Should cppcheck find these bugs?

[Chris Frey]

I'm using a simple test of broken code, like the following, and testing various static check tools. So far, I'm getting poor results.

Is there a way to make cppcheck report more?

class Foo
{
public:
    char *buf;

    void setbuf(char *b)
    {
        buf = b;
        for( char c = 0; c < 255; c++ )
            buf[c] = c;
    }
};

int main()
{
    Foo f;
    char buffer[10];
    f.setbuf(buffer);
    return 0;
}

I get no warnings at all when I run cppcheck against this code.

Thoughts?

Thanks,
- Chris

[Daniel Marjamäki]

That should clearly be detected. I created ticket https://trac.cppcheck.net/ticket/10064

I'm using a simple test of broken code, like the following

It would be very interesting to get your test suite. Hope it will be available someday.

[Chris Frey]

I actually don't have a test suite. I'm pretty new to static C++ analysis tools, so I just cooked up the most broken code I could think of, and then went on a hunt for the first tool that complained.

And was surprised that only Gimpel's PCLint online demo complained so far. :-)

GCC with -Wall -Wextra -Werror finds the "char c < 255 is always true" bug, but not the buffer overflow.

Flawfinder kinda just complains about the char buf[10] itself, and doesn't delve any deeper. Which I assume will be a false positive in a lot of code.

Oink (after bending into a pretzel trying to get it to compile) doesn't complain.

And cppcheck didn't complain in either version 1.86 or 2.3, even with --enable=all.

That's all I've checked so far.
- Chris