accessForwardedAccess of forwarded variable v.Robustness
accessMovedAccess of moved variable v.Robustness
argumentSizeThe array ‘array’ is too small the function ‘function’ expects a bigger one.Maintainability
arrayIndexOutOfBoundsCondArray ‘x[10]’ accessed at index 20 which is out of bounds. Otherwise condition ‘y==20’ is redundant.Robustness
assertWithSideEffectNon-pure function: ‘function’ is called inside assert statement. Assert statements are removed from release builds so the code inside assert statement is not executed. If the code is needed also in release builds this is a bug.Robustness
assignmentInAssertVariable ‘var’ is modified insert assert statement. Assert statements are removed from release builds so the code inside assert statement is not executed. If the code is needed also in release builds this is a bug.Robustness
badBitmaskCheckResult of operator ‘|’ is always true if one operand is non-zero. Did you intend to use ‘&’?Accuracy
bufferNotZeroTerminatedThe buffer ‘buffer’ is not null-terminated after the call to strncpy(). This will cause bugs later in the code if the code assumes the buffer is null-terminated.Robustness
charBitOpWhen using ‘char’ variables in bit operations sign extension can generate unexpected results. For example:12 char c = 0x80;12 int i = 0 | c;12 if (i & 0x8000)12 printf(not expected”)Robustness
charLiteralWithCharPtrCompareChar literal compared with pointer ‘foo’. Did you intend to dereference it?Accuracy
checkCastIntToCharAndBackWhen saving func_name() return value in char variable there is loss of precision. When func_name() returns EOF this value is truncated. Comparing the char variable with EOF can have unexpected results. For instance a loop while (EOF != (c = func_name())Robustness
clarifyStatementA statement like ‘*A++;’ might not do what you intended. Postfix ‘operator++’ is executed before ‘operator*’. Thus the dereference is meaningless. Did you intend to write ‘(*A)++;’?Robustness
compareBoolExpressionWithIntComparison of a boolean expression with an integer other than 0 or 1.Accuracy
comparisonFunctionIsAlwaysTrueOrFalseThe function isless is designed to compare two variables. Calling this function with one variable (varName) for both parameters leads to a statement which is always false.Accuracy
constStatementRedundant code: Found a statement that begins with type constant.Maintainability
copyCtorAndEqOperatorThe class ‘class’ has ‘operator=’ but lack of ‘copy constructor’.Maintainability
derefInvalidIteratorMake sure to check that the iterator is valid before dereferencing it – not after.Maintainability
divideSizeofDivision of result of sizeof() on pointer type. sizeof() returns the size of the pointer not the size of the memory area it points to.Robustness
duplInheritedMemberThe class ‘class’ defines member variable with name ‘variable’ also defined in its parent class ‘class’.Understandability
exceptDeallocThrowException thrown in invalid state ‘p’ points at deallocated memory.Robustness
exceptThrowInDestructorThe class Class is not safe because its destructor throws an exception. If Class is used and an exception is thrown that is caught in an outer scope the program will terminate.Robustness
funcArgOrderDifferentFunction ‘function’ argument order different: declaration ” definition ”Accuracy
ignoredReturnValueReturn value of function malloc() is not used.Maintainability
incompleteArrayFillThe array ‘buffer’ is filled incompletely. The function ‘memset()’ needs the size given in bytes but an element of the given array is larger than one byte. Did you forget to multiply the size with ‘sizeof(*buffer)’?Resource Utilization
incorrectLogicOperatorLogical disjunction always evaluates to true: foo > 3 && foo < 4. Are these conditions necessary? Did you intend to use && instead? Are the numbers correct? Are you comparing the correct variables?Understandability
incorrectStringBooleanErrorConversion of string literal Hello World” to bool always evaluates to true.”Understandability
incorrectStringCompareString literal Hello World” doesn’t match length argument for substr().”Understandability
invalidLengthModifierError‘I’ in format string (no. 1) is a length modifier and cannot be used without a conversion specifier.Understandability
invalidPrintfArgType_float%f in format string (no. 1) requires ‘double’ but the argument type is Unknown.Maintainability
invalidPrintfArgType_int%X in format string (no. 1) requires ‘unsigned int’ but the argument type is Unknown.Maintainability
invalidPrintfArgType_n%n in format string (no. 1) requires ‘int *’ but the argument type is Unknown.Maintainability
invalidPrintfArgType_p%p in format string (no. 1) requires an address but the argument type is Unknown.Maintainability
invalidPrintfArgType_s%s in format string (no. 1) requires ‘char *’ but the argument type is Unknown.Maintainability
invalidPrintfArgType_sint%i in format string (no. 1) requires ‘int’ but the argument type is Unknown.Maintainability
invalidPrintfArgType_uint%u in format string (no. 1) requires ‘unsigned int’ but the argument type is Unknown.Maintainability
invalidscanfscanf() without field width limits can crash with huge input data. Add a field width specifier to fix this problem.1212Sample program that can crash:1212#include 12int main()12{12 char c[5];12 scanf(%s” c)Robustness
invalidScanfArgType_float%f in format string (no. 1) requires ‘float *’ but the argument type is Unknown.Maintainability
invalidScanfArgType_int%d in format string (no. 1) requires ‘int *’ but the argument type is Unknown.Maintainability
invalidScanfArgType_s%s in format string (no. 1) requires a ‘char *’ but the argument type is Unknown.Maintainability
invalidTestForOverflowInvalid test for overflow ‘x + u < x'. Condition is always false unless there is overflow and overflow is UB.Accuracy
leakUnsafeArgAllocUnsafe allocation. If funcName() throws memory could be leaked. Use make_shared() instead.Resource Utilization
literalWithCharPtrCompareString literal compared with variable ‘foo’. Did you intend to use strcmp() instead?Robustness
mallocOnClassWarningMemory for class instance allocated with malloc() but class provides constructors. This is unsafe since no constructor is called and class members remain uninitialized. Consider using ‘new’ instead.Resource Utilization
memsetValueOutOfRangeThe 2nd memset() argument ‘varname’ doesn’t fit into an ‘unsigned char’. The 2nd parameter is passed as an ‘int’ but the function fills the block of memory using the ‘unsigned char’ conversion of this value.Resource Utilization
memsetZeroBytesmemset() called to fill 0 bytes. The second and third arguments might be inverted. The function memset ( void * ptr int value size_t num ) sets the first num bytes of the block of memory pointed by ptr to the specified value.Resource Utilization
moduloAlwaysTrueFalseComparison of modulo result is predetermined because it is always less than 1.Understandability
multiplySizeofMultiplying sizeof() with sizeof() indicates a logic error.Understandability
nullPointerDefaultArgPossible null pointer dereference if the default parameter value is used: pointerRobustness
nullPointerRedundantCheckEither the condition is redundant or there is possible null pointer dereference: pointer.Robustness
operatorEqToSelfoperator=’ should check for assignment to self to ensure that each block of dynamically allocated memory is owned and managed by only one instance of the class.Robustness
operatorEqVarErrorMember variable ‘classname::’ is not assigned a value in ‘classname::operator=’.Robustness
oppositeInnerConditionOpposite conditions in nested ‘if’ blocks lead to a dead code block.Maintainability
pointerSizeSize of pointer ‘varname’ used instead of size of its data. This is likely to lead to a buffer overflow. You probably intend to write ‘sizeof(*varname)’.Robustness
possibleBufferAccessOutOfBoundsPossible buffer overflow if strlen(source) is larger than or equal to sizeof(destination). The source buffer is larger than the destination buffer so there is the potential for overflowing the destination buffer.Robustness
publicAllocationErrorPossible leak in public function. The pointer ‘varname’ is not deallocated before it is allocated.Resource Utilization
redundantAssignInSwitchVariable ‘var’ is reassigned a value before the old one has been used. ‘break;’ missing?Maintainability
redundantCopyInSwitchBuffer ‘var’ is being written before its old content has been used. ‘break;’ missing?Maintainability
seekOnAppendedFileRepositioning operation performed on a file opened in append mode has no effect.Maintainability
selfAssignmentRedundant assignment of ‘varname’ to itself.Maintainability
signConversionSuspicious code: sign conversion of var in calculation even though var can have a negative valueAccuracy
signedCharArrayIndexSigned ‘char’ type used as array index. If the value can be greater than 127 there will be a buffer underflow because of sign extension.Robustness
sizeArgumentAsCharThe size argument is given as a char constant.Maintainability
sizeofCalculationFound calculation inside sizeof().Understandability
sizeofDivisionMemfuncDivision by result of sizeof(). memset() expects a size in bytes did you intend to multiply instead?Accuracy
sizeofsizeofCalling sizeof for ‘sizeof looks like a suspicious code and most likely there should be just one ‘sizeof’. The current code is equivalent to ‘sizeof(size_t)’Maintainability
sizeofwithnumericparameterIt is unusual to use a constant value with sizeof. For example ‘sizeof(10)’ returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 10. ‘sizeof(‘A’)’ and ‘sizeof(char)’ can return different results.Robustness
sizeofwithsilentarraypointerUsing ‘sizeof’ for array given as function argument returns the size of a pointer. It does not return the size of the whole array in bytes as might be expected. For example this code:12 int f(char a[100]) {12 return sizeof(a);12 }12returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 100 (the size of the array in bytes).Accuracy
staticStringCompareThe compared strings ‘str1’ and ‘str2’ are always unequal. Therefore the comparison is unnecessary and looks suspicious.Understandability
stlIfFindSuspicious condition. The result of find() is an iterator but it is not properly checked.Robustness
StlMissingComparisonThe iterator incrementing is suspicious – it is incremented at line and then at line . The loop might unintentionally skip an element in the container. There is no comparison between these increments to prevent that the iterator is incremented beyond the end.Robustness
stringCompareThe compared strings ‘varname1’ and ‘varname2’ are identical. This could be a logic bug.Maintainability
strncatUsageAt most strncat appends the 3rd parameter’s amount of characters and adds a terminating null byte.12The safe way to use strncat is to subtract one from the remaining space in the buffer and use it as 3rd parameter.Source:
suspiciousCaseUsing an operator like ‘||’ in a case label is suspicious. Did you intend to use a bitwise operator multiple case labels or if/else instead?Accuracy
suspiciousEqualityComparisonFound suspicious equality comparison. Did you intend to assign a value instead?Accuracy
suspiciousSemicolonSuspicious use of ; at the end of ” statement.Accuracy
terminateStrncpyIf the source string’s size fits or exceeds the given size strncpy() does not add a zero at the end of the buffer. This causes bugs later in the code if the code assumes buffer is null-terminated.Robustness
thisSubtractionSuspicious pointer subtraction. Did you intend to write ‘->’?Accuracy
uninitMemberVarMember variable ‘classname::varname’ is not initialized in the constructor.Robustness
unusedLabelSwitchLabel ” is not used. Should this be a ‘case’ of the enclosing switch()?Understandability
useAutoPointerCopystd::auto_ptr’ has semantics of strict ownership meaning that the ‘auto_ptr’ instance is the sole entity responsible for the object’s lifetime. If an ‘auto_ptr’ is copied the source looses the reference.Robustness
uselessAssignmentPtrArgAssignment of function parameter has no effect outside the function. Did you forget dereferencing it?Accuracy
uselessCallsComparestd::string::find()’ returns zero when given itself as parameter (str.find(str)). As it is currently the code is inefficient. It is possible either the string searched (‘str’) or searched for (‘str’) is wrong.Efficiency
uselessCallsEmptyIneffective call of function ’empty()’. Did you intend to call ‘clear()’ instead?Resource Utilization
uselessCallsRemoveThe return value of std::remove() is ignored. This function returns an iterator to the end of the range containing those elements that should be kept. Elements past new end remain valid but with unspecified values. Use the erase method of the container to delete them.Resource Utilization
va_start_wrongParameter‘arg1’ given to va_start() is not last named argument of the function. Did you intend to pass ‘arg2’?Accuracy
wrongmathcallPassing value ‘#’ to #() leads to implementation-defined result.Understandability
wrongPrintfScanfParameterPositionErrorprintf: referencing parameter 2 while 1 arguments givenUnderstandability
zerodivcondEither the condition is redundant or there is division by zero at line 0.Robustness