cppcheck / Discussion / General Discussion: id objectIndex is listed and reported with different severities

With CPPCheck version 2.6:
In the output of the --errorlist option, objectIndex is reported with severity "error" but when actually generated during a check run it is generated with severity "warning". I think the latter is more appropriate.

cppcheck --errorlist | grep objectInd
        <error id="objectIndex" severity="error" msg="The address of local variable &apos;&apos; is accessed at non-zero index." verbose="The address of local variable &apos;&apos; is accessed at non-zero index." cwe="758"/>

when in the results of a code check:

       <error cwe="758" 
            file0="..." 
            id="objectIndex" 
            msg="The address of local variable 'aRef' might be accessed at non-zero index." 
            severity="warning" 
            verbose="The address of local variable 'aRef' might be accessed at non-zero index.">
            <location column="31" file="..." info="" line="103"/>
            <location column="25" file="..." info="Address of variable taken here." line="103"/>
        </error>

Can the errorlist output be corrected please?

Last edit: david ingamells 2022-02-10

How did you obtain the xml result?
With just cppcheck I get (using head):

test.cpp:4:10: error: The address of local variable 'i' is accessed at non-zero index. [objectIndex]
 return p[1];
         ^
test.cpp:3:9: note: Address of variable taken here.
 int* p=&i;
        ^
test.cpp:4:10: note: The address of local variable 'i' is accessed at non-zero index.
 return p[1];
         ^

Adding --xml:

<?xml version="1.0" encoding="UTF-8"?>
<results version="2">
    <cppcheck version="2.7"/>
    <errors>
Checking test.cpp ...
        <error id="objectIndex" severity="error" msg="The address of local variable &apos;i&apos; is accessed at non-zero index." verbose="The address of local variable &apos;i&apos; is accessed at non-zero index." cwe="758" file0="test.cpp">
            <location file="test.cpp" line="4" column="10"/>
            <location file="test.cpp" line="3" column="9" info="Address of variable taken here."/>
        </error>
    </errors>
</results>

Both match the --errorlist output.

Daniel Marjamäki - 2022-02-13

The severity often depends on the certainty.

In your (david) case the message says that the object "might" be accessed at non-zero index.

In "chr" case the message says that the object "is" accessed at non-zero index.

That wording tells me that the severity should be a bit different. A "error" should only be reported when there "is" an actual bug every time the line of code that we warn about is executed.

Last edit: Daniel Marjamäki 2022-02-13

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Daniel Marjamäki - 2022-02-13
  
  For information here is the Cppcheck source code that reports these error messages:
  
  void CheckBufferOverrun::objectIndexError(const Token *tok, const ValueFlow::Value *v, bool known) { ErrorPath errorPath; std::string name; if (v) { name = v->tokvalue->variable()->name(); errorPath = v->errorPath; } errorPath.emplace_back(tok, ""); std::string verb = known ? "is" : "might be"; reportError(errorPath, known ? Severity::error : Severity::warning, "objectIndex", "The address of local variable '" + name + "' " + verb + " accessed at non-zero index.", CWE758, Certainty::normal); }
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

david ingamells - 2022-02-14

Regarding how I used:

--xml Write results in xml format to error stream (stderr).

Regarding the severity, it is a surprise to me that an error Id can get 2 different severities, contrary to what the --errorlist says/implies. I have just implemented a filter that uses the--errorlist output's severities to determine how to treat each error id.
Oh well, back to the drawing board.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

david ingamells - 2022-02-14

A request:
Would it be possible to extend the output of --errorlist to list all the possible severities for each error id? That would make my work much easier. As it is now, apart from scouring through the source code of cppcheck, I don't see how I can know which severities are possible for each error id, or which error texts (e..g "might be" vs "is") can be produced.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Daniel Marjamäki - 2022-02-14
  
  that would also be difficult for us I am afraid. but I would assume that most "error" messages can also be reported as "warning". but other severities "style", "performance", "portability", "information" should not be used as far as I know.
  
  As far as I know a "warning", "style", "performance", "portability", "information" message will only be reported with that severity. I don't know off-the-top-of-my-head why a "warning" would sometimes be reported as "style" for instance.
  
  Last edit: Daniel Marjamäki 2022-02-14
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

id objectIndex is listed and reported with different severities

Static source code analysis tool for C and C++ code

Forums

Help

id objectIndex is listed and reported with different severities

id objectIndex is listed and reported with different severities

Static source code analysis tool for C and C++ code

Forums

Help

id objectIndex is listed and reported with different severities document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

id objectIndex is listed and reported with different severities