Menu

CWE 762 not detected when using "unknown" macro

General Discussion
Sonni
2021-02-03
2024-08-01

  • Sonni

    Sonni - 2021-02-03

    Hi,
    In a large project I have a macro which CppCheck 2.3 does not know about. The result of this is that CppCheck in this case does not detect a CWE 762 “Mismatching allocation and deallocation” error.

    Below sample code can reproduce the error. When CWE_762 is undefined no 762 error is reported.
    If I include the #define or remove the “CWE_762("test");” the error is detected correctly.

    //#define CWE_762(t)

class cwe762test {
public:
   cwe762test() {
      buffer_ = new char[100];
      CWE_762("test");
   }

   cwe762test(const cwe762test&) = delete;
   cwe762test& operator=(const cwe762test&) = delete;

   ~cwe762test() {
      delete buffer_; // CWE: 762 Mismatching allocation and deallocation: cwe762test::buffer_
   }

   char* buffer_ = nullptr;
};

    This must be a bug?

     

  • Daniel Marjamäki

    Daniel Marjamäki - 2021-02-03

    Thanks! It seems that Cppcheck bails out, I am not sure if there is some good reasons for that or not. I created ticket https://trac.cppcheck.net/ticket/10164, I think it would be good to investigate this.

     

  • Dzid

    Dzid - 2024-07-26

    The worst part for me is that if run the check with --suppress=unknownMacro I don't get any indication that there are any errors (not just CWE 762).

    Examples of underreported errors:
    [constVariablePointer]
    [misra-c2012-17.3]
    [resp_len]
    [misra-c2012-17.3]
    [misra-config]
    [unusedFunction]

     

    Last edit: Dzid 2024-07-26

    • Daniel Marjamäki

      Daniel Marjamäki - 2024-08-01

      that is desired behaviour by some users.
      if you use option --safety cppcheck should not allow suppressing critical errors.

       
      👍
      1

  • CHR

    CHR - 2024-07-26

    Suppressing critical errors like unknownMacro or syntxError is not a good idea. Those errors should be addressed by e.g. using a library, passing defiinitions (-U, -D), or making the corresponding header files available to cppcheck.

     

    • Dzid

      Dzid - 2024-07-26

      It's unrelated to this issue. But, I am relying on --force to define my macro configuration. (I am using --force so that I can perform "whole project" analysis on all configurations for the unusedFunctionscheck and system level misra checks. )

      But with --force -D__GNUC__=9the analysis start by checking an empty macro configuration first: 

      Checking main.c: __GNUC__=9;...    ///this causes issue
Checking main.c: __GNUC__=9;STM32F4;STM32F413xx...
Checking main.c: __GNUC__=9;STM32H723...
Checking main.c: __GNUC__=9;STM32H7;STM32H725xx...

      That causes some of the macro definitions to not be included in that step. And that is why I had unknownMacro suppression in the first place. - I thought it was benign to suppress it, because only one unknown macro was reported. Now I noticed there are more macros and more other issues underreported.

      In general, I would prefer to use --project which would alleviate undefined macros problem that I have with --force. But --project option doesn't work correctly with misra addon - it only checks the last configuration. Here are some testcases showcasing that issue https://github.com/danmar/cppcheck/pull/6551

       

      Last edit: Dzid 2024-07-27

Log in to post a comment.