1f4a2713aSLionel Sambuc<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2f4a2713aSLionel Sambuc "http://www.w3.org/TR/html4/strict.dtd"> 3f4a2713aSLionel Sambuc<html> 4f4a2713aSLionel Sambuc<head> 5*0a6a1f1dSLionel Sambuc <title>Available Checkers</title> 6f4a2713aSLionel Sambuc <link type="text/css" rel="stylesheet" href="menu.css"> 7f4a2713aSLionel Sambuc <link type="text/css" rel="stylesheet" href="content.css"> 8f4a2713aSLionel Sambuc <script type="text/javascript" src="scripts/menu.js"></script> 9*0a6a1f1dSLionel Sambuc <script type="text/javascript" src="scripts/expandcollapse.js"></script> 10f4a2713aSLionel Sambuc <style type="text/css"> 11f4a2713aSLionel Sambuc tr:first-child { width:20%; } 12f4a2713aSLionel Sambuc </style> 13f4a2713aSLionel Sambuc</head> 14*0a6a1f1dSLionel Sambuc<body onload="initExpandCollapse()"> 15f4a2713aSLionel Sambuc 16f4a2713aSLionel Sambuc<div id="page"> 17f4a2713aSLionel Sambuc<!--#include virtual="menu.html.incl"--> 18f4a2713aSLionel Sambuc 19f4a2713aSLionel Sambuc<div id="content"> 20*0a6a1f1dSLionel Sambuc<h1>Available Checkers</h1> 21*0a6a1f1dSLionel SambucThe analyzer performs checks that are categorized into families or "checkers". The 22*0a6a1f1dSLionel Sambucdefault set of checkers covers a variety of checks targeted at finding security 23*0a6a1f1dSLionel Sambucand API usage bugs, dead code, and other logic errors. See the 24*0a6a1f1dSLionel Sambuc<a href = "#default_checkers">Default Checkers</a> list below. In addition to 25*0a6a1f1dSLionel Sambucthese, the analyzer contains a number of <a href = "alpha_checks.html"> 26*0a6a1f1dSLionel SambucExperimental (Alpha) Checkers</a>. 27f4a2713aSLionel Sambuc 28f4a2713aSLionel Sambuc<h3>Writeups with examples of some of the bugs that the analyzer finds</h3> 29f4a2713aSLionel Sambuc<ul> 30f4a2713aSLionel Sambuc<li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li> 31f4a2713aSLionel Sambuc<li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li> 32f4a2713aSLionel Sambuc<li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> 33f4a2713aSLionel Sambuc<li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> 34f4a2713aSLionel Sambuc</ul> 35f4a2713aSLionel Sambuc 36*0a6a1f1dSLionel Sambuc<h2 id="default_checkers">Default Checkers</h2> 37*0a6a1f1dSLionel Sambuc<ul> 38*0a6a1f1dSLionel Sambuc<li><a href="#core_checkers">Core Checkers</a> model core language features and perform general-purpose checks such as division by zero, null pointer dereference, usage of uninitialized values, etc.</li> 39*0a6a1f1dSLionel Sambuc<li><a href="#cplusplus_checkers">C++ Checkers</a> perform C++-specific checks</li> 40*0a6a1f1dSLionel Sambuc<li><a href="#deadcode_checkers">Dead Code Checkers</a> check for unused code</li> 41*0a6a1f1dSLionel Sambuc<li><a href="#osx_checkers">OS X Checkers</a> perform Objective-C-specific checks and check the use of Apple's SDKs (OS X and iOS)</li> 42*0a6a1f1dSLionel Sambuc<li><a href="#security_checkers">Security Checkers</a> check for insecure API usage and perform checks based on the CERT Secure Coding Standards</li> 43*0a6a1f1dSLionel Sambuc<li><a href="#unix_checkers">Unix Checkers</a> check the use of Unix and POSIX APIs</li> 44*0a6a1f1dSLionel Sambuc</ul> 45f4a2713aSLionel Sambuc 46*0a6a1f1dSLionel Sambuc<!------------------------------------ core -----------------------------------> 47*0a6a1f1dSLionel Sambuc<h3 id="core_checkers">Core Checkers</h3> 48*0a6a1f1dSLionel Sambuc<table class="checkers"> 49*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 50*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 51*0a6a1f1dSLionel Sambuc 52*0a6a1f1dSLionel Sambuc<tbody> 53*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 54*0a6a1f1dSLionel Sambuccore.CallAndMessage</span><span class="lang"> 55*0a6a1f1dSLionel Sambuc(C, C++, ObjC)</span><div class="descr"> 56*0a6a1f1dSLionel SambucCheck for logical errors for function calls and Objective-C message expressions 57*0a6a1f1dSLionel Sambuc(e.g., uninitialized arguments, null function pointers).</div></div></td> 58*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 59*0a6a1f1dSLionel Sambuc<div class="example"><pre> 60*0a6a1f1dSLionel Sambuc// C 61*0a6a1f1dSLionel Sambucstruct S { 62*0a6a1f1dSLionel Sambuc int x; 63*0a6a1f1dSLionel Sambuc}; 64*0a6a1f1dSLionel Sambuc 65*0a6a1f1dSLionel Sambucvoid f(struct S s); 66*0a6a1f1dSLionel Sambuc 67*0a6a1f1dSLionel Sambucvoid test() { 68*0a6a1f1dSLionel Sambuc struct S s; 69*0a6a1f1dSLionel Sambuc f(s); // warn: passed-by-value arg contain uninitialized data 70*0a6a1f1dSLionel Sambuc} 71*0a6a1f1dSLionel Sambuc</pre></div> 72*0a6a1f1dSLionel Sambuc<div class="example"><pre> 73*0a6a1f1dSLionel Sambuc// C 74*0a6a1f1dSLionel Sambucvoid test() { 75*0a6a1f1dSLionel Sambuc void (*foo)(void); 76*0a6a1f1dSLionel Sambuc foo(); // warn: function pointer is uninitialized 77*0a6a1f1dSLionel Sambuc} 78*0a6a1f1dSLionel Sambuc</pre></div> 79*0a6a1f1dSLionel Sambuc<div class="example"><pre> 80*0a6a1f1dSLionel Sambuc// C 81*0a6a1f1dSLionel Sambucvoid test() { 82*0a6a1f1dSLionel Sambuc void (*foo)(void); 83*0a6a1f1dSLionel Sambuc foo = 0; 84*0a6a1f1dSLionel Sambuc foo(); // warn: function pointer is null 85*0a6a1f1dSLionel Sambuc} 86*0a6a1f1dSLionel Sambuc</pre></div> 87*0a6a1f1dSLionel Sambuc<div class="example"><pre> 88*0a6a1f1dSLionel Sambuc// C++ 89*0a6a1f1dSLionel Sambucclass C { 90*0a6a1f1dSLionel Sambucpublic: 91*0a6a1f1dSLionel Sambuc void f(); 92*0a6a1f1dSLionel Sambuc}; 93*0a6a1f1dSLionel Sambuc 94*0a6a1f1dSLionel Sambucvoid test() { 95*0a6a1f1dSLionel Sambuc C *pc; 96*0a6a1f1dSLionel Sambuc pc->f(); // warn: object pointer is uninitialized 97*0a6a1f1dSLionel Sambuc} 98*0a6a1f1dSLionel Sambuc</pre></div> 99*0a6a1f1dSLionel Sambuc<div class="example"><pre> 100*0a6a1f1dSLionel Sambuc// C++ 101*0a6a1f1dSLionel Sambucclass C { 102*0a6a1f1dSLionel Sambucpublic: 103*0a6a1f1dSLionel Sambuc void f(); 104*0a6a1f1dSLionel Sambuc}; 105*0a6a1f1dSLionel Sambuc 106*0a6a1f1dSLionel Sambucvoid test() { 107*0a6a1f1dSLionel Sambuc C *pc = 0; 108*0a6a1f1dSLionel Sambuc pc->f(); // warn: object pointer is null 109*0a6a1f1dSLionel Sambuc} 110*0a6a1f1dSLionel Sambuc</pre></div> 111*0a6a1f1dSLionel Sambuc<div class="example"><pre> 112*0a6a1f1dSLionel Sambuc// Objective-C 113*0a6a1f1dSLionel Sambuc@interface MyClass : NSObject 114*0a6a1f1dSLionel Sambuc@property (readwrite,assign) id x; 115*0a6a1f1dSLionel Sambuc- (long double)longDoubleM; 116*0a6a1f1dSLionel Sambuc@end 117*0a6a1f1dSLionel Sambuc 118*0a6a1f1dSLionel Sambucvoid test() { 119*0a6a1f1dSLionel Sambuc MyClass *obj1; 120*0a6a1f1dSLionel Sambuc long double ld1 = [obj1 longDoubleM]; 121*0a6a1f1dSLionel Sambuc // warn: receiver is uninitialized 122*0a6a1f1dSLionel Sambuc} 123*0a6a1f1dSLionel Sambuc</pre></div> 124*0a6a1f1dSLionel Sambuc<div class="example"><pre> 125*0a6a1f1dSLionel Sambuc// Objective-C 126*0a6a1f1dSLionel Sambuc@interface MyClass : NSObject 127*0a6a1f1dSLionel Sambuc@property (readwrite,assign) id x; 128*0a6a1f1dSLionel Sambuc- (long double)longDoubleM; 129*0a6a1f1dSLionel Sambuc@end 130*0a6a1f1dSLionel Sambuc 131*0a6a1f1dSLionel Sambucvoid test() { 132*0a6a1f1dSLionel Sambuc MyClass *obj1; 133*0a6a1f1dSLionel Sambuc id i = obj1.x; // warn: uninitialized object pointer 134*0a6a1f1dSLionel Sambuc} 135*0a6a1f1dSLionel Sambuc</pre></div> 136*0a6a1f1dSLionel Sambuc<div class="example"><pre> 137*0a6a1f1dSLionel Sambuc// Objective-C 138*0a6a1f1dSLionel Sambuc@interface Subscriptable : NSObject 139*0a6a1f1dSLionel Sambuc- (id)objectAtIndexedSubscript:(unsigned int)index; 140*0a6a1f1dSLionel Sambuc@end 141*0a6a1f1dSLionel Sambuc 142*0a6a1f1dSLionel Sambuc@interface MyClass : Subscriptable 143*0a6a1f1dSLionel Sambuc@property (readwrite,assign) id x; 144*0a6a1f1dSLionel Sambuc- (long double)longDoubleM; 145*0a6a1f1dSLionel Sambuc@end 146*0a6a1f1dSLionel Sambuc 147*0a6a1f1dSLionel Sambucvoid test() { 148*0a6a1f1dSLionel Sambuc MyClass *obj1; 149*0a6a1f1dSLionel Sambuc id i = obj1[0]; // warn: uninitialized object pointer 150*0a6a1f1dSLionel Sambuc} 151*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 152*0a6a1f1dSLionel Sambuc 153*0a6a1f1dSLionel Sambuc 154*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 155*0a6a1f1dSLionel Sambuccore.DivideZero</span><span class="lang"> 156*0a6a1f1dSLionel Sambuc(C, C++, ObjC)</span><div class="descr"> 157*0a6a1f1dSLionel SambucCheck for division by zero.</div></div></td> 158*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 159*0a6a1f1dSLionel Sambuc<div class="example"><pre> 160*0a6a1f1dSLionel Sambucvoid test(int z) { 161*0a6a1f1dSLionel Sambuc if (z == 0) 162*0a6a1f1dSLionel Sambuc int x = 1 / z; // warn 163*0a6a1f1dSLionel Sambuc} 164*0a6a1f1dSLionel Sambuc</pre></div> 165*0a6a1f1dSLionel Sambuc<div class="example"><pre> 166*0a6a1f1dSLionel Sambucvoid test() { 167*0a6a1f1dSLionel Sambuc int x = 1; 168*0a6a1f1dSLionel Sambuc int y = x % 0; // warn 169*0a6a1f1dSLionel Sambuc} 170*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 171*0a6a1f1dSLionel Sambuc 172*0a6a1f1dSLionel Sambuc 173*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 174*0a6a1f1dSLionel Sambuccore.NonNullParamChecker</span><span class="lang"> 175*0a6a1f1dSLionel Sambuc(C, C++, ObjC)</span><div class="descr"> 176*0a6a1f1dSLionel SambucCheck for null pointers passed as arguments to a function whose arguments are 177*0a6a1f1dSLionel Sambucmarked with the <code>nonnull</code> attribute.</div></div></td> 178*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 179*0a6a1f1dSLionel Sambuc<div class="example"><pre> 180*0a6a1f1dSLionel Sambucint f(int *p) __attribute__((nonnull)); 181*0a6a1f1dSLionel Sambuc 182*0a6a1f1dSLionel Sambucvoid test(int *p) { 183*0a6a1f1dSLionel Sambuc if (!p) 184*0a6a1f1dSLionel Sambuc f(p); // warn 185*0a6a1f1dSLionel Sambuc} 186*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 187*0a6a1f1dSLionel Sambuc 188*0a6a1f1dSLionel Sambuc 189*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 190*0a6a1f1dSLionel Sambuccore.NullDereference</span><span class="lang"> 191*0a6a1f1dSLionel Sambuc(C, C++, ObjC)</span><div class="descr"> 192*0a6a1f1dSLionel SambucCheck for dereferences of null pointers.</div></div></td> 193*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 194*0a6a1f1dSLionel Sambuc<div class="example"><pre> 195*0a6a1f1dSLionel Sambuc// C 196*0a6a1f1dSLionel Sambucvoid test(int *p) { 197*0a6a1f1dSLionel Sambuc if (p) 198*0a6a1f1dSLionel Sambuc return; 199*0a6a1f1dSLionel Sambuc 200*0a6a1f1dSLionel Sambuc int x = p[0]; // warn 201*0a6a1f1dSLionel Sambuc} 202*0a6a1f1dSLionel Sambuc</pre></div> 203*0a6a1f1dSLionel Sambuc<div class="example"><pre> 204*0a6a1f1dSLionel Sambuc// C 205*0a6a1f1dSLionel Sambucvoid test(int *p) { 206*0a6a1f1dSLionel Sambuc if (!p) 207*0a6a1f1dSLionel Sambuc *p = 0; // warn 208*0a6a1f1dSLionel Sambuc} 209*0a6a1f1dSLionel Sambuc</pre></div> 210*0a6a1f1dSLionel Sambuc<div class="example"><pre> 211*0a6a1f1dSLionel Sambuc// C++ 212*0a6a1f1dSLionel Sambucclass C { 213*0a6a1f1dSLionel Sambucpublic: 214*0a6a1f1dSLionel Sambuc int x; 215*0a6a1f1dSLionel Sambuc}; 216*0a6a1f1dSLionel Sambuc 217*0a6a1f1dSLionel Sambucvoid test() { 218*0a6a1f1dSLionel Sambuc C *pc = 0; 219*0a6a1f1dSLionel Sambuc int k = pc->x; // warn 220*0a6a1f1dSLionel Sambuc} 221*0a6a1f1dSLionel Sambuc</pre></div> 222*0a6a1f1dSLionel Sambuc<div class="example"><pre> 223*0a6a1f1dSLionel Sambuc// Objective-C 224*0a6a1f1dSLionel Sambuc@interface MyClass { 225*0a6a1f1dSLionel Sambuc@public 226*0a6a1f1dSLionel Sambuc int x; 227*0a6a1f1dSLionel Sambuc} 228*0a6a1f1dSLionel Sambuc@end 229*0a6a1f1dSLionel Sambuc 230*0a6a1f1dSLionel Sambucvoid test() { 231*0a6a1f1dSLionel Sambuc MyClass *obj = 0; 232*0a6a1f1dSLionel Sambuc obj->x = 1; // warn 233*0a6a1f1dSLionel Sambuc} 234*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 235*0a6a1f1dSLionel Sambuc 236*0a6a1f1dSLionel Sambuc 237*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 238*0a6a1f1dSLionel Sambuccore.StackAddressEscape</span><span class="lang"> 239*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 240*0a6a1f1dSLionel SambucCheck that addresses of stack memory do not escape the function.</div></div></td> 241*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 242*0a6a1f1dSLionel Sambuc<div class="example"><pre> 243*0a6a1f1dSLionel Sambucchar const *p; 244*0a6a1f1dSLionel Sambuc 245*0a6a1f1dSLionel Sambucvoid test() { 246*0a6a1f1dSLionel Sambuc char const str[] = "string"; 247*0a6a1f1dSLionel Sambuc p = str; // warn 248*0a6a1f1dSLionel Sambuc} 249*0a6a1f1dSLionel Sambuc</pre></div> 250*0a6a1f1dSLionel Sambuc<div class="example"><pre> 251*0a6a1f1dSLionel Sambucvoid* test() { 252*0a6a1f1dSLionel Sambuc return __builtin_alloca(12); // warn 253*0a6a1f1dSLionel Sambuc} 254*0a6a1f1dSLionel Sambuc</pre></div> 255*0a6a1f1dSLionel Sambuc<div class="example"><pre> 256*0a6a1f1dSLionel Sambucvoid test() { 257*0a6a1f1dSLionel Sambuc static int *x; 258*0a6a1f1dSLionel Sambuc int y; 259*0a6a1f1dSLionel Sambuc x = &y; // warn 260*0a6a1f1dSLionel Sambuc} 261*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 262*0a6a1f1dSLionel Sambuc 263*0a6a1f1dSLionel Sambuc 264*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 265*0a6a1f1dSLionel Sambuccore.UndefinedBinaryOperatorResult</span><span class="lang"> 266*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 267*0a6a1f1dSLionel SambucCheck for undefined results of binary operators.</div></div></td> 268*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 269*0a6a1f1dSLionel Sambuc<div class="example"><pre> 270*0a6a1f1dSLionel Sambucvoid test() { 271*0a6a1f1dSLionel Sambuc int x; 272*0a6a1f1dSLionel Sambuc int y = x + 1; // warn: left operand is garbage 273*0a6a1f1dSLionel Sambuc} 274*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 275*0a6a1f1dSLionel Sambuc 276*0a6a1f1dSLionel Sambuc 277*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 278*0a6a1f1dSLionel Sambuccore.VLASize</span><span class="lang"> 279*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 280*0a6a1f1dSLionel SambucCheck for declarations of VLA of undefined or zero size.</div></div></td> 281*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 282*0a6a1f1dSLionel Sambuc<div class="example"><pre> 283*0a6a1f1dSLionel Sambucvoid test() { 284*0a6a1f1dSLionel Sambuc int x; 285*0a6a1f1dSLionel Sambuc int vla1[x]; // warn: garbage as size 286*0a6a1f1dSLionel Sambuc} 287*0a6a1f1dSLionel Sambuc</pre></div> 288*0a6a1f1dSLionel Sambuc<div class="example"><pre> 289*0a6a1f1dSLionel Sambucvoid test() { 290*0a6a1f1dSLionel Sambuc int x = 0; 291*0a6a1f1dSLionel Sambuc int vla2[x]; // warn: zero size 292*0a6a1f1dSLionel Sambuc} 293*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 294*0a6a1f1dSLionel Sambuc 295*0a6a1f1dSLionel Sambuc 296*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 297*0a6a1f1dSLionel Sambuccore.uninitialized.ArraySubscript</span><span class="lang"> 298*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 299*0a6a1f1dSLionel SambucCheck for uninitialized values used as array subscripts.</div></div></td> 300*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 301*0a6a1f1dSLionel Sambuc<div class="example"><pre> 302*0a6a1f1dSLionel Sambucvoid test() { 303*0a6a1f1dSLionel Sambuc int i, a[10]; 304*0a6a1f1dSLionel Sambuc int x = a[i]; // warn: array subscript is undefined 305*0a6a1f1dSLionel Sambuc} 306*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 307*0a6a1f1dSLionel Sambuc 308*0a6a1f1dSLionel Sambuc 309*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 310*0a6a1f1dSLionel Sambuccore.uninitialized.Assign</span><span class="lang"> 311*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 312*0a6a1f1dSLionel SambucCheck for assigning uninitialized values.</div></div></td> 313*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 314*0a6a1f1dSLionel Sambuc<div class="example"><pre> 315*0a6a1f1dSLionel Sambucvoid test() { 316*0a6a1f1dSLionel Sambuc int x; 317*0a6a1f1dSLionel Sambuc x |= 1; // warn: left expression is unitialized 318*0a6a1f1dSLionel Sambuc} 319*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 320*0a6a1f1dSLionel Sambuc 321*0a6a1f1dSLionel Sambuc 322*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 323*0a6a1f1dSLionel Sambuccore.uninitialized.Branch</span><span class="lang"> 324*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 325*0a6a1f1dSLionel SambucCheck for uninitialized values used as branch conditions.</div></div></td> 326*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 327*0a6a1f1dSLionel Sambuc<div class="example"><pre> 328*0a6a1f1dSLionel Sambucvoid test() { 329*0a6a1f1dSLionel Sambuc int x; 330*0a6a1f1dSLionel Sambuc if (x) // warn 331*0a6a1f1dSLionel Sambuc return; 332*0a6a1f1dSLionel Sambuc} 333*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 334*0a6a1f1dSLionel Sambuc 335*0a6a1f1dSLionel Sambuc 336*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 337*0a6a1f1dSLionel Sambuccore.uninitialized.CapturedBlockVariable</span><span class="lang"> 338*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 339*0a6a1f1dSLionel SambucCheck for blocks that capture uninitialized values.</div></div></td> 340*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 341*0a6a1f1dSLionel Sambuc<div class="example"><pre> 342*0a6a1f1dSLionel Sambucvoid test() { 343*0a6a1f1dSLionel Sambuc int x; 344*0a6a1f1dSLionel Sambuc ^{ int y = x; }(); // warn 345*0a6a1f1dSLionel Sambuc} 346*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 347*0a6a1f1dSLionel Sambuc 348*0a6a1f1dSLionel Sambuc 349*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 350*0a6a1f1dSLionel Sambuccore.uninitialized.UndefReturn</span><span class="lang"> 351*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 352*0a6a1f1dSLionel SambucCheck for uninitialized values being returned to the caller.</div></div></td> 353*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 354*0a6a1f1dSLionel Sambuc<div class="example"><pre> 355*0a6a1f1dSLionel Sambucint test() { 356*0a6a1f1dSLionel Sambuc int x; 357*0a6a1f1dSLionel Sambuc return x; // warn 358*0a6a1f1dSLionel Sambuc} 359*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 360*0a6a1f1dSLionel Sambuc 361*0a6a1f1dSLionel Sambuc</tbody></table> 362*0a6a1f1dSLionel Sambuc 363*0a6a1f1dSLionel Sambuc<!------------------------------------ C++ ------------------------------------> 364*0a6a1f1dSLionel Sambuc<h3 id="cplusplus_checkers">C++ Checkers</h3> 365*0a6a1f1dSLionel Sambuc<table class="checkers"> 366*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 367*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 368*0a6a1f1dSLionel Sambuc 369*0a6a1f1dSLionel Sambuc<tbody> 370*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 371*0a6a1f1dSLionel Sambuccplusplus.NewDelete</span><span class="lang"> 372*0a6a1f1dSLionel Sambuc(C++)</span><div class="descr"> 373*0a6a1f1dSLionel SambucCheck for double-free, use-after-free and offset problems involving C++ <code> 374*0a6a1f1dSLionel Sambucdelete</code>.</div></div></td> 375*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 376*0a6a1f1dSLionel Sambuc<div class="example"><pre> 377*0a6a1f1dSLionel Sambucvoid f(int *p); 378*0a6a1f1dSLionel Sambuc 379*0a6a1f1dSLionel Sambucvoid testUseMiddleArgAfterDelete(int *p) { 380*0a6a1f1dSLionel Sambuc delete p; 381*0a6a1f1dSLionel Sambuc f(p); // warn: use after free 382*0a6a1f1dSLionel Sambuc} 383*0a6a1f1dSLionel Sambuc</pre></div> 384*0a6a1f1dSLionel Sambuc<div class="example"><pre> 385*0a6a1f1dSLionel Sambucclass SomeClass { 386*0a6a1f1dSLionel Sambucpublic: 387*0a6a1f1dSLionel Sambuc void f(); 388*0a6a1f1dSLionel Sambuc}; 389*0a6a1f1dSLionel Sambuc 390*0a6a1f1dSLionel Sambucvoid test() { 391*0a6a1f1dSLionel Sambuc SomeClass *c = new SomeClass; 392*0a6a1f1dSLionel Sambuc delete c; 393*0a6a1f1dSLionel Sambuc c->f(); // warn: use after free 394*0a6a1f1dSLionel Sambuc} 395*0a6a1f1dSLionel Sambuc</pre></div> 396*0a6a1f1dSLionel Sambuc<div class="example"><pre> 397*0a6a1f1dSLionel Sambucvoid test() { 398*0a6a1f1dSLionel Sambuc int *p = (int *)__builtin_alloca(sizeof(int)); 399*0a6a1f1dSLionel Sambuc delete p; // warn: deleting memory allocated by alloca 400*0a6a1f1dSLionel Sambuc} 401*0a6a1f1dSLionel Sambuc</pre></div> 402*0a6a1f1dSLionel Sambuc<div class="example"><pre> 403*0a6a1f1dSLionel Sambucvoid test() { 404*0a6a1f1dSLionel Sambuc int *p = new int; 405*0a6a1f1dSLionel Sambuc delete p; 406*0a6a1f1dSLionel Sambuc delete p; // warn: attempt to free released 407*0a6a1f1dSLionel Sambuc} 408*0a6a1f1dSLionel Sambuc</pre></div> 409*0a6a1f1dSLionel Sambuc<div class="example"><pre> 410*0a6a1f1dSLionel Sambucvoid test() { 411*0a6a1f1dSLionel Sambuc int i; 412*0a6a1f1dSLionel Sambuc delete &i; // warn: delete address of local 413*0a6a1f1dSLionel Sambuc} 414*0a6a1f1dSLionel Sambuc</pre></div> 415*0a6a1f1dSLionel Sambuc<div class="example"><pre> 416*0a6a1f1dSLionel Sambucvoid test() { 417*0a6a1f1dSLionel Sambuc int *p = new int[1]; 418*0a6a1f1dSLionel Sambuc delete[] (++p); 419*0a6a1f1dSLionel Sambuc // warn: argument to 'delete[]' is offset by 4 bytes 420*0a6a1f1dSLionel Sambuc // from the start of memory allocated by 'new[]' 421*0a6a1f1dSLionel Sambuc} 422*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 423*0a6a1f1dSLionel Sambuc 424*0a6a1f1dSLionel Sambuc</tbody></table> 425*0a6a1f1dSLionel Sambuc 426*0a6a1f1dSLionel Sambuc<!--------------------------------- dead code ---------------------------------> 427*0a6a1f1dSLionel Sambuc<h3 id="deadcode_checkers">Dead Code Checkers</h3> 428*0a6a1f1dSLionel Sambuc<table class="checkers"> 429*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 430*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 431*0a6a1f1dSLionel Sambuc 432*0a6a1f1dSLionel Sambuc<tbody> 433*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 434*0a6a1f1dSLionel Sambucdeadcode.DeadStores</span><span class="lang"> 435*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 436*0a6a1f1dSLionel SambucCheck for values stored to variables that are never read afterwards.</div></div></td> 437*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 438*0a6a1f1dSLionel Sambuc<div class="example"><pre> 439*0a6a1f1dSLionel Sambucvoid test() { 440*0a6a1f1dSLionel Sambuc int x; 441*0a6a1f1dSLionel Sambuc x = 1; // warn 442*0a6a1f1dSLionel Sambuc} 443*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 444*0a6a1f1dSLionel Sambuc 445*0a6a1f1dSLionel Sambuc</tbody></table> 446*0a6a1f1dSLionel Sambuc 447*0a6a1f1dSLionel Sambuc<!---------------------------------- OS X ------------------------------------> 448*0a6a1f1dSLionel Sambuc<h3 id="osx_checkers">OS X Checkers</h3> 449*0a6a1f1dSLionel Sambuc<table class="checkers"> 450*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 451*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 452*0a6a1f1dSLionel Sambuc 453*0a6a1f1dSLionel Sambuc<tbody> 454*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 455*0a6a1f1dSLionel Sambucosx.API</span><span class="lang"> 456*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 457*0a6a1f1dSLionel SambucCheck for proper uses of various Apple APIs:<div class=functions> 458*0a6a1f1dSLionel Sambucdispatch_once</div></div></div></td> 459*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 460*0a6a1f1dSLionel Sambuc<div class="example"><pre> 461*0a6a1f1dSLionel Sambucvoid test() { 462*0a6a1f1dSLionel Sambuc dispatch_once_t pred = 0; 463*0a6a1f1dSLionel Sambuc dispatch_once(&pred, ^(){}); // warn: dispatch_once uses local 464*0a6a1f1dSLionel Sambuc} 465*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 466*0a6a1f1dSLionel Sambuc 467*0a6a1f1dSLionel Sambuc 468*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 469*0a6a1f1dSLionel Sambucosx.SecKeychainAPI</span><span class="lang"> 470*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 471*0a6a1f1dSLionel SambucCheck for improper uses of the Security framework's Keychain APIs:<div class=functions> 472*0a6a1f1dSLionel SambucSecKeychainItemCopyContent<br> 473*0a6a1f1dSLionel SambucSecKeychainFindGenericPassword<br> 474*0a6a1f1dSLionel SambucSecKeychainFindInternetPassword<br> 475*0a6a1f1dSLionel SambucSecKeychainItemFreeContent<br> 476*0a6a1f1dSLionel SambucSecKeychainItemCopyAttributesAndData<br> 477*0a6a1f1dSLionel SambucSecKeychainItemFreeAttributesAndData</div></div></div></td> 478*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 479*0a6a1f1dSLionel Sambuc<div class="example"><pre> 480*0a6a1f1dSLionel Sambucvoid test() { 481*0a6a1f1dSLionel Sambuc unsigned int *ptr = 0; 482*0a6a1f1dSLionel Sambuc UInt32 length; 483*0a6a1f1dSLionel Sambuc 484*0a6a1f1dSLionel Sambuc SecKeychainItemFreeContent(ptr, &length); 485*0a6a1f1dSLionel Sambuc // warn: trying to free data which has not been allocated 486*0a6a1f1dSLionel Sambuc} 487*0a6a1f1dSLionel Sambuc</pre></div> 488*0a6a1f1dSLionel Sambuc<div class="example"><pre> 489*0a6a1f1dSLionel Sambucvoid test() { 490*0a6a1f1dSLionel Sambuc unsigned int *ptr = 0; 491*0a6a1f1dSLionel Sambuc UInt32 *length = 0; 492*0a6a1f1dSLionel Sambuc void *outData; 493*0a6a1f1dSLionel Sambuc 494*0a6a1f1dSLionel Sambuc OSStatus st = 495*0a6a1f1dSLionel Sambuc SecKeychainItemCopyContent(2, ptr, ptr, length, outData); 496*0a6a1f1dSLionel Sambuc // warn: data is not released 497*0a6a1f1dSLionel Sambuc} 498*0a6a1f1dSLionel Sambuc</pre></div> 499*0a6a1f1dSLionel Sambuc<div class="example"><pre> 500*0a6a1f1dSLionel Sambucvoid test() { 501*0a6a1f1dSLionel Sambuc unsigned int *ptr = 0; 502*0a6a1f1dSLionel Sambuc UInt32 *length = 0; 503*0a6a1f1dSLionel Sambuc void *outData; 504*0a6a1f1dSLionel Sambuc 505*0a6a1f1dSLionel Sambuc OSStatus st = 506*0a6a1f1dSLionel Sambuc SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 507*0a6a1f1dSLionel Sambuc 508*0a6a1f1dSLionel Sambuc SecKeychainItemFreeContent(ptr, outData); 509*0a6a1f1dSLionel Sambuc // warn: only call free if a non-NULL buffer was returned 510*0a6a1f1dSLionel Sambuc} 511*0a6a1f1dSLionel Sambuc</pre></div> 512*0a6a1f1dSLionel Sambuc<div class="example"><pre> 513*0a6a1f1dSLionel Sambucvoid test() { 514*0a6a1f1dSLionel Sambuc unsigned int *ptr = 0; 515*0a6a1f1dSLionel Sambuc UInt32 *length = 0; 516*0a6a1f1dSLionel Sambuc void *outData; 517*0a6a1f1dSLionel Sambuc 518*0a6a1f1dSLionel Sambuc OSStatus st = 519*0a6a1f1dSLionel Sambuc SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 520*0a6a1f1dSLionel Sambuc 521*0a6a1f1dSLionel Sambuc st = SecKeychainItemCopyContent(2, ptr, ptr, length, &outData); 522*0a6a1f1dSLionel Sambuc // warn: release data before another call to the allocator 523*0a6a1f1dSLionel Sambuc 524*0a6a1f1dSLionel Sambuc if (st == noErr) 525*0a6a1f1dSLionel Sambuc SecKeychainItemFreeContent(ptr, outData); 526*0a6a1f1dSLionel Sambuc} 527*0a6a1f1dSLionel Sambuc</pre></div> 528*0a6a1f1dSLionel Sambuc<div class="example"><pre> 529*0a6a1f1dSLionel Sambucvoid test() { 530*0a6a1f1dSLionel Sambuc SecKeychainItemRef itemRef = 0; 531*0a6a1f1dSLionel Sambuc SecKeychainAttributeInfo *info = 0; 532*0a6a1f1dSLionel Sambuc SecItemClass *itemClass = 0; 533*0a6a1f1dSLionel Sambuc SecKeychainAttributeList *attrList = 0; 534*0a6a1f1dSLionel Sambuc UInt32 *length = 0; 535*0a6a1f1dSLionel Sambuc void *outData = 0; 536*0a6a1f1dSLionel Sambuc 537*0a6a1f1dSLionel Sambuc OSStatus st = 538*0a6a1f1dSLionel Sambuc SecKeychainItemCopyAttributesAndData(itemRef, info, 539*0a6a1f1dSLionel Sambuc itemClass, &attrList, 540*0a6a1f1dSLionel Sambuc length, &outData); 541*0a6a1f1dSLionel Sambuc 542*0a6a1f1dSLionel Sambuc SecKeychainItemFreeContent(attrList, outData); 543*0a6a1f1dSLionel Sambuc // warn: deallocator doesn't match the allocator 544*0a6a1f1dSLionel Sambuc} 545*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 546*0a6a1f1dSLionel Sambuc 547*0a6a1f1dSLionel Sambuc 548*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 549*0a6a1f1dSLionel Sambucosx.cocoa.AtSync</span><span class="lang"> 550*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 551*0a6a1f1dSLionel SambucCheck for nil pointers used as mutexes for <code>@synchronized</code>.</div></div></td> 552*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 553*0a6a1f1dSLionel Sambuc<div class="example"><pre> 554*0a6a1f1dSLionel Sambucvoid test(id x) { 555*0a6a1f1dSLionel Sambuc if (!x) 556*0a6a1f1dSLionel Sambuc @synchronized(x) {} // warn: nil value used as mutex 557*0a6a1f1dSLionel Sambuc} 558*0a6a1f1dSLionel Sambuc</pre></div> 559*0a6a1f1dSLionel Sambuc<div class="example"><pre> 560*0a6a1f1dSLionel Sambucvoid test() { 561*0a6a1f1dSLionel Sambuc id y; 562*0a6a1f1dSLionel Sambuc @synchronized(y) {} // warn: uninitialized value used as mutex 563*0a6a1f1dSLionel Sambuc} 564*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 565*0a6a1f1dSLionel Sambuc 566*0a6a1f1dSLionel Sambuc 567*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 568*0a6a1f1dSLionel Sambucosx.cocoa.ClassRelease</span><span class="lang"> 569*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 570*0a6a1f1dSLionel SambucCheck for sending <code>retain</code>, <code>release</code>, or <code> 571*0a6a1f1dSLionel Sambucautorelease</code> directly to a class.</div></div></td> 572*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 573*0a6a1f1dSLionel Sambuc<div class="example"><pre> 574*0a6a1f1dSLionel Sambuc@interface MyClass : NSObject 575*0a6a1f1dSLionel Sambuc@end 576*0a6a1f1dSLionel Sambuc 577*0a6a1f1dSLionel Sambucvoid test(void) { 578*0a6a1f1dSLionel Sambuc [MyClass release]; // warn 579*0a6a1f1dSLionel Sambuc} 580*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 581*0a6a1f1dSLionel Sambuc 582*0a6a1f1dSLionel Sambuc 583*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 584*0a6a1f1dSLionel Sambucosx.cocoa.IncompatibleMethodTypes</span><span class="lang"> 585*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 586*0a6a1f1dSLionel SambucCheck for an incompatible type signature when overriding an Objective-C method.</div></div></td> 587*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 588*0a6a1f1dSLionel Sambuc<div class="example"><pre> 589*0a6a1f1dSLionel Sambuc@interface MyClass1 : NSObject 590*0a6a1f1dSLionel Sambuc- (int)foo; 591*0a6a1f1dSLionel Sambuc@end 592*0a6a1f1dSLionel Sambuc 593*0a6a1f1dSLionel Sambuc@implementation MyClass1 594*0a6a1f1dSLionel Sambuc- (int)foo { return 1; } 595*0a6a1f1dSLionel Sambuc@end 596*0a6a1f1dSLionel Sambuc 597*0a6a1f1dSLionel Sambuc@interface MyClass2 : MyClass1 598*0a6a1f1dSLionel Sambuc- (float)foo; 599*0a6a1f1dSLionel Sambuc@end 600*0a6a1f1dSLionel Sambuc 601*0a6a1f1dSLionel Sambuc@implementation MyClass2 602*0a6a1f1dSLionel Sambuc- (float)foo { return 1.0; } // warn 603*0a6a1f1dSLionel Sambuc@end 604*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 605*0a6a1f1dSLionel Sambuc 606*0a6a1f1dSLionel Sambuc 607*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 608*0a6a1f1dSLionel Sambucalpha.osx.cocoa.MissingSuperCall</span><span class="lang"> 609*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 610*0a6a1f1dSLionel SambucWarn about Objective-C methods that lack a necessary call to super. (Note: The 611*0a6a1f1dSLionel Sambuccompiler now has a warning for methods annotated with <code>objc_requires_super</code> 612*0a6a1f1dSLionel Sambucattribute. The checker exists to check methods in the Cocoa frameworks 613*0a6a1f1dSLionel Sambucthat haven't yet adopted this attribute.)</div></div></td> 614*0a6a1f1dSLionel Sambuc<td><div class="example"><pre> 615*0a6a1f1dSLionel Sambuc@interface Test : UIViewController 616*0a6a1f1dSLionel Sambuc@end 617*0a6a1f1dSLionel Sambuc@implementation test 618*0a6a1f1dSLionel Sambuc- (void)viewDidLoad {} // warn 619*0a6a1f1dSLionel Sambuc@end 620*0a6a1f1dSLionel Sambuc</pre></div></td></tr> 621*0a6a1f1dSLionel Sambuc 622*0a6a1f1dSLionel Sambuc 623*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 624*0a6a1f1dSLionel Sambucosx.cocoa.NSAutoreleasePool</span><span class="lang"> 625*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 626*0a6a1f1dSLionel SambucWarn for suboptimal uses of NSAutoreleasePool in Objective-C 627*0a6a1f1dSLionel SambucGC mode (<code>-fobjc-gc</code> compiler option).</div></div></td> 628*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 629*0a6a1f1dSLionel Sambuc<div class="example"><pre> 630*0a6a1f1dSLionel Sambucvoid test() { 631*0a6a1f1dSLionel Sambuc NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; 632*0a6a1f1dSLionel Sambuc [pool release]; // warn 633*0a6a1f1dSLionel Sambuc} 634*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 635*0a6a1f1dSLionel Sambuc 636*0a6a1f1dSLionel Sambuc 637*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 638*0a6a1f1dSLionel Sambucosx.cocoa.NSError</span><span class="lang"> 639*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 640*0a6a1f1dSLionel SambucCheck usage of <code>NSError**</code> parameters.</div></div></td> 641*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 642*0a6a1f1dSLionel Sambuc<div class="example"><pre> 643*0a6a1f1dSLionel Sambuc@interface A : NSObject 644*0a6a1f1dSLionel Sambuc- (void)foo:(NSError **)error; 645*0a6a1f1dSLionel Sambuc@end 646*0a6a1f1dSLionel Sambuc 647*0a6a1f1dSLionel Sambuc@implementation A 648*0a6a1f1dSLionel Sambuc- (void)foo:(NSError **)error { 649*0a6a1f1dSLionel Sambuc // warn: method accepting NSError** should have a non-void 650*0a6a1f1dSLionel Sambuc // return value 651*0a6a1f1dSLionel Sambuc} 652*0a6a1f1dSLionel Sambuc@end 653*0a6a1f1dSLionel Sambuc</pre></div> 654*0a6a1f1dSLionel Sambuc<div class="example"><pre> 655*0a6a1f1dSLionel Sambuc@interface A : NSObject 656*0a6a1f1dSLionel Sambuc- (BOOL)foo:(NSError **)error; 657*0a6a1f1dSLionel Sambuc@end 658*0a6a1f1dSLionel Sambuc 659*0a6a1f1dSLionel Sambuc@implementation A 660*0a6a1f1dSLionel Sambuc- (BOOL)foo:(NSError **)error { 661*0a6a1f1dSLionel Sambuc *error = 0; // warn: potential null dereference 662*0a6a1f1dSLionel Sambuc return 0; 663*0a6a1f1dSLionel Sambuc} 664*0a6a1f1dSLionel Sambuc@end 665*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 666*0a6a1f1dSLionel Sambuc 667*0a6a1f1dSLionel Sambuc 668*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 669*0a6a1f1dSLionel Sambucosx.cocoa.NilArg</span><span class="lang"> 670*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 671*0a6a1f1dSLionel SambucCheck for prohibited nil arguments in specific Objective-C method calls:<div class=functions> 672*0a6a1f1dSLionel Sambuc- caseInsensitiveCompare:<br> 673*0a6a1f1dSLionel Sambuc- compare:<br> 674*0a6a1f1dSLionel Sambuc- compare:options:<br> 675*0a6a1f1dSLionel Sambuc- compare:options:range:<br> 676*0a6a1f1dSLionel Sambuc- compare:options:range:locale:<br> 677*0a6a1f1dSLionel Sambuc- componentsSeparatedByCharactersInSet:<br> 678*0a6a1f1dSLionel Sambuc- initWithFormat:</div></div></div></td> 679*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 680*0a6a1f1dSLionel Sambuc<div class="example"><pre> 681*0a6a1f1dSLionel SambucNSComparisonResult test(NSString *s) { 682*0a6a1f1dSLionel Sambuc NSString *aString = nil; 683*0a6a1f1dSLionel Sambuc return [s caseInsensitiveCompare:aString]; 684*0a6a1f1dSLionel Sambuc // warn: argument to 'NSString' method 685*0a6a1f1dSLionel Sambuc // 'caseInsensitiveCompare:' cannot be nil 686*0a6a1f1dSLionel Sambuc} 687*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 688*0a6a1f1dSLionel Sambuc 689*0a6a1f1dSLionel Sambuc 690*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 691*0a6a1f1dSLionel Sambucosx.cocoa.RetainCount</span><span class="lang"> 692*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 693*0a6a1f1dSLionel SambucCheck for leaks and violations of the Cocoa Memory Management rules.</div></div></td> 694*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 695*0a6a1f1dSLionel Sambuc<div class="example"><pre> 696*0a6a1f1dSLionel Sambucvoid test() { 697*0a6a1f1dSLionel Sambuc NSString *s = [[NSString alloc] init]; // warn 698*0a6a1f1dSLionel Sambuc} 699*0a6a1f1dSLionel Sambuc</pre></div> 700*0a6a1f1dSLionel Sambuc<div class="example"><pre> 701*0a6a1f1dSLionel SambucCFStringRef test(char *bytes) { 702*0a6a1f1dSLionel Sambuc return CFStringCreateWithCStringNoCopy( 703*0a6a1f1dSLionel Sambuc 0, bytes, NSNEXTSTEPStringEncoding, 0); // warn 704*0a6a1f1dSLionel Sambuc} 705*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 706*0a6a1f1dSLionel Sambuc 707*0a6a1f1dSLionel Sambuc 708*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 709*0a6a1f1dSLionel Sambucosx.cocoa.SelfInit</span><span class="lang"> 710*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 711*0a6a1f1dSLionel SambucCheck that <code>self</code> is properly initialized inside an initializer 712*0a6a1f1dSLionel Sambucmethod.</div></div></td> 713*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 714*0a6a1f1dSLionel Sambuc<div class="example"><pre> 715*0a6a1f1dSLionel Sambuc@interface MyObj : NSObject { 716*0a6a1f1dSLionel Sambuc id x; 717*0a6a1f1dSLionel Sambuc} 718*0a6a1f1dSLionel Sambuc- (id)init; 719*0a6a1f1dSLionel Sambuc@end 720*0a6a1f1dSLionel Sambuc 721*0a6a1f1dSLionel Sambuc@implementation MyObj 722*0a6a1f1dSLionel Sambuc- (id)init { 723*0a6a1f1dSLionel Sambuc [super init]; 724*0a6a1f1dSLionel Sambuc x = 0; // warn: instance variable used while 'self' is not 725*0a6a1f1dSLionel Sambuc // initialized 726*0a6a1f1dSLionel Sambuc return 0; 727*0a6a1f1dSLionel Sambuc} 728*0a6a1f1dSLionel Sambuc@end 729*0a6a1f1dSLionel Sambuc</pre></div> 730*0a6a1f1dSLionel Sambuc<div class="example"><pre> 731*0a6a1f1dSLionel Sambuc@interface MyObj : NSObject 732*0a6a1f1dSLionel Sambuc- (id)init; 733*0a6a1f1dSLionel Sambuc@end 734*0a6a1f1dSLionel Sambuc 735*0a6a1f1dSLionel Sambuc@implementation MyObj 736*0a6a1f1dSLionel Sambuc- (id)init { 737*0a6a1f1dSLionel Sambuc [super init]; 738*0a6a1f1dSLionel Sambuc return self; // warn: returning uninitialized 'self' 739*0a6a1f1dSLionel Sambuc} 740*0a6a1f1dSLionel Sambuc@end 741*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 742*0a6a1f1dSLionel Sambuc 743*0a6a1f1dSLionel Sambuc 744*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 745*0a6a1f1dSLionel Sambucosx.cocoa.UnusedIvars</span><span class="lang"> 746*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 747*0a6a1f1dSLionel SambucWarn about private ivars that are never used.</div></div></td> 748*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 749*0a6a1f1dSLionel Sambuc<div class="example"><pre> 750*0a6a1f1dSLionel Sambuc@interface MyObj : NSObject { 751*0a6a1f1dSLionel Sambuc@private 752*0a6a1f1dSLionel Sambuc id x; // warn 753*0a6a1f1dSLionel Sambuc} 754*0a6a1f1dSLionel Sambuc@end 755*0a6a1f1dSLionel Sambuc 756*0a6a1f1dSLionel Sambuc@implementation MyObj 757*0a6a1f1dSLionel Sambuc@end 758*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 759*0a6a1f1dSLionel Sambuc 760*0a6a1f1dSLionel Sambuc 761*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 762*0a6a1f1dSLionel Sambucosx.cocoa.VariadicMethodTypes</span><span class="lang"> 763*0a6a1f1dSLionel Sambuc(ObjC)</span><div class="descr"> 764*0a6a1f1dSLionel SambucCheck for passing non-Objective-C types to variadic collection initialization 765*0a6a1f1dSLionel Sambucmethods that expect only Objective-C types.</div></div></td> 766*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 767*0a6a1f1dSLionel Sambuc<div class="example"><pre> 768*0a6a1f1dSLionel Sambucvoid test() { 769*0a6a1f1dSLionel Sambuc [NSSet setWithObjects:@"Foo", "Bar", nil]; 770*0a6a1f1dSLionel Sambuc // warn: argument should be an ObjC pointer type, not 'char *' 771*0a6a1f1dSLionel Sambuc} 772*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 773*0a6a1f1dSLionel Sambuc 774*0a6a1f1dSLionel Sambuc 775*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 776*0a6a1f1dSLionel Sambucosx.coreFoundation.CFError</span><span class="lang"> 777*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 778*0a6a1f1dSLionel SambucCheck usage of <code>CFErrorRef*</code> parameters.</div></div></td> 779*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 780*0a6a1f1dSLionel Sambuc<div class="example"><pre> 781*0a6a1f1dSLionel Sambucvoid test(CFErrorRef *error) { 782*0a6a1f1dSLionel Sambuc // warn: function accepting CFErrorRef* should have a 783*0a6a1f1dSLionel Sambuc // non-void return 784*0a6a1f1dSLionel Sambuc} 785*0a6a1f1dSLionel Sambuc</pre></div> 786*0a6a1f1dSLionel Sambuc<div class="example"><pre> 787*0a6a1f1dSLionel Sambucint foo(CFErrorRef *error) { 788*0a6a1f1dSLionel Sambuc *error = 0; // warn: potential null dereference 789*0a6a1f1dSLionel Sambuc return 0; 790*0a6a1f1dSLionel Sambuc} 791*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 792*0a6a1f1dSLionel Sambuc 793*0a6a1f1dSLionel Sambuc 794*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 795*0a6a1f1dSLionel Sambucosx.coreFoundation.CFNumber</span><span class="lang"> 796*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 797*0a6a1f1dSLionel SambucCheck for improper uses of <code>CFNumberCreate</code>.</div></div></td> 798*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 799*0a6a1f1dSLionel Sambuc<div class="example"><pre> 800*0a6a1f1dSLionel SambucCFNumberRef test(unsigned char x) { 801*0a6a1f1dSLionel Sambuc return CFNumberCreate(0, kCFNumberSInt16Type, &x); 802*0a6a1f1dSLionel Sambuc // warn: 8 bit integer is used to initialize a 16 bit integer 803*0a6a1f1dSLionel Sambuc} 804*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 805*0a6a1f1dSLionel Sambuc 806*0a6a1f1dSLionel Sambuc 807*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 808*0a6a1f1dSLionel Sambucosx.coreFoundation.CFRetainRelease</span><span class="lang"> 809*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 810*0a6a1f1dSLionel SambucCheck for null arguments to <code>CFRetain</code>, <code>CFRelease</code>, 811*0a6a1f1dSLionel Sambuc<code>CFMakeCollectable</code>.</div></div></td> 812*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 813*0a6a1f1dSLionel Sambuc<div class="example"><pre> 814*0a6a1f1dSLionel Sambucvoid test(CFTypeRef p) { 815*0a6a1f1dSLionel Sambuc if (!p) 816*0a6a1f1dSLionel Sambuc CFRetain(p); // warn 817*0a6a1f1dSLionel Sambuc} 818*0a6a1f1dSLionel Sambuc</pre></div> 819*0a6a1f1dSLionel Sambuc<div class="example"><pre> 820*0a6a1f1dSLionel Sambucvoid test(int x, CFTypeRef p) { 821*0a6a1f1dSLionel Sambuc if (p) 822*0a6a1f1dSLionel Sambuc return; 823*0a6a1f1dSLionel Sambuc 824*0a6a1f1dSLionel Sambuc CFRelease(p); // warn 825*0a6a1f1dSLionel Sambuc} 826*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 827*0a6a1f1dSLionel Sambuc 828*0a6a1f1dSLionel Sambuc 829*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 830*0a6a1f1dSLionel Sambucosx.coreFoundation.containers.OutOfBounds</span><span class="lang"> 831*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 832*0a6a1f1dSLionel SambucChecks for index out-of-bounds when using <code>CFArray</code> API.</div></div></td> 833*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 834*0a6a1f1dSLionel Sambuc<div class="example"><pre> 835*0a6a1f1dSLionel Sambucvoid test() { 836*0a6a1f1dSLionel Sambuc CFArrayRef A = CFArrayCreate(0, 0, 0, &kCFTypeArrayCallBacks); 837*0a6a1f1dSLionel Sambuc CFArrayGetValueAtIndex(A, 0); // warn 838*0a6a1f1dSLionel Sambuc} 839*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 840*0a6a1f1dSLionel Sambuc 841*0a6a1f1dSLionel Sambuc 842*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 843*0a6a1f1dSLionel Sambucosx.coreFoundation.containers.PointerSizedValues</span><span class="lang"> 844*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 845*0a6a1f1dSLionel SambucWarns if <code>CFArray</code>, <code>CFDictionary</code>, <code>CFSet</code> are 846*0a6a1f1dSLionel Sambuccreated with non-pointer-size values.</div></div></td> 847*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 848*0a6a1f1dSLionel Sambuc<div class="example"><pre> 849*0a6a1f1dSLionel Sambucvoid test() { 850*0a6a1f1dSLionel Sambuc int x[] = { 1 }; 851*0a6a1f1dSLionel Sambuc CFArrayRef A = CFArrayCreate(0, (const void **)x, 1, 852*0a6a1f1dSLionel Sambuc &kCFTypeArrayCallBacks); // warn 853*0a6a1f1dSLionel Sambuc} 854*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 855*0a6a1f1dSLionel Sambuc 856*0a6a1f1dSLionel Sambuc</tbody></table> 857*0a6a1f1dSLionel Sambuc 858*0a6a1f1dSLionel Sambuc<!------------------------------- security ------------------------------------> 859*0a6a1f1dSLionel Sambuc<h3 id="security_checkers">Security Checkers</h3> 860*0a6a1f1dSLionel Sambuc<table class="checkers"> 861*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 862*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 863*0a6a1f1dSLionel Sambuc 864*0a6a1f1dSLionel Sambuc<tbody> 865*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 866*0a6a1f1dSLionel Sambucsecurity.FloatLoopCounter</span><span class="lang"> 867*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 868*0a6a1f1dSLionel SambucWarn on using a floating point value as a loop counter (CERT: FLP30-C, 869*0a6a1f1dSLionel SambucFLP30-CPP).</div></div></td> 870*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 871*0a6a1f1dSLionel Sambuc<div class="example"><pre> 872*0a6a1f1dSLionel Sambucvoid test() { 873*0a6a1f1dSLionel Sambuc for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // warn 874*0a6a1f1dSLionel Sambuc} 875*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 876*0a6a1f1dSLionel Sambuc 877*0a6a1f1dSLionel Sambuc 878*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 879*0a6a1f1dSLionel Sambucsecurity.insecureAPI.UncheckedReturn</span><span class="lang"> 880*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 881*0a6a1f1dSLionel SambucWarn on uses of functions whose return values must be always checked:<div class=functions> 882*0a6a1f1dSLionel Sambucsetuid<br> 883*0a6a1f1dSLionel Sambucsetgid<br> 884*0a6a1f1dSLionel Sambucseteuid<br> 885*0a6a1f1dSLionel Sambucsetegid<br> 886*0a6a1f1dSLionel Sambucsetreuid<br> 887*0a6a1f1dSLionel Sambucsetregid</div></div></div></td> 888*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 889*0a6a1f1dSLionel Sambuc<div class="example"><pre> 890*0a6a1f1dSLionel Sambucvoid test() { 891*0a6a1f1dSLionel Sambuc setuid(1); // warn 892*0a6a1f1dSLionel Sambuc} 893*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 894*0a6a1f1dSLionel Sambuc 895*0a6a1f1dSLionel Sambuc 896*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 897*0a6a1f1dSLionel Sambucsecurity.insecureAPI.getpw</span><span class="lang"> 898*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 899*0a6a1f1dSLionel SambucWarn on uses of the <code>getpw</code> function.</div></div></td> 900*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 901*0a6a1f1dSLionel Sambuc<div class="example"><pre> 902*0a6a1f1dSLionel Sambucvoid test() { 903*0a6a1f1dSLionel Sambuc char buff[1024]; 904*0a6a1f1dSLionel Sambuc getpw(2, buff); // warn 905*0a6a1f1dSLionel Sambuc} 906*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 907*0a6a1f1dSLionel Sambuc 908*0a6a1f1dSLionel Sambuc 909*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 910*0a6a1f1dSLionel Sambucsecurity.insecureAPI.gets</span><span class="lang"> 911*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 912*0a6a1f1dSLionel SambucWarn on uses of the <code>gets</code> function.</div></div></td> 913*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 914*0a6a1f1dSLionel Sambuc<div class="example"><pre> 915*0a6a1f1dSLionel Sambucvoid test() { 916*0a6a1f1dSLionel Sambuc char buff[1024]; 917*0a6a1f1dSLionel Sambuc gets(buff); // warn 918*0a6a1f1dSLionel Sambuc} 919*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 920*0a6a1f1dSLionel Sambuc 921*0a6a1f1dSLionel Sambuc 922*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 923*0a6a1f1dSLionel Sambucsecurity.insecureAPI.mkstemp</span><span class="lang"> 924*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 925*0a6a1f1dSLionel SambucWarn when <code>mktemp</code>, <code>mkstemp</code>, <code>mkstemps</code> or 926*0a6a1f1dSLionel Sambuc<code>mkdtemp</code> is passed fewer than 6 927*0a6a1f1dSLionel SambucX's in the format string.</div></div></td> 928*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 929*0a6a1f1dSLionel Sambuc<div class="example"><pre> 930*0a6a1f1dSLionel Sambucvoid test() { 931*0a6a1f1dSLionel Sambuc mkstemp("XX"); // warn 932*0a6a1f1dSLionel Sambuc} 933*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 934*0a6a1f1dSLionel Sambuc 935*0a6a1f1dSLionel Sambuc 936*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 937*0a6a1f1dSLionel Sambucsecurity.insecureAPI.mktemp</span><span class="lang"> 938*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 939*0a6a1f1dSLionel SambucWarn on uses of the <code>mktemp</code> function.</div></div></td> 940*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 941*0a6a1f1dSLionel Sambuc<div class="example"><pre> 942*0a6a1f1dSLionel Sambucvoid test() { 943*0a6a1f1dSLionel Sambuc char *x = mktemp("/tmp/zxcv"); // warn: insecure, use mkstemp 944*0a6a1f1dSLionel Sambuc} 945*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 946*0a6a1f1dSLionel Sambuc 947*0a6a1f1dSLionel Sambuc 948*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 949*0a6a1f1dSLionel Sambucsecurity.insecureAPI.rand</span><span class="lang"> 950*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 951*0a6a1f1dSLionel SambucWarn on uses of inferior random number generating functions (only if <code>arc4random</code> 952*0a6a1f1dSLionel Sambucfunction is available):<div class=functions> 953*0a6a1f1dSLionel Sambucdrand48<br> 954*0a6a1f1dSLionel Sambucerand48<br> 955*0a6a1f1dSLionel Sambucjrand48<br> 956*0a6a1f1dSLionel Sambuclcong48<br> 957*0a6a1f1dSLionel Sambuclrand48<br> 958*0a6a1f1dSLionel Sambucmrand48<br> 959*0a6a1f1dSLionel Sambucnrand48<br> 960*0a6a1f1dSLionel Sambucrandom<br> 961*0a6a1f1dSLionel Sambucrand_r</div></div></div></td> 962*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 963*0a6a1f1dSLionel Sambuc<div class="example"><pre> 964*0a6a1f1dSLionel Sambucvoid test() { 965*0a6a1f1dSLionel Sambuc random(); // warn 966*0a6a1f1dSLionel Sambuc} 967*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 968*0a6a1f1dSLionel Sambuc 969*0a6a1f1dSLionel Sambuc 970*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 971*0a6a1f1dSLionel Sambucsecurity.insecureAPI.strcpy</span><span class="lang"> 972*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 973*0a6a1f1dSLionel SambucWarn on uses of the <code>strcpy</code> and <code>strcat</code> functions.</div></div></td> 974*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 975*0a6a1f1dSLionel Sambuc<div class="example"><pre> 976*0a6a1f1dSLionel Sambucvoid test() { 977*0a6a1f1dSLionel Sambuc char x[4]; 978*0a6a1f1dSLionel Sambuc char *y = "abcd"; 979*0a6a1f1dSLionel Sambuc 980*0a6a1f1dSLionel Sambuc strcpy(x, y); // warn 981*0a6a1f1dSLionel Sambuc} 982*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 983*0a6a1f1dSLionel Sambuc 984*0a6a1f1dSLionel Sambuc 985*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 986*0a6a1f1dSLionel Sambucsecurity.insecureAPI.vfork</span><span class="lang"> 987*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 988*0a6a1f1dSLionel SambucWarn on uses of the <code>vfork</code> function.</div></div></td> 989*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 990*0a6a1f1dSLionel Sambuc<div class="example"><pre> 991*0a6a1f1dSLionel Sambucvoid test() { 992*0a6a1f1dSLionel Sambuc vfork(); // warn 993*0a6a1f1dSLionel Sambuc} 994*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 995*0a6a1f1dSLionel Sambuc 996*0a6a1f1dSLionel Sambuc</tbody></table> 997*0a6a1f1dSLionel Sambuc 998*0a6a1f1dSLionel Sambuc<!--------------------------------- unix --------------------------------------> 999*0a6a1f1dSLionel Sambuc<h3 id="unix_checkers">Unix Checkers</h3> 1000*0a6a1f1dSLionel Sambuc<table class="checkers"> 1001*0a6a1f1dSLionel Sambuc<colgroup><col class="namedescr"><col class="example"></colgroup> 1002*0a6a1f1dSLionel Sambuc<thead><tr><td>Name, Description</td><td>Example</td></tr></thead> 1003*0a6a1f1dSLionel Sambuc 1004*0a6a1f1dSLionel Sambuc<tbody> 1005*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1006*0a6a1f1dSLionel Sambucunix.API</span><span class="lang"> 1007*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 1008*0a6a1f1dSLionel SambucCheck calls to various UNIX/POSIX functions:<div class=functions> 1009*0a6a1f1dSLionel Sambucopen<br> 1010*0a6a1f1dSLionel Sambucpthread_once<br> 1011*0a6a1f1dSLionel Sambuccalloc<br> 1012*0a6a1f1dSLionel Sambucmalloc<br> 1013*0a6a1f1dSLionel Sambucrealloc<br> 1014*0a6a1f1dSLionel Sambucalloca<br> 1015*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 1016*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1017*0a6a1f1dSLionel Sambuc// Currently the check is performed for apple targets only. 1018*0a6a1f1dSLionel Sambucvoid test(const char *path) { 1019*0a6a1f1dSLionel Sambuc int fd = open(path, O_CREAT); 1020*0a6a1f1dSLionel Sambuc // warn: call to 'open' requires a third argument when the 1021*0a6a1f1dSLionel Sambuc // 'O_CREAT' flag is set 1022*0a6a1f1dSLionel Sambuc} 1023*0a6a1f1dSLionel Sambuc</pre></div> 1024*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1025*0a6a1f1dSLionel Sambucvoid f(); 1026*0a6a1f1dSLionel Sambuc 1027*0a6a1f1dSLionel Sambucvoid test() { 1028*0a6a1f1dSLionel Sambuc pthread_once_t pred = {0x30B1BCBA, {0}}; 1029*0a6a1f1dSLionel Sambuc pthread_once(&pred, f); 1030*0a6a1f1dSLionel Sambuc // warn: call to 'pthread_once' uses the local variable 1031*0a6a1f1dSLionel Sambuc} 1032*0a6a1f1dSLionel Sambuc</pre></div> 1033*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1034*0a6a1f1dSLionel Sambucvoid test() { 1035*0a6a1f1dSLionel Sambuc void *p = malloc(0); // warn: allocation size of 0 bytes 1036*0a6a1f1dSLionel Sambuc} 1037*0a6a1f1dSLionel Sambuc</pre></div> 1038*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1039*0a6a1f1dSLionel Sambucvoid test() { 1040*0a6a1f1dSLionel Sambuc void *p = calloc(0, 42); // warn: allocation size of 0 bytes 1041*0a6a1f1dSLionel Sambuc} 1042*0a6a1f1dSLionel Sambuc</pre></div> 1043*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1044*0a6a1f1dSLionel Sambucvoid test() { 1045*0a6a1f1dSLionel Sambuc void *p = malloc(1); 1046*0a6a1f1dSLionel Sambuc p = realloc(p, 0); // warn: allocation size of 0 bytes 1047*0a6a1f1dSLionel Sambuc} 1048*0a6a1f1dSLionel Sambuc</pre></div> 1049*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1050*0a6a1f1dSLionel Sambucvoid test() { 1051*0a6a1f1dSLionel Sambuc void *p = alloca(0); // warn: allocation size of 0 bytes 1052*0a6a1f1dSLionel Sambuc} 1053*0a6a1f1dSLionel Sambuc</pre></div> 1054*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1055*0a6a1f1dSLionel Sambucvoid test() { 1056*0a6a1f1dSLionel Sambuc void *p = valloc(0); // warn: allocation size of 0 bytes 1057*0a6a1f1dSLionel Sambuc} 1058*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 1059*0a6a1f1dSLionel Sambuc 1060*0a6a1f1dSLionel Sambuc 1061*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1062*0a6a1f1dSLionel Sambucunix.Malloc</span><span class="lang"> 1063*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 1064*0a6a1f1dSLionel SambucCheck for memory leaks, double free, and use-after-free and offset problems 1065*0a6a1f1dSLionel Sambucinvolving <code>malloc</code>.</div></div></td> 1066*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 1067*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1068*0a6a1f1dSLionel Sambucvoid test() { 1069*0a6a1f1dSLionel Sambuc int *p = malloc(1); 1070*0a6a1f1dSLionel Sambuc free(p); 1071*0a6a1f1dSLionel Sambuc free(p); // warn: attempt to free released memory 1072*0a6a1f1dSLionel Sambuc} 1073*0a6a1f1dSLionel Sambuc</pre></div> 1074*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1075*0a6a1f1dSLionel Sambucvoid test() { 1076*0a6a1f1dSLionel Sambuc int *p = malloc(sizeof(int)); 1077*0a6a1f1dSLionel Sambuc free(p); 1078*0a6a1f1dSLionel Sambuc *p = 1; // warn: use after free 1079*0a6a1f1dSLionel Sambuc} 1080*0a6a1f1dSLionel Sambuc</pre></div> 1081*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1082*0a6a1f1dSLionel Sambucvoid test() { 1083*0a6a1f1dSLionel Sambuc int *p = malloc(1); 1084*0a6a1f1dSLionel Sambuc if (p) 1085*0a6a1f1dSLionel Sambuc return; // warn: memory is never released 1086*0a6a1f1dSLionel Sambuc} 1087*0a6a1f1dSLionel Sambuc</pre></div> 1088*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1089*0a6a1f1dSLionel Sambucvoid test() { 1090*0a6a1f1dSLionel Sambuc int a[] = { 1 }; 1091*0a6a1f1dSLionel Sambuc free(a); // warn: argument is not allocated by malloc 1092*0a6a1f1dSLionel Sambuc} 1093*0a6a1f1dSLionel Sambuc</pre></div> 1094*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1095*0a6a1f1dSLionel Sambucvoid test() { 1096*0a6a1f1dSLionel Sambuc int *p = malloc(sizeof(char)); 1097*0a6a1f1dSLionel Sambuc p = p - 1; 1098*0a6a1f1dSLionel Sambuc free(p); // warn: argument to free() is offset by -4 bytes 1099*0a6a1f1dSLionel Sambuc} 1100*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 1101*0a6a1f1dSLionel Sambuc 1102*0a6a1f1dSLionel Sambuc 1103*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1104*0a6a1f1dSLionel Sambucunix.MallocSizeof</span><span class="lang"> 1105*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 1106*0a6a1f1dSLionel SambucCheck for dubious <code>malloc</code>, <code>calloc</code> or 1107*0a6a1f1dSLionel Sambuc<code>realloc</code> arguments involving <code>sizeof</code>.</div></div></td> 1108*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 1109*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1110*0a6a1f1dSLionel Sambucvoid test() { 1111*0a6a1f1dSLionel Sambuc long *p = malloc(sizeof(short)); 1112*0a6a1f1dSLionel Sambuc // warn: result is converted to 'long *', which is 1113*0a6a1f1dSLionel Sambuc // incompatible with operand type 'short' 1114*0a6a1f1dSLionel Sambuc free(p); 1115*0a6a1f1dSLionel Sambuc} 1116*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 1117*0a6a1f1dSLionel Sambuc 1118*0a6a1f1dSLionel Sambuc 1119*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1120*0a6a1f1dSLionel Sambucunix.MismatchedDeallocator</span><span class="lang"> 1121*0a6a1f1dSLionel Sambuc(C, C++, ObjC)</span><div class="descr"> 1122*0a6a1f1dSLionel SambucCheck for mismatched deallocators (e.g. passing a pointer allocating 1123*0a6a1f1dSLionel Sambucwith <code>new</code> to <code>free()</code>).</div></div></td> 1124*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 1125*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1126*0a6a1f1dSLionel Sambuc// C, C++ 1127*0a6a1f1dSLionel Sambucvoid test() { 1128*0a6a1f1dSLionel Sambuc int *p = (int *)malloc(sizeof(int)); 1129*0a6a1f1dSLionel Sambuc delete p; // warn 1130*0a6a1f1dSLionel Sambuc} 1131*0a6a1f1dSLionel Sambuc</pre></div> 1132*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1133*0a6a1f1dSLionel Sambuc// C, C++ 1134*0a6a1f1dSLionel Sambucvoid __attribute((ownership_returns(malloc))) *user_malloc(size_t); 1135*0a6a1f1dSLionel Sambuc 1136*0a6a1f1dSLionel Sambucvoid test() { 1137*0a6a1f1dSLionel Sambuc int *p = (int *)user_malloc(sizeof(int)); 1138*0a6a1f1dSLionel Sambuc delete p; // warn 1139*0a6a1f1dSLionel Sambuc} 1140*0a6a1f1dSLionel Sambuc</pre></div> 1141*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1142*0a6a1f1dSLionel Sambuc// C, C++ 1143*0a6a1f1dSLionel Sambucvoid test() { 1144*0a6a1f1dSLionel Sambuc int *p = new int; 1145*0a6a1f1dSLionel Sambuc free(p); // warn 1146*0a6a1f1dSLionel Sambuc} 1147*0a6a1f1dSLionel Sambuc</pre></div> 1148*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1149*0a6a1f1dSLionel Sambuc// C, C++ 1150*0a6a1f1dSLionel Sambucvoid test() { 1151*0a6a1f1dSLionel Sambuc int *p = new int[1]; 1152*0a6a1f1dSLionel Sambuc realloc(p, sizeof(long)); // warn 1153*0a6a1f1dSLionel Sambuc} 1154*0a6a1f1dSLionel Sambuc</pre></div> 1155*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1156*0a6a1f1dSLionel Sambuc// C, C++ 1157*0a6a1f1dSLionel Sambuctemplate <typename T> 1158*0a6a1f1dSLionel Sambucstruct SimpleSmartPointer { 1159*0a6a1f1dSLionel Sambuc T *ptr; 1160*0a6a1f1dSLionel Sambuc 1161*0a6a1f1dSLionel Sambuc explicit SimpleSmartPointer(T *p = 0) : ptr(p) {} 1162*0a6a1f1dSLionel Sambuc ~SimpleSmartPointer() { 1163*0a6a1f1dSLionel Sambuc delete ptr; // warn 1164*0a6a1f1dSLionel Sambuc } 1165*0a6a1f1dSLionel Sambuc}; 1166*0a6a1f1dSLionel Sambuc 1167*0a6a1f1dSLionel Sambucvoid test() { 1168*0a6a1f1dSLionel Sambuc SimpleSmartPointer<int> a((int *)malloc(4)); 1169*0a6a1f1dSLionel Sambuc} 1170*0a6a1f1dSLionel Sambuc</pre></div> 1171*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1172*0a6a1f1dSLionel Sambuc// C++ 1173*0a6a1f1dSLionel Sambucvoid test() { 1174*0a6a1f1dSLionel Sambuc int *p = (int *)operator new(0); 1175*0a6a1f1dSLionel Sambuc delete[] p; // warn 1176*0a6a1f1dSLionel Sambuc} 1177*0a6a1f1dSLionel Sambuc</pre></div> 1178*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1179*0a6a1f1dSLionel Sambuc// Objective-C, C++ 1180*0a6a1f1dSLionel Sambucvoid test(NSUInteger dataLength) { 1181*0a6a1f1dSLionel Sambuc int *p = new int; 1182*0a6a1f1dSLionel Sambuc NSData *d = [NSData dataWithBytesNoCopy:p 1183*0a6a1f1dSLionel Sambuc length:sizeof(int) freeWhenDone:1]; 1184*0a6a1f1dSLionel Sambuc // warn +dataWithBytesNoCopy:length:freeWhenDone: cannot take 1185*0a6a1f1dSLionel Sambuc // ownership of memory allocated by 'new' 1186*0a6a1f1dSLionel Sambuc} 1187*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 1188*0a6a1f1dSLionel Sambuc 1189*0a6a1f1dSLionel Sambuc 1190*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1191*0a6a1f1dSLionel Sambucunix.cstring.BadSizeArg</span><span class="lang"> 1192*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 1193*0a6a1f1dSLionel SambucCheck the size argument passed to <code>strncat</code> for common erroneous 1194*0a6a1f1dSLionel Sambucpatterns. Use <code>-Wno-strncat-size</code> compiler option to mute other 1195*0a6a1f1dSLionel Sambuc<code>strncat</code>-related compiler warnings. 1196*0a6a1f1dSLionel Sambuc</div></div></td> 1197*0a6a1f1dSLionel Sambuc<td><div class="exampleContainer expandable"> 1198*0a6a1f1dSLionel Sambuc<div class="example"><pre> 1199*0a6a1f1dSLionel Sambucvoid test() { 1200*0a6a1f1dSLionel Sambuc char dest[3]; 1201*0a6a1f1dSLionel Sambuc strncat(dest, "***", sizeof(dest)); 1202*0a6a1f1dSLionel Sambuc // warn: potential buffer overflow 1203*0a6a1f1dSLionel Sambuc} 1204*0a6a1f1dSLionel Sambuc</pre></div></div></td></tr> 1205*0a6a1f1dSLionel Sambuc 1206*0a6a1f1dSLionel Sambuc 1207*0a6a1f1dSLionel Sambuc<tr><td><div class="namedescr expandable"><span class="name"> 1208*0a6a1f1dSLionel Sambucunix.cstring.NullArg</span><span class="lang"> 1209*0a6a1f1dSLionel Sambuc(C)</span><div class="descr"> 1210*0a6a1f1dSLionel SambucCheck for null pointers being passed as arguments to C string functions:<div class=functions> 1211*0a6a1f1dSLionel Sambucstrlen<br> 1212*0a6a1f1dSLionel Sambucstrnlen<br> 1213*0a6a1f1dSLionel Sambucstrcpy<br> 1214*0a6a1f1dSLionel Sambucstrncpy<br> 1215*0a6a1f1dSLionel Sambucstrcat<br> 1216*0a6a1f1dSLionel Sambucstrncat<br> 1217*0a6a1f1dSLionel Sambucstrcmp<br> 1218*0a6a1f1dSLionel Sambucstrncmp<br> 1219*0a6a1f1dSLionel Sambucstrcasecmp<br> 1220*0a6a1f1dSLionel Sambucstrncasecmp</div></div></div></td> 1221*0a6a1f1dSLionel Sambuc<td><div class="example"><pre> 1222*0a6a1f1dSLionel Sambucint test() { 1223*0a6a1f1dSLionel Sambuc return strlen(0); // warn 1224*0a6a1f1dSLionel Sambuc} 1225*0a6a1f1dSLionel Sambuc</pre></div></td></tr> 1226*0a6a1f1dSLionel Sambuc 1227*0a6a1f1dSLionel Sambuc</tbody></table> 1228*0a6a1f1dSLionel Sambuc 1229*0a6a1f1dSLionel Sambuc</div> <!-- page --> 1230*0a6a1f1dSLionel Sambuc</div> <!-- content --> 1231f4a2713aSLionel Sambuc</body> 1232f4a2713aSLionel Sambuc</html> 1233