├── Makefile
├── README.txt
├── doc
    ├── test.c
    ├── test.rule
    ├── writing-rules-1.pdf
    ├── writing-rules-2.pdf
    └── writing-rules-3.pdf
├── gen_rules.py
├── rules-c.in
├── rules-cpp.in
├── rules.in
├── rules.xml
└── tests
    ├── alloc.c
    ├── decl.c
    ├── env.c
    ├── expr.c
    ├── fio.c
    ├── int.c
    ├── misc.c
    ├── preproc.c
    ├── sig.c
    ├── str.c
    └── tmp.c


/Makefile:
--------------------------------------------------------------------------------
 1 | CHECK = ../cppcheck/cppcheck -q --rule-file=rules-c.xml --template=gcc --std=posix tests
 2 | 
 3 | all: rules.xml
 4 | 	@$(CHECK) 2> .test_result && diff .test_result test_result; rm .test_result
 5 | 
 6 | rules-c.xml:rules.in rules-c.in gen_rules.py
 7 | 	cat rules.in rules-c.in | @python gen_rules.py > $@
 8 | 
 9 | rules-cpp.xml:rules.in rules-cpp.in gen_rules.py
10 | 	cat rules.in rules-cpp.in | @python gen_rules.py  > $@
11 | 
12 | test_result: rules-c.xml rules-cpp.xml
13 | 	@$(CHECK) 2> test_result
14 | 


--------------------------------------------------------------------------------
/README.txt:
--------------------------------------------------------------------------------
1 | Based on CERT C Coding Standard
2 | 
3 | https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Coding+Standard
4 | 


--------------------------------------------------------------------------------
/doc/test.c:
--------------------------------------------------------------------------------
1 | void f() {
2 | 	if(af) free(af);
3 | 	if(af) free(a);
4 | }


--------------------------------------------------------------------------------
/doc/test.rule:
--------------------------------------------------------------------------------
1 | <?xml version="1.0"?>
2 | <rule>
3 | 	<pattern>if \( (\w+) \) { free \( \1 \) ; }</pattern>
4 | 	<message>
5 | 		<severity>style</severity>
6 | 		<summary>Redundant condition. It is valid to free a NULL pointer.</summary>
7 | 	</message>
8 | </rule>


--------------------------------------------------------------------------------
/doc/writing-rules-1.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/scriptum/cppcheck-rules/db6a5e18e983bb73b71cc049a4d697e0bafb885f/doc/writing-rules-1.pdf


--------------------------------------------------------------------------------
/doc/writing-rules-2.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/scriptum/cppcheck-rules/db6a5e18e983bb73b71cc049a4d697e0bafb885f/doc/writing-rules-2.pdf


--------------------------------------------------------------------------------
/doc/writing-rules-3.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/scriptum/cppcheck-rules/db6a5e18e983bb73b71cc049a4d697e0bafb885f/doc/writing-rules-3.pdf


--------------------------------------------------------------------------------
/gen_rules.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | #-*- coding:utf-8 -*-
 3 | 
 4 | import sys
 5 | 
 6 | step = 0
 7 | tokenlist = None
 8 | print '<?xml version="1.0"?>'
 9 | for line in sys.stdin:
10 | 	line = line.strip("\n\r")
11 | 	if line.strip() == "" or line.strip()[:2] == "//":
12 | 		next
13 | 	ll = line.split() or [line]
14 | 	l = ll[0].strip()
15 | 	if l in ["style", "warning", "performance", "portability", "information", "error"]:
16 | 		severity = l
17 | 		step = 0
18 | 		tokenlist = None
19 | 		if len(ll) > 1:
20 | 			tokenlist = ll[1]
21 | 	else:
22 | 		step += 1
23 | 		if step == 2:
24 | 			summary = line
25 | 			print "<rule>"
26 | 			if tokenlist:
27 | 				print "\t<tokenlist>%s</tokenlist>" % tokenlist
28 | 			print "\t<pattern><![CDATA[%s]]></pattern>" % pattern
29 | 			print "\t<message>"
30 | 			print "\t\t<severity>%s</severity>" % severity
31 | 			if summary == "none":
32 | 				print "\t\t<summary/>"
33 | 			else:
34 | 				print "\t\t<summary>%s</summary>" % summary
35 | 			print "\t</message>"
36 | 			print "</rule>"
37 | 		else:
38 | 			pattern = line
39 | 


--------------------------------------------------------------------------------
/rules-c.in:
--------------------------------------------------------------------------------
1 | style raw
2 | \( \) {
3 | DCL20-C. Always specify void even if a function accepts no arguments
4 | 


--------------------------------------------------------------------------------
/rules-cpp.in:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/scriptum/cppcheck-rules/db6a5e18e983bb73b71cc049a4d697e0bafb885f/rules-cpp.in


--------------------------------------------------------------------------------
/rules.in:
--------------------------------------------------------------------------------
  1 | style simple
  2 | if \( (\b\w+\b) \) { (?:g_)?free \( \b\1\b \) ; }
  3 | Redundant condition. It is valid to free a NULL pointer.
  4 | 
  5 | warning
  6 | \bsystem \(
  7 | ENV04-C. Do not call system() if you do not need a command processor
  8 | 
  9 | //style define
 10 | //(\+\+|\-\-)
 11 | //Increment/decrement external variables inside define may have side effects. Prefer static inline functions.
 12 | 
 13 | // Too many false-positives
 14 | //style define
 15 | //#define \w+ \( [^)]*(\b\w+\b) \) .*[^(,] \1 [^),]
 16 | //Better wrap variables in define into ()
 17 | 
 18 | style define
 19 | #define \w+ (?:const\s+)?(?:char|int|short|unsigned|unsigned int |float|double)(?: [*]+)?$
 20 | PRE03-C. Prefer typedefs to defines for encoding types
 21 | 
 22 | style raw
 23 | [?][?][=!('>/<-]
 24 | PRE07-C. Avoid using repeated question marks
 25 | 
 26 | //style define
 27 | //#define \w+ \(.*?\) (?<!do).*{
 28 | //none
 29 | 
 30 | style raw
 31 | (?:char|int) \*+ \w+ , \w+ [^)]+;
 32 | DCL04-C. Do not declare more than one variable per declaration
 33 | 
 34 | style raw
 35 | typedef [^;{}()]+ \* [^;{}()]* ;
 36 | DCL05-C. Use typedefs of non-pointer types only
 37 | 
 38 | style
 39 | (?:(\b\w+\b) [+-] sizeof \( \b\1\b \)|sizeof \( (\b\w+\b) \) [+-] \b\1\b)
 40 | EXP08-C. Ensure pointer arithmetic is used correctly
 41 | 
 42 | warning raw
 43 | sizeof \( [^)]*(?:\w+ [+-]{2}|[+-]{2} \w+)[^)]* \)
 44 | EXP06-C. Operands to the sizeof operator should not contain side effects
 45 | 
 46 | warning raw
 47 | if [^{};]*(&&|\|\|)\W*(?:\b\w+\b [+-]{2}|[+-]{2} \b\w+\b)
 48 | EXP02-A. The second operands of the logical AND and OR operators should not contain side effects
 49 | 
 50 | warning raw
 51 | memcmp [^{};]* sizeof \( struct \w+ \)
 52 | EXP04-A. Do not perform byte-by-byte comparisons between structures
 53 | 
 54 | warning raw
 55 | (?<![>.] )(\b\w+\b)[^{};()'"]*[\[+,*/=-][^{};()'"]*(?:\b\1\b [+-]{2}|[+-]{2} \b\1\b)
 56 | EXP30-C. Do not depend on order of evaluation between sequence points
 57 | 
 58 | error normal
 59 | strncpy \( (\w+) , \w+ , sizeof \( \1 \) \)
 60 | The result of strncpy(a, b, sizeof(a)) will not be null-terminated
 61 | 
 62 | style raw
 63 | (?<!const) (?:unsigned )?(?:char \* \w+|char \w+ \[ \]) = "
 64 | STR05-A. Prefer making string literals const-qualified
 65 | 
 66 | error
 67 | mktemp \( "[^"]+" \)
 68 | The mktemp() function modifies its string argument
 69 | 
 70 | error
 71 | strcpy \( \w+ , getenv \( "[^"]+" \) \)
 72 | Buffer overrun possible for long environment variables.
 73 | 
 74 | error
 75 |  gets \( 
 76 | The gets() function is obsolescent, and is deprecated
 77 | 
 78 | warning
 79 |  rewind \( 
 80 | rewind() cannot report about errors, use fseek
 81 | 
 82 | style
 83 |  (?:ato[lif] \( |atoll \( )
 84 | ato*() cannot report about errors, use strtol
 85 | 
 86 | warning
 87 | (?: \+ = sn?printf| \+ sn?printf)
 88 | The snprintf() funciton can return -1
 89 | 
 90 | style
 91 |  v?sprintf \( 
 92 | Avoid using sprintf/vsprintf
 93 | 
 94 | warning
 95 |  f?open \( "/tmp/[^"]+" , 
 96 | TMP30-C. Temporary files must created with unique and unpredictable file names
 97 | 
 98 | warning
 99 |  mktemp \(
100 | The mktemp() function was marked LEGACY in the Open Group Base Specifications Issue 6
101 | 
102 | warning
103 |  signal \( [^,]+ , ([^,]+) \).* signal \( [^,]+ , \1 \)
104 | SIG00-A. Avoid using the same handler for multiple signals
105 | 
106 | warning raw
107 |  if \( \w+ = \w+ \) { 
108 | Maybe here should be == operator?
109 | 
110 | warning
111 |  if \( [^{}]+ \) { ; } { 
112 | The { } block is always executed because of the ";" following the if statement
113 | 
114 | warning
115 |  vfork \( 
116 | Using the vfork function could result in a denial of service vulnerability
117 | 
118 | warning simple
119 | = (?:g_)?getenv \( "[^"]+" \) ;[^()]+?(?:g_)?(?:get|set|unset|put)env
120 | The string pointed to by the return value of getenv() can be  modified by a subsequent call to getenv, putenv, setenv, or unsetenv
121 | 


--------------------------------------------------------------------------------
/rules.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <rule>
  3 | 	<tokenlist>simple</tokenlist>
  4 | 	<pattern><![CDATA[if \( (\b\w+\b) \) { (?:g_)?free \( \b\1\b \) ; }]]></pattern>
  5 | 	<message>
  6 | 		<severity>style</severity>
  7 | 		<summary>Redundant condition. It is valid to free a NULL pointer.</summary>
  8 | 	</message>
  9 | </rule>
 10 | <rule>
 11 | 	<pattern><![CDATA[\bsystem \(]]></pattern>
 12 | 	<message>
 13 | 		<severity>warning</severity>
 14 | 		<summary>ENV04-C. Do not call system() if you do not need a command processor</summary>
 15 | 	</message>
 16 | </rule>
 17 | <rule>
 18 | 	<tokenlist>define</tokenlist>
 19 | 	<pattern><![CDATA[#define \w+ (?:const\s+)?(?:char|int|short|unsigned|unsigned int |float|double)(?: [*]+)?$]]></pattern>
 20 | 	<message>
 21 | 		<severity>style</severity>
 22 | 		<summary>PRE03-C. Prefer typedefs to defines for encoding types</summary>
 23 | 	</message>
 24 | </rule>
 25 | <rule>
 26 | 	<tokenlist>raw</tokenlist>
 27 | 	<pattern><![CDATA[[?][?][=!('>/<-]]]></pattern>
 28 | 	<message>
 29 | 		<severity>style</severity>
 30 | 		<summary>PRE07-C. Avoid using repeated question marks</summary>
 31 | 	</message>
 32 | </rule>
 33 | <rule>
 34 | 	<tokenlist>raw</tokenlist>
 35 | 	<pattern><![CDATA[(?:char|int) \*+ \w+ , \w+ [^)]+;]]></pattern>
 36 | 	<message>
 37 | 		<severity>style</severity>
 38 | 		<summary>DCL04-C. Do not declare more than one variable per declaration</summary>
 39 | 	</message>
 40 | </rule>
 41 | <rule>
 42 | 	<tokenlist>raw</tokenlist>
 43 | 	<pattern><![CDATA[typedef [^;{}()]+ \* [^;{}()]* ;]]></pattern>
 44 | 	<message>
 45 | 		<severity>style</severity>
 46 | 		<summary>DCL05-C. Use typedefs of non-pointer types only</summary>
 47 | 	</message>
 48 | </rule>
 49 | <rule>
 50 | 	<tokenlist>raw</tokenlist>
 51 | 	<pattern><![CDATA[\( \) {]]></pattern>
 52 | 	<message>
 53 | 		<severity>style</severity>
 54 | 		<summary>DCL20-C. Always specify void even if a function accepts no arguments</summary>
 55 | 	</message>
 56 | </rule>
 57 | <rule>
 58 | 	<pattern><![CDATA[(?:(\b\w+\b) [+-] sizeof \( \b\1\b \)|sizeof \( (\b\w+\b) \) [+-] \b\1\b)]]></pattern>
 59 | 	<message>
 60 | 		<severity>style</severity>
 61 | 		<summary>EXP08-C. Ensure pointer arithmetic is used correctly</summary>
 62 | 	</message>
 63 | </rule>
 64 | <rule>
 65 | 	<tokenlist>raw</tokenlist>
 66 | 	<pattern><![CDATA[sizeof \( [^)]*(?:\w+ [+-]{2}|[+-]{2} \w+)[^)]* \)]]></pattern>
 67 | 	<message>
 68 | 		<severity>warning</severity>
 69 | 		<summary>EXP06-C. Operands to the sizeof operator should not contain side effects</summary>
 70 | 	</message>
 71 | </rule>
 72 | <rule>
 73 | 	<tokenlist>raw</tokenlist>
 74 | 	<pattern><![CDATA[if [^{};]*(&&|\|\|)\W*(?:\b\w+\b [+-]{2}|[+-]{2} \b\w+\b)]]></pattern>
 75 | 	<message>
 76 | 		<severity>warning</severity>
 77 | 		<summary>EXP02-A. The second operands of the logical AND and OR operators should not contain side effects</summary>
 78 | 	</message>
 79 | </rule>
 80 | <rule>
 81 | 	<tokenlist>raw</tokenlist>
 82 | 	<pattern><![CDATA[memcmp [^{};]* sizeof \( struct \w+ \)]]></pattern>
 83 | 	<message>
 84 | 		<severity>warning</severity>
 85 | 		<summary>EXP04-A. Do not perform byte-by-byte comparisons between structures</summary>
 86 | 	</message>
 87 | </rule>
 88 | <rule>
 89 | 	<tokenlist>raw</tokenlist>
 90 | 	<pattern><![CDATA[(?<![>.] )(\b\w+\b)[^{};()'"]*[\[+,*/=-][^{};()'"]*(?:\b\1\b [+-]{2}|[+-]{2} \b\1\b)]]></pattern>
 91 | 	<message>
 92 | 		<severity>warning</severity>
 93 | 		<summary>EXP30-C. Do not depend on order of evaluation between sequence points</summary>
 94 | 	</message>
 95 | </rule>
 96 | <rule>
 97 | 	<tokenlist>normal</tokenlist>
 98 | 	<pattern><![CDATA[strncpy \( (\w+) , \w+ , sizeof \( \1 \) \)]]></pattern>
 99 | 	<message>
100 | 		<severity>error</severity>
101 | 		<summary>The result of strncpy(a, b, sizeof(a)) will not be null-terminated</summary>
102 | 	</message>
103 | </rule>
104 | <rule>
105 | 	<tokenlist>raw</tokenlist>
106 | 	<pattern><![CDATA[(?<!const) (?:unsigned )?(?:char \* \w+|char \w+ \[ \]) = "]]></pattern>
107 | 	<message>
108 | 		<severity>style</severity>
109 | 		<summary>STR05-A. Prefer making string literals const-qualified</summary>
110 | 	</message>
111 | </rule>
112 | <rule>
113 | 	<pattern><![CDATA[mktemp \( "[^"]+" \)]]></pattern>
114 | 	<message>
115 | 		<severity>error</severity>
116 | 		<summary>The mktemp() function modifies its string argument</summary>
117 | 	</message>
118 | </rule>
119 | <rule>
120 | 	<pattern><![CDATA[strcpy \( \w+ , getenv \( "[^"]+" \) \)]]></pattern>
121 | 	<message>
122 | 		<severity>error</severity>
123 | 		<summary>Buffer overrun possible for long environment variables.</summary>
124 | 	</message>
125 | </rule>
126 | <rule>
127 | 	<pattern><![CDATA[ gets \( ]]></pattern>
128 | 	<message>
129 | 		<severity>error</severity>
130 | 		<summary>The gets() function is obsolescent, and is deprecated</summary>
131 | 	</message>
132 | </rule>
133 | <rule>
134 | 	<pattern><![CDATA[ rewind \( ]]></pattern>
135 | 	<message>
136 | 		<severity>warning</severity>
137 | 		<summary>rewind() cannot report about errors, use fseek</summary>
138 | 	</message>
139 | </rule>
140 | <rule>
141 | 	<pattern><![CDATA[ (?:ato[lif] \( |atoll \( )]]></pattern>
142 | 	<message>
143 | 		<severity>style</severity>
144 | 		<summary>ato*() cannot report about errors, use strtol</summary>
145 | 	</message>
146 | </rule>
147 | <rule>
148 | 	<pattern><![CDATA[(?: \+ = sn?printf| \+ sn?printf)]]></pattern>
149 | 	<message>
150 | 		<severity>warning</severity>
151 | 		<summary>The snprintf() funciton can return -1</summary>
152 | 	</message>
153 | </rule>
154 | <rule>
155 | 	<pattern><![CDATA[ v?sprintf \( ]]></pattern>
156 | 	<message>
157 | 		<severity>style</severity>
158 | 		<summary>Avoid using sprintf/vsprintf</summary>
159 | 	</message>
160 | </rule>
161 | <rule>
162 | 	<pattern><![CDATA[ f?open \( "/tmp/[^"]+" , ]]></pattern>
163 | 	<message>
164 | 		<severity>warning</severity>
165 | 		<summary>TMP30-C. Temporary files must created with unique and unpredictable file names</summary>
166 | 	</message>
167 | </rule>
168 | <rule>
169 | 	<pattern><![CDATA[ mktemp \(]]></pattern>
170 | 	<message>
171 | 		<severity>warning</severity>
172 | 		<summary>The mktemp() function was marked LEGACY in the Open Group Base Specifications Issue 6</summary>
173 | 	</message>
174 | </rule>
175 | <rule>
176 | 	<pattern><![CDATA[ signal \( [^,]+ , ([^,]+) \).* signal \( [^,]+ , \1 \)]]></pattern>
177 | 	<message>
178 | 		<severity>warning</severity>
179 | 		<summary>SIG00-A. Avoid using the same handler for multiple signals</summary>
180 | 	</message>
181 | </rule>
182 | <rule>
183 | 	<tokenlist>raw</tokenlist>
184 | 	<pattern><![CDATA[ if \( \w+ = \w+ \) { ]]></pattern>
185 | 	<message>
186 | 		<severity>warning</severity>
187 | 		<summary>Maybe here should be == operator?</summary>
188 | 	</message>
189 | </rule>
190 | <rule>
191 | 	<pattern><![CDATA[ if \( [^{}]+ \) { ; } { ]]></pattern>
192 | 	<message>
193 | 		<severity>warning</severity>
194 | 		<summary>The { } block is always executed because of the ";" following the if statement</summary>
195 | 	</message>
196 | </rule>
197 | <rule>
198 | 	<pattern><![CDATA[ vfork \( ]]></pattern>
199 | 	<message>
200 | 		<severity>warning</severity>
201 | 		<summary>Using the vfork function could result in a denial of service vulnerability</summary>
202 | 	</message>
203 | </rule>
204 | <rule>
205 | 	<tokenlist>simple</tokenlist>
206 | 	<pattern><![CDATA[= (?:g_)?getenv \( "[^"]+" \) ;[^()]+?(?:g_)?(?:get|set|unset|put)env]]></pattern>
207 | 	<message>
208 | 		<severity>warning</severity>
209 | 		<summary>The string pointed to by the return value of getenv() can be  modified by a subsequent call to getenv, putenv, setenv, or unsetenv</summary>
210 | 	</message>
211 | </rule>
212 | 


--------------------------------------------------------------------------------
/tests/alloc.c:
--------------------------------------------------------------------------------
1 | void f()
2 | {
3 |     malloc(1);
4 | }


--------------------------------------------------------------------------------
/tests/decl.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * DCL04-C. Do not declare more than one variable per declaration
 3 |  * */
 4 | 
 5 | 
 6 | char *src = 0, c = 0;
 7 | 
 8 | /*
 9 |  * DCL05-C. Use typedefs of non-pointer types only
10 |  * */
11 | 
12 | struct obj {
13 |   int i;
14 |   float f;
15 | };
16 | typedef struct obj *ObjectPtr;
17 | 
18 | /*
19 |  * DCL20-C. Always specify void even if a function accepts no arguments
20 |  * */
21 | 
22 | /* In foo.h */
23 | void foo();
24 |  
25 | /* In foo.c */
26 | void foo() {
27 |   int i = 3;
28 |   printf("i value: %d\n", i);
29 | }
30 |  
31 | /* In caller.c */
32 | #include "foo.h"
33 |  
34 | foo(3);
35 | 
36 | /* ok */
37 | 
38 | /* In foo.h */
39 | void foo(void);
40 |  
41 | /* In foo.c */
42 | void foo(void) {
43 |   int i = 3;
44 |   printf("i value: %d\n", i);
45 | }
46 |  
47 | /* In caller.c */
48 | #include "foo.h"
49 |  
50 | foo(3);


--------------------------------------------------------------------------------
/tests/env.c:
--------------------------------------------------------------------------------
 1 | /* 
 2 |  * ENV03-C. Sanitize the environment when invoking external programs 
 3 |  * ENV04-C. Do not call system() if you do not need a command processor
 4 |  * */
 5 | 
 6 | if (system("/bin/ls dir.`date +%Y%m%d`") == -1) {
 7 |   /* Handle error */
 8 | }
 9 | 
10 | char *a = getenv("HOME");
11 | char *b = getenv("PATH");
12 | 
13 | char *c = strdup(getenv("PATH"));


--------------------------------------------------------------------------------
/tests/expr.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * EXP08-C. Ensure pointer arithmetic is used correctly
  3 |  * */
  4 | 
  5 | int buf[INTBUFSIZE];
  6 | int *buf_ptr = buf;
  7 |  
  8 | while (havedata() && buf_ptr < (buf + sizeof(buf))) {
  9 |   *buf_ptr++ = parseint(getdata());
 10 | }
 11 | 
 12 | /*
 13 |  * EXP06-C. Operands to the sizeof operator should not contain side effects
 14 |  * */
 15 | 
 16 | int a = 14;
 17 | int b = sizeof(a++);
 18 | 
 19 | 
 20 | /*
 21 |  * EXP02-A. The second operands of the logical AND and OR operators should
 22 | not contain side effects
 23 |  * */
 24 | 
 25 | 
 26 | int i;
 27 | int max;
 28 | if ( (i >= 0 && (i++) <= max) ) {
 29 | /* code */
 30 | }
 31 | 
 32 | /*
 33 |  * EXP04-A. Do not perform byte-by-byte comparisons between structures
 34 |  * */
 35 | 
 36 | struct my_buf {
 37 |   size_t size;
 38 |   char buffer[50];
 39 | };
 40 | unsigned int buf_compare(struct my_buf *s1, struct my_buf *s2) {
 41 |   if (!memcmp(s1, s2, sizeof(struct my_struct))) {
 42 |   return 1;
 43 |   }
 44 |   return 0;
 45 | }
 46 | 
 47 | /*
 48 |  * EXP30-C. Do not depend on order of evaluation between sequence points
 49 |  * */
 50 | 
 51 | a = i + b[++i];
 52 | i = ++i + 1;
 53 | a[i++] = i;
 54 | func(i++, i);
 55 | 
 56 | /*
 57 |  * EXP31-C. Do not modify constant values
 58 |  * */
 59 | 
 60 | char const **cpp;
 61 | char *cp;
 62 | char const c = 'A';
 63 | cpp = &cp; /* constraint violation */
 64 | *cpp = &c; /* valid */
 65 | *cp = 'B'; /* valid */
 66 | 
 67 | /*
 68 |  * EXP32-C. Do not access a volatile object through a non-volatile reference
 69 |  * */
 70 | 
 71 | static volatile int **ipp;
 72 | static int *ip;
 73 | static volatile int i = 0;
 74 | printf("i = %d.\n", i);
 75 | ipp = &ip; /* constraint violation */
 76 | *ipp = &i; /* valid */
 77 | if (*ip != 0) { /* valid */
 78 | /* ... */
 79 | }
 80 | 
 81 | /*
 82 |  * EXP33-C. Do not reference uninitialized variables
 83 |  * */
 84 | 
 85 | void set_flag(int number, int *sign_flag) {
 86 | if (number > 0) {
 87 | *sign_flag = 1;
 88 | }
 89 | else if (number < 0) {
 90 | *sign_flag = -1;
 91 | }
 92 | }
 93 | void func(int number) {
 94 | int sign;
 95 | set_flag(number,&sign);
 96 | /* ... */
 97 | }
 98 | 
 99 | 
100 | int do_auth(void) {
101 |   char username[MAX_USER];
102 |   char password[MAX_PASS];
103 |   puts("Please enter your username: ");
104 |   fgets(username, MAX_USER, stdin);
105 |   puts("Please enter your password: ");
106 |   fgets(password, MAX_PASS, stdin);
107 |   if (!strcmp(username, "user") && !strcmp(password, "password")) {
108 |     return 0;
109 |   }
110 |   return -1;
111 | }
112 | void log_error(char *msg) {
113 |   char *err;
114 |   char *log;
115 |   char buffer[24];
116 |   sprintf(buffer, "Error: %s", log);
117 |   printf("%s\n", buffer);
118 | }
119 | int main(void) {
120 |   if (do_auth() == -1) {
121 |   log_error("Unable to login");
122 |   }
123 |   return 0;
124 | }
125 | 
126 | /*
127 |  * EXP35-C. Do not access or modify the result of a function call after a subsequent sequence point
128 |  * */
129 | 
130 | #include <stdio.h>
131 | struct X { char a[6]; };
132 | struct X addressee() {
133 |   struct X result = { "world" };
134 |   return result;
135 | }
136 | int main(void) {
137 | printf("Hello, %s!\n", addressee().a);
138 | return 0;
139 | }
140 | 
141 | /*
142 |  * EXP36-C. Do not cast between pointers to objects or types with differing alignments
143 |  * */
144 | 
145 | char *loop_ptr;
146 | int *int_ptr;
147 | int *loop_function(void *v_pointer){
148 | return v_pointer;
149 | }
150 | int_ptr = loop_function(loop_ptr);
151 | 
152 | 
153 | /* good */
154 | ad->pos = ad->constrained = pos--;
155 | 


--------------------------------------------------------------------------------
/tests/fio.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * FIO33-C. Detect and handle input output errors resulting in undefined behavior
 3 |  * */
 4 | 
 5 | #include <stdio.h>
 6 |  
 7 | int fmt_data(char *buffer, size_t bufsize, char *s, char c,
 8 |              int i, float fp) {
 9 |   int j;
10 |  
11 |   j = snprintf(buffer, bufsize, " String:    %s\n", s);
12 |   j += snprintf(buffer + j, bufsize - j, " Character: %c\n",
13 |                 (unsigned char)c);
14 |   j += snprintf(buffer + j, bufsize - j, " Integer:   %d\n",
15 |                 i);
16 |   j += snprintf(buffer + j, bufsize - j, " Real:      %f\n",
17 |                 fp);
18 |  
19 |   return j;
20 | }
21 | 


--------------------------------------------------------------------------------
/tests/int.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * INT01-A. Use size_t for all integer values representing the size of an object
 3 |  * */
 4 | 
 5 | char *copy(size_t n, char *str) {
 6 |   int i;
 7 |   if(p == NULL) {
 8 |   /* Handle malloc failure */
 9 |   }
10 |   for ( i = 0; i < n; ++i ) {
11 |   p[i] = *str++;
12 |   }
13 |   p[i] = '\0';
14 |   return p;
15 | }
16 | char *p = copy(SIZE_MAX, argv[1]);
17 | 
18 | #define BUFF_SIZE 10
19 | int main(int argc, char *argv[]){
20 | int size;
21 | char buf[BUFF_SIZE];
22 | size= atoi(argv[1]);
23 | if (size <= BUFF_SIZE){
24 | memcpy(buf, argv[2], size);
25 | }
26 | }
27 | 
28 | void *alloc(unsigned int blocksize) {
29 |   return malloc(blocksize);
30 | }
31 | int read_counted_string(int fd) {
32 |   unsigned long length;
33 |   unsigned char *data;
34 |   if (read_integer_from_network(fd, &length) < 0) {
35 |   return -1;
36 |   }
37 |   if (length + 1 == 0) {
38 |   /* handle integer overflow */
39 |   }
40 |   data = alloc(length + 1);
41 |   if (read_network_data(fd, data, length) < 0) {
42 |   free(data);
43 |   return -1;
44 |   }
45 |   /* ... */
46 | }
47 | 


--------------------------------------------------------------------------------
/tests/misc.c:
--------------------------------------------------------------------------------
1 | if (a == b); {
2 | 	puts("Hello");
3 | }
4 | 
5 | if (a = b) {
6 | 	puts("Hello");
7 | }
8 | 


--------------------------------------------------------------------------------
/tests/preproc.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PRE00-C. Prefer inline or static functions to function-like macros
 3 |  * */
 4 | 
 5 | #define CUBE(X) ((X) * (X) * (X))
 6 | /* ... */
 7 | int i = 2;
 8 | int a = 81 / CUBE(++i);
 9 | 
10 | 
11 | 
12 | size_t count = 0;
13 | /* bad */
14 | #define EXEC_BUMP(func) (func(), ++count)
15 |  
16 | void g(void) {
17 |   printf("Called g, count = %zu.\n", count);
18 | }
19 |  
20 | void aFunc(void) {
21 |   size_t count = 0;
22 |   while (count++ < 10) {
23 |     EXEC_BUMP(g);
24 |   }
25 | }
26 | 
27 | /*
28 |  * PRE01-C. Use parentheses within macros around parameter names
29 |  * */
30 | 
31 | /* bad */
32 | #define foreach_c_array(item, array, len) for (item = array; item < &array[len]; item++)
33 | 
34 | /* good */
35 | #define EMPTY(ptr)	(!(ptr) || !*(ptr))
36 | #define FOO(a,b,c)	foo(a,b,c)
37 | 
38 | /*
39 |  * PRE03-C. Prefer typedefs to defines for encoding types
40 |  * */
41 | 
42 | #define cstring char * 
43 | cstring s1, s2;
44 | 
45 | /*
46 |  * PRE04-C. Do not reuse a standard header file name
47 |  * */
48 | 
49 | #include "stdio.h"
50 | 
51 | /*
52 |  * PRE07-C. Avoid using repeated question marks
53 |  * */
54 | size_t i = /* Some initial value */;
55 | if (i > 9000) {
56 |    if (puts("Over 9000!??!") == EOF) {
57 |      /* Handle error */
58 |    }
59 | }
60 | 
61 | /* 
62 |  * PRE10-C. Wrap multistatement macros in a do-while loop 
63 |  * */
64 | 
65 | #define SWAP(x, y)                                                             \
66 |   tmp = x; \
67 |   x = y; \
68 |   y = tmp
69 | 
70 | #define SWAP(x, y)                                                             \
71 |   do { \
72 |     tmp = x; \
73 |     x = y; \
74 |     y = tmp; } \
75 |   while (0)
76 | 


--------------------------------------------------------------------------------
/tests/sig.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * SIG00-A. Avoid using the same handler for multiple signals
 3 |  * */
 4 | 
 5 | #include <signal.h>
 6 | #include <stdlib.h>
 7 | #include <string.h>
 8 | volatile sig_atomic_t sig1 = 0;
 9 | volatile sig_atomic_t sig2 = 0;
10 | void handler(int signum) {
11 | if (sig1) {
12 | sig2 = 1;
13 | }
14 | if (signum == SIGUSR1) {
15 | sig1 = 1;
16 | }
17 | }
18 | int main(void) {
19 | signal(SIGUSR1, handler);
20 | signal(SIGUSR2, handler);
21 | while (1) {
22 | if (sig2) break;
23 | sleep(SLEEP_TIME);
24 | }
25 | /* ... */
26 | return 0;
27 | }
28 | 


--------------------------------------------------------------------------------
/tests/str.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * STR03-A. Do not inadvertently truncate a null terminated byte string
 3 |  * */
 4 | 
 5 | char *string_data;
 6 | char a[16];
 7 | /* ... */
 8 | strncpy(a, string_data, sizeof(a));
 9 | 
10 | /*
11 |  * STR05-A. Prefer making string literals const-qualified
12 |  * */
13 | 
14 | /* bad */
15 | char *c = "Hello";
16 | char c2[] = "Hello";
17 | 
18 | /* good */
19 | const char *s = "Hello";
20 | 
21 | /*
22 |  * STR30-C. Do not attempt to modify string literals
23 |  * */
24 | 
25 | mktemp("/tmp/edXXXXXX");
26 | 
27 | /*
28 |  * STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
29 |  * */
30 | 
31 | char dest[512];
32 | for (int i=0; (i < sizeof(dest)); i++) {
33 | 	dest[i] = src[i];
34 | }
35 | dest[i] = '\0';
36 | 
37 | int main(int argc, char *argv[]) {
38 | /* ... */
39 | char prog_name[128];
40 | strcpy(prog_name, argv[0]);
41 | /* ... */
42 | }
43 | 
44 | 
45 | char buff[256];
46 | strcpy(buff, getenv("EDITOR"));
47 | 
48 | /*
49 |  * STR32-C. Guarantee that all byte strings are null-terminated
50 |  * */
51 | 
52 | char a[16];
53 | strncpy(a, "0123456789abcdef", sizeof(a));
54 | 
55 | /* good */
56 | 
57 | char a[16];
58 | strncpy(a, "0123456789abcdef", sizeof(a)-1);
59 | a[sizeof(a)-1] = '\0';
60 | 
61 | /* good */
62 | strncpy (result, start, length);
63 | result [length] = '\0';
64 | 
65 | /* baaaad */
66 | 
67 | char buf[BUFSIZ];
68 | gets(buf);
69 | 
70 | 


--------------------------------------------------------------------------------
/tests/tmp.c:
--------------------------------------------------------------------------------
1 | /*
2 |  * TMP30-C. Temporary files must created with unique and unpredictable file names
3 |  * */
4 | 
5 | FILE *fp = fopen("/tmp/some_file", "w");
6 | 
7 | int fd = open("/tmp/some_file", O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, 0600);
8 | 
9 | 


--------------------------------------------------------------------------------