020-01-15

If you want to.. feel free to write some test cases for "division by zero" so we can ensure these will be detected.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Jizhou Chen - 2020-01-15
  
  Thank you Daniel! Here is a test case for division by zero I made. You may add more variable types, such as unsigned type, as needed.
  
  int main() { int a; long b; float c; double d; scanf("%d%ld%f%lf", &a, &b, &c, &d); a /= 0; b /= 0; c /= 0; d /= 0; return 0; }
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Those are detected already:

$ ~/cppcheck/cppcheck --bug-hunting divbyzero.c 
Checking divbyzero.c ...
divbyzero.c:10:5: error: There is division, cannot determine that there can't be a division by zero. [verificationDivByZero]
  a /= 0;
    ^
divbyzero.c:11:5: error: There is division, cannot determine that there can't be a division by zero. [verificationDivByZero]
  b /= 0;
    ^
divbyzero.c:12:5: error: There is division, cannot determine that there can't be a division by zero. [verificationDivByZero]
  c /= 0;
    ^
divbyzero.c:13:5: error: There is division, cannot determine that there can't be a division by zero. [verificationDivByZero]
  d /= 0;
    ^

cppcheck does not detect simple bugs

Static source code analysis tool for C and C++ code

Forums

Help

cppcheck does not detect simple bugs

cppcheck does not detect simple bugs

Static source code analysis tool for C and C++ code

Forums

Help

cppcheck does not detect simple bugs document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

cppcheck does not detect simple bugs