RuleDescriptionKPI
arrayIndexOutOfBoundsArray ‘array[2]’ index array[1][1] out of bounds.Robustness
assignBoolToPointerBoolean value assigned to pointer.Robustness
autoVariablesDangerous assignment – the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.Robustness
autovarInvalidDeallocationThe deallocation of an auto-variable results in undefined behaviour. You should only free memory that has been allocated dynamically.Robustness
boostForeachErrorBOOST_FOREACH caches the end() iterator. It’s undefined behavior if you modify the container inside.Robustness
bufferAccessOutOfBoundsBuffer is accessed out of bounds: bufferResource Utilization
coutCerrMisusageInvalid usage of output stream: ‘<< std::cout'.Robustness
deadpointerDead pointer usage. Pointer ‘pointer’ is dead if it has been assigned ‘&x’ at line 0.Robustness
deallocDeallocDeallocating a deallocated pointer: varnameRobustness
deallocretReturning/dereferencing ‘p’ after it is deallocated / releasedRobustness
deallocuseDereferencing ‘varname’ after it is deallocated / releasedRobustness
doubleFreeMemory pointed to by ‘varname’ is freed twice.Resource Utilization
eraseDereferenceThe iterator ‘iter’ is invalid before being assigned. Dereferencing or comparing it with another iterator is invalid operation.Robustness
floatConversionOverflowUndefined behaviour: float (1e+100) conversion overflow.Resource Utilization
insecureCmdLineArgsBuffer overrun possible for long command line arguments.Resource Utilization
integerOverflowSigned integer overflow for expression ”.Resource Utilization
invalidFunctionArgInvalid func_name() argument nr 1Understandability
invalidFunctionArgBoolInvalid func_name() argument nr 1. A non-boolean value is required.Understandability
invalidIterator1Invalid iterator: iteratorUnderstandability
invalidIterator2After push_back|push_front|insert() the iterator ‘iterator’ may be invalid.Understandability
invalidPointerInvalid pointer ‘pointer’ after push_back().Understandability
invalidScanfFormatWidthWidth 5 given in format string (no. 10) is larger than destination buffer ‘[0]’ use %-1s to prevent overflowing it.Resource Utilization
IOWithoutPositioningRead and write operations without a call to a positioning function (fseek fsetpos or rewind) or fflush in between result in undefined behaviour.Resource Utilization
iteratorsSame iterator is used with different containers ‘container1’ and ‘container2’.Resource Utilization
leakNoVarFunctionCallAllocation with funcName funcName doesn’t release it.Resource Utilization
leakReturnValNotUsedReturn value of allocation function ‘funcName’ is not stored.Maintainability
mallocOnClassErrorMemory for class instance allocated with malloc() but class a std::string. This is unsafe since no constructor is called and class members remain uninitialized. Consider using ‘new’ instead.Resource Utilization
memleakMemory leak: varnameResource Utilization
memleakOnReallocCommon realloc mistake: ‘varname’ nulled but not freed upon failureResource Utilization
memsetClassUsing ‘memfunc’ on class that contains a classname is unsafe because constructor destructor and copy operator calls are omitted. These are necessary for this non-POD type to ensure that a valid object is created.Resource Utilization
memsetClassReferenceUsing ‘memfunc’ on class that contains a reference.Resource Utilization
mismatchAllocDeallocMismatching allocation and deallocation: varnameResource Utilization
mismatchingContainersIterators of different containers are used together.Robustness
mismatchSizeThe allocated size sz is not a multiple of the underlying type’s size.Resource Utilization
negativeArraySizeDeclaration of array ” with negative size is undefined behaviourMaintainability
negativeIndexArray index -1 is out of bounds.Maintainability
negativeMemoryAllocationSizeMemory allocation size is negative.Negative allocation size has no specified behaviour.Resource Utilization
nullPointerNull pointer dereferenceRobustness
nullPointerArithmeticOverflow in pointer arithmetic NULL pointer is subtracted.Robustness
operatorEqMissingReturnStatementNo ‘return’ statement in non-void function causes undefined behavior.Robustness
outOfBoundsindex is out of bounds: Supplied size 2 is larger than actual size 1.Robustness
pointerArithBoolConverting pointer arithmetic result to bool. The boolean result is always true unless there is pointer arithmetic overflow and overflow is undefined behaviour. Probably a dereference is forgotten.Maintainability
preprocessorErrorDirective#error messageUnderstandability
raceAfterInterlockedDecrementRace condition: non-interlocked access after InterlockedDecrement(). Use InterlockedDecrement() return value instead.Robustness
readWriteOnlyFileRead operation on a file that was opened only for writing.Maintainability
resourceLeakResource leak: varnameResource Utilization
returnAddressOfAutoVariableAddress of an auto-variable returned.Robustness
returnAddressOfFunctionParameterAddress of the function parameter ‘parameter’ becomes invalid after the function exits because function parameters are stored on the stack which is freed when the function exits. Thus the returned value is invalid.Robustness
returnLocalVariablePointer to local array variable returned.Robustness
returnReferenceReference to auto variable returned.Robustness
returnTempReferenceReference to temporary returned.Robustness
selfInitializationMember variable ‘var’ is initialized by itself.Robustness
shiftNegativeShifting by a negative value is undefined behaviourRobustness
shiftTooManyBitsShifting 32-bit value by 64 bits is undefined behaviourRobustness
shiftTooManyBitsSignedShifting signed 32-bit value by 31 bits is undefined behaviourRobustness
sprintfOverlappingDataThe variable ‘varname’ is used both as a parameter and as destination in s[n]printf(). The origin and destination buffers overlap. Quote from glibc (C-library) documentation (http://www.gnu.org/software/libc/manual/html_mono/libc.html#Formatted-Output-Functions): If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf() the results are undefined.””Robustness
stlBoundariesIterator compared with operator<. This is dangerous since the order of items in the container is not guaranteed. One should use operator!= instead to compare iterators.Robustness
stlcstrDangerous usage of c_str(). The c_str() return value is only valid until its string is deleted.Robustness
stlOutOfBoundsWhen i==foo.size() foo[i] is out of bounds.Robustness
stringLiteralWriteModifying string literal directly or indirectly is undefined behaviour.Robustness
strPlusCharUnusual pointer arithmetic. A value of type ‘char’ is added to a string literal.Robustness
throwInNoexceptFunctionException thrown in function declared not to throw exceptions.Understandability
uninitdataMemory is allocated but not initialized: varnameResource Utilization
uninitstringDangerous usage of ‘varname’ (strncpy doesn’t always null-terminate it).Robustness
uninitStructMemberUninitialized struct member: a.bRobustness
uninitvarUninitialized variable: varnameRobustness
unknownEvaluationOrderExpression ‘x = x++;’ depends on order of evaluation of side effectsRobustness
useAutoPointerArrayObject pointed by an ‘auto_ptr’ is destroyed using operator ‘delete’. This means that you should only use ‘auto_ptr’ for pointers obtained with operator ‘new’. This excludes arrays which are allocated by operator ‘new[]’ and must be deallocated by operator ‘delete[]’.Robustness
useAutoPointerContainerAn element of container must be able to be copied but ‘auto_ptr’ does not fulfill this requirement. You should consider to use ‘shared_ptr’ or ‘unique_ptr’. It is suitable for use in containers because they no longer copy their values they move them.Robustness
useAutoPointerMallocObject pointed by an ‘auto_ptr’ is destroyed using operator ‘delete’. You should not use ‘auto_ptr’ for pointers obtained with function ‘malloc’. This means that you should only use ‘auto_ptr’ for pointers obtained with operator ‘new’. This excludes use C library allocation functions (for example ‘malloc’) which must be deallocated by the appropriate C library function.Robustness
useClosedFileUsed file that is not opened.Robustness
va_end_missingva_list ‘vl’ was opened but not closed by va_end().Resource Utilization
va_list_usedBeforeStartedva_list ‘vl’ used before va_start() was called.Maintainability
va_start_referencePassedUsing reference ‘arg1’ as parameter for va_start() results in undefined behaviour.Robustness
va_start_subsequentCallsva_start() or va_copy() called subsequently on ‘vl’ without va_end() in between.Maintainability
virtualDestructorClass ‘Base’ which is inherited by class ‘Derived’ does not have a virtual destructor. If you destroy instances of the derived class by deleting a pointer that points to the base class only the destructor of the base class is executed. Thus dynamic memory that is managed by the derived class could leak. This can be avoided by adding a virtual destructor to the base class.Resource Utilization
writeReadOnlyFileWrite operation on a file that was opened only for reading.Robustness
wrongPipeParameterSizeThe pipe()/pipe2() system command takes an argument which is an array of exactly two integers.12The variable ‘varname’ is an array of size dimension which does not match.Maintainability
wrongPrintfScanfArgNumprintf format string requires 3 parameters but only 2 are given.Maintainability
zerodivDivision by zero.Robustness